diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c index ad8c5d2ffce..b449941e2fd 100644 --- a/fuzz/fuzz_alg_crc32_md5.c +++ b/fuzz/fuzz_alg_crc32_md5.c @@ -2,11 +2,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { u_char hash[16]; + struct ndpi_popcount popcount; /* No memory allocations involved */ + /* Used for crc32, md5 and popcount algs */ + ndpi_crc32(data, size); ndpi_md5(data, size, hash); + ndpi_popcount_init(&popcount); + ndpi_popcount_count(&popcount, data, size); + return 0; } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 653510e82a6..121c3f7f853 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1843,6 +1843,13 @@ extern "C" { /* ******************************* */ + /* PopCount [count how many bits are set to 1] */ + + int ndpi_popcount_init(struct ndpi_popcount *h); + void ndpi_popcount_count(struct ndpi_popcount *h, const u_int8_t *buf, u_int32_t buf_len); + + /* ******************************* */ + int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int16_t num_bins); void ndpi_free_bin(struct ndpi_bin *b); struct ndpi_bin* ndpi_clone_bin(struct ndpi_bin *b); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9844e7400b8..3d15517fcba 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -145,7 +145,8 @@ typedef enum { NDPI_HTTP_OBSOLETE_SERVER, NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */ NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */ - NDPI_TCP_ISSUES, /* TCP issues such as connection failed, probing or scan */ + NDPI_TCP_ISSUES, /* 50 */ /* TCP issues such as connection failed, probing or scan */ + NDPI_FULLY_ENCRYPTED, /* This (unknown) session is fully encrypted */ /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 63 due to (**) */ @@ -1323,6 +1324,7 @@ struct ndpi_detection_module_struct { u_int32_t aggressiveness_ookla; int tcp_ack_paylod_heuristic; + int fully_encrypted_based_on_first_pkt_heuristic; u_int16_t ndpi_to_user_proto_id[NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; /* custom protocolId mapping */ ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -1379,7 +1381,8 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_protocol_id_by_ip, guessed_category, guessed_header_category; u_int8_t l4_proto, protocol_id_already_guessed:1, fail_with_unknown:1, - init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, _pad1: 2; + init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, _pad1: 1; + u_int16_t num_dissector_calls; ndpi_confidence_t confidence; /* ndpi_confidence_t */ @@ -1753,6 +1756,11 @@ typedef enum { ndpi_dont_load_crawlers_list = (1 << 18), ndpi_dont_load_protonvpn_list = (1 << 19), ndpi_dont_load_gambling_list = (1 << 20), + /* Heuristic to detect fully encrypted sessions, i.e. flows where every bytes of + the payload is encrypted in an attempt to “look like nothing”. + This heuristic only analyzes the first packet of the flow. + See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf */ + ndpi_disable_fully_encrypted_heuristic = (1 << 21), } ndpi_prefs; typedef struct { @@ -1912,6 +1920,11 @@ struct ndpi_cm_sketch { u_int32_t *tables; }; +struct ndpi_popcount { + u_int64_t pop_count; /* Number of bits set to 1 found so far */ + u_int64_t tot_bytes_count; /* Total number of bytes processed so far */ +}; + /* **************************************** */ enum ndpi_bin_family { diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index 721ba48a455..2ad8602aad0 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -78,4 +78,9 @@ typedef unsigned __int64 u_int64_t; /* https://stackoverflow.com/questions/7993050/multiplatform-atomic-increment */ #define __sync_fetch_and_add(a,b) InterlockedExchangeAdd ((a), b) +#if defined(WIN32) || defined(WIN64) +#include +#define __builtin_popcount __popcnt +#endif + #endif /* __NDPI_WIN32_H__ */ diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index f7f9784b6a0..17f75502664 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -1831,3 +1831,42 @@ void ndpi_cm_sketch_destroy(struct ndpi_cm_sketch *sketch) { ndpi_free(sketch->tables); ndpi_free(sketch); } + +/* ********************************************************************************* */ +/* ********************************************************************************* */ + +/* Popcount, short for "population count," is a computer programming term that refers to + the number of set bits (bits with a value of 1) in a binary representation of a given + data word or integer. In other words, it is the count of all the 1s present in the + binary representation of a number. + For example, consider the number 45, which is represented in binary as 101101. + The popcount of 45 would be 4 because there are four 1s in its binary representation. +*/ + +int ndpi_popcount_init(struct ndpi_popcount *h) +{ + if(h) { + memset(h, '\0', sizeof(*h)); + return 0; + } + return -1; +} + +/* ********************************************************************************* */ + +void ndpi_popcount_count(struct ndpi_popcount *h, const u_int8_t *buf, u_int32_t buf_len) +{ + u_int32_t i; + + if(!h) + return; + + /* Trivial alg. TODO: there are lots of better, more performant algorithms */ + + for(i = 0; i < buf_len / 4; i++) + h->pop_count += __builtin_popcount(*(u_int32_t *)(buf + i * 4)); + for(i = 0; i < buf_len % 4; i++) + h->pop_count += __builtin_popcount(buf[buf_len - (buf_len % 4) + i]); + + h->tot_bytes_count += buf_len; +} diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dcb66cfdee4..ac5371dfe1c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -186,6 +186,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_PERIODIC_FLOW, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_MINOR_ISSUES, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE }, { NDPI_TCP_ISSUES, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, + { NDPI_FULLY_ENCRYPTED, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, /* Leave this as last member */ { NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY } @@ -3062,6 +3063,9 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs if(prefs & ndpi_enable_tcp_ack_payload_heuristic) ndpi_str->tcp_ack_paylod_heuristic = 1; + if(!(prefs & ndpi_disable_fully_encrypted_heuristic)) + ndpi_str->fully_encrypted_based_on_first_pkt_heuristic = 1; + for(i = 0; i < NUM_CUSTOM_CATEGORIES; i++) ndpi_snprintf(ndpi_str->custom_category_labels[i], CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u", (unsigned int) (i + 1)); @@ -5655,6 +5659,60 @@ static u_int8_t ndpi_is_multi_or_broadcast(struct ndpi_packet_struct *packet) { /* ************************************************ */ +static int fully_enc_heuristic(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &ndpi_str->packet; + struct ndpi_popcount popcount; + float ratio; + unsigned int i, len, cnt, cnt_consecutives = 0; + + if(flow->l4_proto == IPPROTO_TCP && + ndpi_seen_flow_beginning(flow)) { + /* See original paper, Algorithm 1, for the reference numbers */ + + /* Ex1 */ + ndpi_popcount_init(&popcount); + ndpi_popcount_count(&popcount, packet->payload, packet->payload_packet_len); + ratio = (float)popcount.pop_count / (float)popcount.tot_bytes_count; + if(ratio <= 3.4 || ratio >= 4.6) { + return 0; + } + + /* Ex2 */ + len = ndpi_min(6, packet->payload_packet_len); + cnt = 0; + for(i = 0; i < len; i++) { + if(ndpi_isprint(packet->payload[i])) + cnt += 1; + } + if(cnt == len) { + return 0; + } + + /* Ex3 */ + cnt = 0; + for(i = 0; i < packet->payload_packet_len; i++) { + if(ndpi_isprint(packet->payload[i])) { + cnt += 1; + cnt_consecutives += 1; + if(cnt_consecutives >= 20) { /* Ex4 */ + return 0;; + } + } else { + cnt_consecutives = 0; + } + } + if((float)cnt / packet->payload_packet_len > 0.5) { + return 0; + } + + return 1; + } + return 0; +} + +/* ************************************************ */ + static int tcp_ack_padding(struct ndpi_packet_struct *packet) { const struct ndpi_tcphdr *tcph = packet->tcp; if(tcph && tcph->ack && !tcph->psh && @@ -6553,6 +6611,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.app_protocol = flow->detected_protocol_stack[0]; } + /* TODO: not sure about the best "order" among fully encrypted logic, classification by-port and classification by-ip...*/ + if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + flow->first_pkt_fully_encrypted == 1) { + ndpi_set_risk(ndpi_str, flow, NDPI_FULLY_ENCRYPTED, NULL); + } + /* Classification by-port */ if(enable_guess && ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) { @@ -7229,6 +7293,12 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio && (flow->l4_proto == IPPROTO_TCP)) ndpi_add_connection_as_zoom(ndpi_str, flow); + if(ndpi_str->fully_encrypted_based_on_first_pkt_heuristic && + ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && /* Only for unknown traffic */ + flow->packet_counter == 1 && packet->payload_packet_len > 0) { + flow->first_pkt_fully_encrypted = fully_enc_heuristic(ndpi_str, flow); + } + return(ret); } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 5f334081b5f..35c0410e2a4 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2045,6 +2045,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_TCP_ISSUES: return("TCP Connection Issues"); + case NDPI_FULLY_ENCRYPTED: + return("Fully encrypted flow"); + default: ndpi_snprintf(buf, sizeof(buf), "%d", (int)risk); return(buf); diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out index cafd1166d5f..a2909f442d7 100644 --- a/tests/cfgs/caches_cfg/result/ookla.pcap.out +++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out @@ -17,7 +17,7 @@ Automa domain: 3/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 4/4 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 11/1 (search/found) @@ -33,6 +33,6 @@ JA3 Host Stats: 1 TCP 192.168.1.128:35830 <-> 89.96.108.170:8080 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/21216 bytes <-> 8 pkts/1950 bytes][Goodput ratio: 93/72][0.32 sec][Hostname/SNI: spd-pub-mi-01-01.fastwebnet.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.832 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/61 274/280 62/109][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1010/244 1514/387 612/138][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TLSv1.3][JA3C: c279b0189edb9269da7bc43dea5e0c36][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,4,0,0,0,0,4,9,0,9,0,0,0,0,0,4,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0] 2 TCP 192.168.1.128:48854 <-> 104.16.209.12:443 [proto: 91.191/TLS.Ookla][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][8 pkts/1620 bytes <-> 6 pkts/3818 bytes][Goodput ratio: 67/89][0.06 sec][Hostname/SNI: www.speedtest.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.404 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 18/15 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 202/636 583/1514 181/646][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (@oTAgOeedtest.net)][Plen Bins: 0,0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] 3 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][12 pkts/2238 bytes <-> 8 pkts/2082 bytes][Goodput ratio: 64/74][5.33 sec][Hostname/SNI: massarosa-1.speedtest.welcomeitalia.it][bytes ratio: 0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 528/47 5005/84 1493/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/260 430/523 168/194][URL: massarosa-1.speedtest.welcomeitalia.it/crossdomain.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache/2.2.22 (Ubuntu)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.22][PLAIN TEXT (GET /crossdomain.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,12,75,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.192:51156 <-> 89.96.108.170:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 10][cat: Web/5][6 pkts/591 bytes <-> 4 pkts/1784 bytes][Goodput ratio: 32/85][0.05 sec][bytes ratio: -0.502 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/10 15/20 6/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/446 143/1514 31/617][PLAIN TEXT (gKRZvA)][Plen Bins: 0,40,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 4 TCP 192.168.1.192:51156 <-> 89.96.108.170:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 10][cat: Web/5][6 pkts/591 bytes <-> 4 pkts/1784 bytes][Goodput ratio: 32/85][0.05 sec][bytes ratio: -0.502 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/10 15/20 6/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/446 143/1514 31/617][Risk: ** Fully encrypted flow **][Risk Score: 50][PLAIN TEXT (gKRZvA)][Plen Bins: 0,40,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 5 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][19 pkts/1421 bytes <-> 11 pkts/920 bytes][Goodput ratio: 11/20][0.80 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/0 44/75 103/137 23/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/84 85/100 9/8][PLAIN TEXT ( 6HELLO 2.4 2016)][Plen Bins: 94,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.1.192:37790 <-> 185.157.229.246:8080 [proto: 191/Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/454 bytes <-> 4 pkts/317 bytes][Goodput ratio: 11/14][0.06 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/5 46/9 17/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/79 106/108 14/17][PLAIN TEXT (HELLO 2.9 )][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/pcap/shadowsocks.pcap b/tests/cfgs/default/pcap/shadowsocks.pcap new file mode 100644 index 00000000000..c86c8436a80 Binary files /dev/null and b/tests/cfgs/default/pcap/shadowsocks.pcap differ diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index 57f41fe0c12..9217eae47c9 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -19,7 +19,7 @@ Automa domain: 45/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 18/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 58/0 (search/found) +Patricia risk mask: 60/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 63/15 (search/found) @@ -43,7 +43,7 @@ JA3 Host Stats: 5 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 13][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][Goodput ratio: 66/85][0.86 sec][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/71 489/365 131/103][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167/389 899/1336 222/491][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 15,15,0,15,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0] 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 9][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][Goodput ratio: 57/79][28.98 sec][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2050/118 26937/448 6904/127][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 133/265 578/1336 134/439][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 31,12,6,6,6,6,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0] 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 13][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][Goodput ratio: 63/84][11.34 sec][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/74 10357/172 3082/62][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 157/364 429/1336 152/451][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 250][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][ServerNames: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,16,0,0,0,8,8,0,0,0,16,25,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0] - 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **][Risk Score: 150][Risk Info: TLSv1][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Goodput ratio: 38/45][21.97 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 115/102 264/210 106/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/104 243/339 73/105][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/Oscar.pcap.out b/tests/cfgs/default/result/Oscar.pcap.out index 806da8de68a..dfcf6902f94 100644 --- a/tests/cfgs/default/result/Oscar.pcap.out +++ b/tests/cfgs/default/result/Oscar.pcap.out @@ -16,10 +16,10 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) TLS 71 9386 1 - 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mongo_false_positive.pcapng.out b/tests/cfgs/default/result/mongo_false_positive.pcapng.out index 553556dc9e8..5618dfea7e5 100644 --- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out +++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out @@ -16,10 +16,10 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) TLS 26 12163 1 - 1 TCP 188.75.184.20:49542 <-> 251.182.120.32:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 14][cat: Web/5][13 pkts/9962 bytes <-> 13 pkts/2201 bytes][Goodput ratio: 93/67][84.45 sec][bytes ratio: 0.638 (Upload)][IAT c2s/s2c min/avg/max/stddev: 186/186 7406/5844 21467/15787 7157/5701][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 766/169 1328/189 433/46][Plen Bins: 0,0,0,0,51,0,0,0,0,9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,9,9,0,0,0,4,0,0,4,0,4,0,0,0,0,0,0,0,0] + 1 TCP 188.75.184.20:49542 <-> 251.182.120.32:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 14][cat: Web/5][13 pkts/9962 bytes <-> 13 pkts/2201 bytes][Goodput ratio: 93/67][84.45 sec][bytes ratio: 0.638 (Upload)][IAT c2s/s2c min/avg/max/stddev: 186/186 7406/5844 21467/15787 7157/5701][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 766/169 1328/189 433/46][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,0,51,0,0,0,0,9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,9,9,0,0,0,4,0,0,4,0,4,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/shadowsocks.pcap.out b/tests/cfgs/default/result/shadowsocks.pcap.out new file mode 100644 index 00000000000..2aa43a68475 --- /dev/null +++ b/tests/cfgs/default/result/shadowsocks.pcap.out @@ -0,0 +1,31 @@ +Guessed flow protos: 1 + +DPI Packets (TCP): 21 (10.50 pkts/flow) +Confidence Unknown : 1 (flows) +Confidence DPI : 1 (flows) +Num dissector calls: 316 (158.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/1/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) + +Unknown 15 68444 1 +SOCKS 29 69355 1 + + 1 TCP 127.0.0.1:37904 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1160 bytes <-> 13 pkts/68195 bytes][Goodput ratio: 8/99][1.49 sec][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/160 659/660 191/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/5246 148/16450 20/7185][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41] + + +Undetected flows: + 1 TCP 127.0.0.1:44276 <-> 127.0.0.1:8388 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][8 pkts/641 bytes <-> 7 pkts/67803 bytes][Goodput ratio: 16/99][0.83 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/163 103/165 334/334 122/118][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/9686 171/18151 34/8394][Risk: ** Fully encrypted flow **][Risk Score: 50][PLAIN TEXT (EBjATMT)][Plen Bins: 0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80] diff --git a/tests/cfgs/default/result/skype.pcap.out b/tests/cfgs/default/result/skype.pcap.out index 6f37c5753f1..9c1a4589903 100644 --- a/tests/cfgs/default/result/skype.pcap.out +++ b/tests/cfgs/default/result/skype.pcap.out @@ -282,62 +282,62 @@ JA3 Host Stats: Undetected flows: - 1 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 26][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][Goodput ratio: 75/85][96.43 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/357 8300/8646 1136/1099][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/433 1506/1506 343/569][PLAIN TEXT ( 0sKWL)][Plen Bins: 23,10,3,3,8,3,1,0,1,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,19,0,0] - 2 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][62 pkts/6941 bytes <-> 38 pkts/5325 bytes][Goodput ratio: 41/53][93.11 sec][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1594/2643 30032/29763 5977/7489][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/140 820/1249 115/201][Plen Bins: 48,30,5,3,0,5,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][24 pkts/3136 bytes <-> 19 pkts/2618 bytes][Goodput ratio: 49/52][40.10 sec][bytes ratio: 0.090 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 721/974 9065/8704 2022/2286][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 131/138 843/1090 185/226][Plen Bins: 47,26,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][24 pkts/3101 bytes <-> 16 pkts/2508 bytes][Goodput ratio: 49/58][36.07 sec][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/60 1721/2873 24826/24826 5468/6805][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 129/157 819/1190 181/267][Plen Bins: 50,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][16 pkts/4788 bytes <-> 4 pkts/372 bytes][Goodput ratio: 78/28][32.96 sec][bytes ratio: 0.856 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2304/22 5155/43 2241/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 299/93 398/172 147/46][Plen Bins: 7,7,0,7,0,0,0,0,0,0,78,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][19 pkts/2797 bytes <-> 13 pkts/2175 bytes][Goodput ratio: 55/60][36.29 sec][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/74 378/470 2988/3022 731/853][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/167 842/1090 205/268][Plen Bins: 37,31,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 26][231 pkts/60232 bytes <-> 241 pkts/104395 bytes][Goodput ratio: 75/85][96.43 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/357 8300/8646 1136/1099][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/433 1506/1506 343/569][Risk: ** Fully encrypted flow **][Risk Score: 50][PLAIN TEXT ( 0sKWL)][Plen Bins: 23,10,3,3,8,3,1,0,1,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,19,0,0] + 2 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][62 pkts/6941 bytes <-> 38 pkts/5325 bytes][Goodput ratio: 41/53][93.11 sec][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1594/2643 30032/29763 5977/7489][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112/140 820/1249 115/201][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 48,30,5,3,0,5,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][24 pkts/3136 bytes <-> 19 pkts/2618 bytes][Goodput ratio: 49/52][40.10 sec][bytes ratio: 0.090 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 721/974 9065/8704 2022/2286][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 131/138 843/1090 185/226][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 47,26,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][24 pkts/3101 bytes <-> 16 pkts/2508 bytes][Goodput ratio: 49/58][36.07 sec][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/60 1721/2873 24826/24826 5468/6805][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 129/157 819/1190 181/267][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 50,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][16 pkts/4788 bytes <-> 4 pkts/372 bytes][Goodput ratio: 78/28][32.96 sec][bytes ratio: 0.856 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2304/22 5155/43 2241/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 299/93 398/172 147/46][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 7,7,0,7,0,0,0,0,0,0,78,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][19 pkts/2797 bytes <-> 13 pkts/2175 bytes][Goodput ratio: 55/60][36.29 sec][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/74 378/470 2988/3022 731/853][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/167 842/1090 205/268][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 37,31,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 24][18 pkts/2588 bytes <-> 13 pkts/2100 bytes][Goodput ratio: 54/59][39.97 sec][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/110 1005/4378 9427/25654 2420/8144][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/162 843/1090 212/269][Plen Bins: 58,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 23][15 pkts/2395 bytes <-> 8 pkts/1724 bytes][Goodput ratio: 58/69][37.03 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/109 512/723 3406/3423 927/1214][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 160/216 842/1090 228/332][Plen Bins: 40,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 27][16 pkts/1169 bytes <-> 11 pkts/929 bytes][Goodput ratio: 9/21][34.08 sec][bytes ratio: 0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/96 2547/4792 28628/28628 7558/9765][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/84 108/133 13/20][Plen Bins: 54,36,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/1578 bytes <-> 4 pkts/342 bytes][Goodput ratio: 53/22][40.57 sec][bytes ratio: 0.644 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4146/116 16349/231 5604/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 143/86 190/142 56/33][Plen Bins: 11,0,22,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][11 pkts/854 bytes <-> 11 pkts/782 bytes][Goodput ratio: 15/6][71.50 sec][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8918/9683 67479/67479 22167/23595][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/71 105/92 17/9][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][14 pkts/1090 bytes <-> 6 pkts/534 bytes][Goodput ratio: 15/24][12.48 sec][bytes ratio: 0.342 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 987/29 4811/82 1531/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/89 176/154 28/32][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][15 pkts/1138 bytes <-> 4 pkts/372 bytes][Goodput ratio: 14/27][16.65 sec][bytes ratio: 0.507 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1233/32 7022/63 2004/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/93 162/133 24/26][Plen Bins: 72,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1075 bytes <-> 4 pkts/431 bytes][Goodput ratio: 14/36][13.31 sec][bytes ratio: 0.428 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/90 1021/90 5153/90 1645/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/108 161/155 24/37][Plen Bins: 70,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1100 bytes <-> 5 pkts/395 bytes][Goodput ratio: 15/16][27.12 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2192/28 12005/57 3483/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/79 158/129 22/25][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][12 pkts/985 bytes <-> 6 pkts/489 bytes][Goodput ratio: 18/17][24.21 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/87 2050/1327 17165/3721 5060/1483][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/82 134/129 21/22][Plen Bins: 42,42,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1062 bytes <-> 4 pkts/383 bytes][Goodput ratio: 13/28][17.74 sec][bytes ratio: 0.470 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/117 1360/117 7001/117 2231/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/96 148/121 21/24][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1083 bytes <-> 4 pkts/359 bytes][Goodput ratio: 14/26][27.76 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 2230/36 8404/71 2519/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/90 141/159 18/40][Plen Bins: 81,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1020 bytes <-> 4 pkts/421 bytes][Goodput ratio: 16/35][19.16 sec][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1603/66 5463/131 1891/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/105 172/163 28/39][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][13 pkts/1010 bytes <-> 5 pkts/402 bytes][Goodput ratio: 15/16][16.09 sec][bytes ratio: 0.431 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1396/1327 7806/3928 2259/1840][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/80 162/122 25/21][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1040 bytes <-> 4 pkts/362 bytes][Goodput ratio: 11/24][17.59 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/115 1346/115 6890/115 2199/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/90 126/115 16/19][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 23][15 pkts/2395 bytes <-> 8 pkts/1724 bytes][Goodput ratio: 58/69][37.03 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/109 512/723 3406/3423 927/1214][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 160/216 842/1090 228/332][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 40,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 27][16 pkts/1169 bytes <-> 11 pkts/929 bytes][Goodput ratio: 9/21][34.08 sec][bytes ratio: 0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/96 2547/4792 28628/28628 7558/9765][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/84 108/133 13/20][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 54,36,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/1578 bytes <-> 4 pkts/342 bytes][Goodput ratio: 53/22][40.57 sec][bytes ratio: 0.644 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4146/116 16349/231 5604/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 143/86 190/142 56/33][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 11,0,22,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][11 pkts/854 bytes <-> 11 pkts/782 bytes][Goodput ratio: 15/6][71.50 sec][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8918/9683 67479/67479 22167/23595][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/71 105/92 17/9][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][14 pkts/1090 bytes <-> 6 pkts/534 bytes][Goodput ratio: 15/24][12.48 sec][bytes ratio: 0.342 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 987/29 4811/82 1531/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/89 176/154 28/32][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][15 pkts/1138 bytes <-> 4 pkts/372 bytes][Goodput ratio: 14/27][16.65 sec][bytes ratio: 0.507 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1233/32 7022/63 2004/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/93 162/133 24/26][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 72,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1075 bytes <-> 4 pkts/431 bytes][Goodput ratio: 14/36][13.31 sec][bytes ratio: 0.428 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/90 1021/90 5153/90 1645/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/108 161/155 24/37][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1100 bytes <-> 5 pkts/395 bytes][Goodput ratio: 15/16][27.12 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2192/28 12005/57 3483/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/79 158/129 22/25][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][12 pkts/985 bytes <-> 6 pkts/489 bytes][Goodput ratio: 18/17][24.21 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/87 2050/1327 17165/3721 5060/1483][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/82 134/129 21/22][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 42,42,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1062 bytes <-> 4 pkts/383 bytes][Goodput ratio: 13/28][17.74 sec][bytes ratio: 0.470 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/117 1360/117 7001/117 2231/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/96 148/121 21/24][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1083 bytes <-> 4 pkts/359 bytes][Goodput ratio: 14/26][27.76 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 2230/36 8404/71 2519/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/90 141/159 18/40][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1020 bytes <-> 4 pkts/421 bytes][Goodput ratio: 16/35][19.16 sec][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1603/66 5463/131 1891/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/105 172/163 28/39][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][13 pkts/1010 bytes <-> 5 pkts/402 bytes][Goodput ratio: 15/16][16.09 sec][bytes ratio: 0.431 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1396/1327 7806/3928 2259/1840][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/80 162/122 25/21][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1040 bytes <-> 4 pkts/362 bytes][Goodput ratio: 11/24][17.59 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/115 1346/115 6890/115 2199/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/90 126/115 16/19][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1004 bytes <-> 4 pkts/397 bytes][Goodput ratio: 15/31][19.05 sec][bytes ratio: 0.433 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 1595/68 5410/131 1868/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/99 156/154 24/34][Plen Bins: 70,10,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1010 bytes <-> 4 pkts/390 bytes][Goodput ratio: 15/30][19.16 sec][bytes ratio: 0.443 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 1603/66 5454/128 1890/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/98 162/138 25/29][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1085 bytes <-> 4 pkts/315 bytes][Goodput ratio: 14/16][28.25 sec][bytes ratio: 0.550 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2270/41 8492/76 2559/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 143/115 19/22][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/975 bytes <-> 4 pkts/412 bytes][Goodput ratio: 12/34][19.05 sec][bytes ratio: 0.406 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1596/66 5396/130 1974/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/103 127/146 16/34][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/995 bytes <-> 4 pkts/391 bytes][Goodput ratio: 14/30][11.60 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/77 911/77 5501/77 1656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/98 155/145 23/31][Plen Bins: 66,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/995 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][19.09 sec][bytes ratio: 0.441 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 1599/69 7561/130 2191/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 147/153 21/34][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1000 bytes <-> 4 pkts/380 bytes][Goodput ratio: 14/28][17.43 sec][bytes ratio: 0.449 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1524/37 6318/74 2039/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/95 152/166 22/41][Plen Bins: 80,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1000 bytes <-> 4 pkts/371 bytes][Goodput ratio: 14/27][17.70 sec][bytes ratio: 0.459 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1517/38 5471/77 1774/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/93 152/157 22/37][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/971 bytes <-> 4 pkts/399 bytes][Goodput ratio: 12/32][19.14 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 1599/69 5423/130 1880/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/100 123/164 15/39][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/977 bytes <-> 4 pkts/384 bytes][Goodput ratio: 12/29][20.90 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1750/71 5966/142 2163/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/96 129/125 17/26][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][12 pkts/940 bytes <-> 5 pkts/415 bytes][Goodput ratio: 16/19][28.23 sec][bytes ratio: 0.387 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2652/2383 13157/7000 3965/3265][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/83 166/135 27/26][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/948 bytes <-> 4 pkts/407 bytes][Goodput ratio: 16/33][18.08 sec][bytes ratio: 0.399 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1583/103 8469/204 2434/101][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/102 174/137 29/32][Plen Bins: 66,0,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/993 bytes <-> 4 pkts/360 bytes][Goodput ratio: 14/24][24.38 sec][bytes ratio: 0.468 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2081/67 5842/128 2142/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/90 145/146 21/32][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1004 bytes <-> 4 pkts/334 bytes][Goodput ratio: 13/20][32.24 sec][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2789/64 14182/123 4002/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/84 136/134 17/30][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1010 bytes <-> 4 pkts/317 bytes][Goodput ratio: 14/16][33.05 sec][bytes ratio: 0.522 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2859/66 14565/131 4102/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 142/117 19/22][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/989 bytes <-> 4 pkts/323 bytes][Goodput ratio: 12/18][32.74 sec][bytes ratio: 0.508 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2832/65 14348/124 4046/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/81 121/123 13/25][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/969 bytes <-> 4 pkts/337 bytes][Goodput ratio: 17/21][30.85 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2831/106 12195/206 3629/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 81/84 175/137 29/31][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][12 pkts/899 bytes <-> 5 pkts/406 bytes][Goodput ratio: 12/17][27.73 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2605/2274 12714/6673 3839/3111][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/81 125/126 16/23][Plen Bins: 77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/982 bytes <-> 4 pkts/322 bytes][Goodput ratio: 11/17][26.19 sec][bytes ratio: 0.506 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2269/35 10048/65 3061/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/80 114/122 12/24][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/836 bytes <-> 5 pkts/442 bytes][Goodput ratio: 13/23][21.99 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2111/517 6939/1415 2451/637][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/88 136/162 20/37][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/841 bytes <-> 5 pkts/429 bytes][Goodput ratio: 14/21][28.10 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2769/2594 13054/7485 4056/3461][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/86 141/149 21/32][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/866 bytes <-> 5 pkts/396 bytes][Goodput ratio: 16/15][28.08 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2765/2512 13013/7241 4051/3346][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/79 166/116 28/19][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/843 bytes <-> 4 pkts/411 bytes][Goodput ratio: 14/34][13.19 sec][bytes ratio: 0.344 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1451/144 5909/288 1841/144][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/103 143/167 22/40][Plen Bins: 62,12,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][13 pkts/994 bytes <-> 2 pkts/243 bytes][Goodput ratio: 12/41][25.06 sec][bytes ratio: 0.607 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/97 2172/97 10901/97 3290/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/78 76/122 126/165 15/44][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/820 bytes <-> 5 pkts/416 bytes][Goodput ratio: 11/19][28.35 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2800/2555 13330/7366 4128/3404][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/83 120/136 16/27][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/843 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][20.24 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1952/64 5189/127 2093/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 143/172 22/44][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/822 bytes <-> 4 pkts/390 bytes][Goodput ratio: 12/30][13.57 sec][bytes ratio: 0.356 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1158/148 4662/295 1409/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/98 122/128 16/28][Plen Bins: 62,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/827 bytes <-> 3 pkts/325 bytes][Goodput ratio: 12/35][18.82 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/218 1824/218 8820/218 2818/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 75/108 127/173 18/46][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][10 pkts/797 bytes <-> 4 pkts/342 bytes][Goodput ratio: 16/20][18.52 sec][bytes ratio: 0.399 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/89 169/96 647/104 223/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/86 139/118 23/20][Plen Bins: 40,40,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][12 pkts/935 bytes <-> 2 pkts/197 bytes][Goodput ratio: 14/29][14.47 sec][bytes ratio: 0.652 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/78 1329/78 5770/78 1937/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 78/98 141/123 19/24][Plen Bins: 77,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/838 bytes <-> 3 pkts/270 bytes][Goodput ratio: 12/24][24.21 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2560/141 11516/282 3602/141][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/90 118/130 14/28][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/814 bytes <-> 3 pkts/287 bytes][Goodput ratio: 11/27][18.80 sec][bytes ratio: 0.479 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/225 1818/225 8691/225 2792/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 74/96 114/135 14/28][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][6 pkts/417 bytes <-> 4 pkts/352 bytes][Goodput ratio: 17/32][5.54 sec][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/63 1107/1825 3027/3063 1309/1280][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/88 123/166 25/45][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1010 bytes <-> 4 pkts/390 bytes][Goodput ratio: 15/30][19.16 sec][bytes ratio: 0.443 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 1603/66 5454/128 1890/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/98 162/138 25/29][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1085 bytes <-> 4 pkts/315 bytes][Goodput ratio: 14/16][28.25 sec][bytes ratio: 0.550 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2270/41 8492/76 2559/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 143/115 19/22][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/975 bytes <-> 4 pkts/412 bytes][Goodput ratio: 12/34][19.05 sec][bytes ratio: 0.406 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1596/66 5396/130 1974/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/103 127/146 16/34][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/995 bytes <-> 4 pkts/391 bytes][Goodput ratio: 14/30][11.60 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/77 911/77 5501/77 1656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/98 155/145 23/31][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 66,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/995 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][19.09 sec][bytes ratio: 0.441 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 1599/69 7561/130 2191/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 147/153 21/34][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1000 bytes <-> 4 pkts/380 bytes][Goodput ratio: 14/28][17.43 sec][bytes ratio: 0.449 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1524/37 6318/74 2039/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/95 152/166 22/41][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1000 bytes <-> 4 pkts/371 bytes][Goodput ratio: 14/27][17.70 sec][bytes ratio: 0.459 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1517/38 5471/77 1774/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/93 152/157 22/37][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/971 bytes <-> 4 pkts/399 bytes][Goodput ratio: 12/32][19.14 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 1599/69 5423/130 1880/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/100 123/164 15/39][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/977 bytes <-> 4 pkts/384 bytes][Goodput ratio: 12/29][20.90 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1750/71 5966/142 2163/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/96 129/125 17/26][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][12 pkts/940 bytes <-> 5 pkts/415 bytes][Goodput ratio: 16/19][28.23 sec][bytes ratio: 0.387 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2652/2383 13157/7000 3965/3265][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/83 166/135 27/26][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/948 bytes <-> 4 pkts/407 bytes][Goodput ratio: 16/33][18.08 sec][bytes ratio: 0.399 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1583/103 8469/204 2434/101][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/102 174/137 29/32][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 66,0,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/993 bytes <-> 4 pkts/360 bytes][Goodput ratio: 14/24][24.38 sec][bytes ratio: 0.468 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2081/67 5842/128 2142/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/90 145/146 21/32][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1004 bytes <-> 4 pkts/334 bytes][Goodput ratio: 13/20][32.24 sec][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2789/64 14182/123 4002/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/84 136/134 17/30][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1010 bytes <-> 4 pkts/317 bytes][Goodput ratio: 14/16][33.05 sec][bytes ratio: 0.522 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2859/66 14565/131 4102/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 78/79 142/117 19/22][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/989 bytes <-> 4 pkts/323 bytes][Goodput ratio: 12/18][32.74 sec][bytes ratio: 0.508 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2832/65 14348/124 4046/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/81 121/123 13/25][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/969 bytes <-> 4 pkts/337 bytes][Goodput ratio: 17/21][30.85 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2831/106 12195/206 3629/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 81/84 175/137 29/31][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][12 pkts/899 bytes <-> 5 pkts/406 bytes][Goodput ratio: 12/17][27.73 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2605/2274 12714/6673 3839/3111][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/81 125/126 16/23][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/982 bytes <-> 4 pkts/322 bytes][Goodput ratio: 11/17][26.19 sec][bytes ratio: 0.506 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2269/35 10048/65 3061/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/80 114/122 12/24][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/836 bytes <-> 5 pkts/442 bytes][Goodput ratio: 13/23][21.99 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 2111/517 6939/1415 2451/637][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/88 136/162 20/37][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/841 bytes <-> 5 pkts/429 bytes][Goodput ratio: 14/21][28.10 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2769/2594 13054/7485 4056/3461][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/86 141/149 21/32][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/866 bytes <-> 5 pkts/396 bytes][Goodput ratio: 16/15][28.08 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2765/2512 13013/7241 4051/3346][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 79/79 166/116 28/19][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/843 bytes <-> 4 pkts/411 bytes][Goodput ratio: 14/34][13.19 sec][bytes ratio: 0.344 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1451/144 5909/288 1841/144][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/103 143/167 22/40][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 62,12,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][13 pkts/994 bytes <-> 2 pkts/243 bytes][Goodput ratio: 12/41][25.06 sec][bytes ratio: 0.607 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/97 2172/97 10901/97 3290/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/78 76/122 126/165 15/44][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/820 bytes <-> 5 pkts/416 bytes][Goodput ratio: 11/19][28.35 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2800/2555 13330/7366 4128/3404][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/83 120/136 16/27][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/843 bytes <-> 4 pkts/386 bytes][Goodput ratio: 14/29][20.24 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 1952/64 5189/127 2093/62][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/96 143/172 22/44][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/822 bytes <-> 4 pkts/390 bytes][Goodput ratio: 12/30][13.57 sec][bytes ratio: 0.356 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1158/148 4662/295 1409/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/98 122/128 16/28][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 62,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/827 bytes <-> 3 pkts/325 bytes][Goodput ratio: 12/35][18.82 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/218 1824/218 8820/218 2818/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 75/108 127/173 18/46][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][10 pkts/797 bytes <-> 4 pkts/342 bytes][Goodput ratio: 16/20][18.52 sec][bytes ratio: 0.399 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/89 169/96 647/104 223/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/86 139/118 23/20][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 40,40,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][12 pkts/935 bytes <-> 2 pkts/197 bytes][Goodput ratio: 14/29][14.47 sec][bytes ratio: 0.652 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/78 1329/78 5770/78 1937/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 78/98 141/123 19/24][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/838 bytes <-> 3 pkts/270 bytes][Goodput ratio: 12/24][24.21 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2560/141 11516/282 3602/141][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/90 118/130 14/28][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/814 bytes <-> 3 pkts/287 bytes][Goodput ratio: 11/27][18.80 sec][bytes ratio: 0.479 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/225 1818/225 8691/225 2792/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 74/96 114/135 14/28][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][6 pkts/417 bytes <-> 4 pkts/352 bytes][Goodput ratio: 17/32][5.54 sec][bytes ratio: 0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/63 1107/1825 3027/3063 1309/1280][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/88 123/166 25/45][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 8][8 pkts/608 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][11.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1001/0 1573/0 4002/0 1050/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 76/0 78/0 5/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][6 pkts/353 bytes <-> 4 pkts/246 bytes][Goodput ratio: 1/2][8.32 sec][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 1663/2751 6736/6736 2591/2874][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/62 78/66 9/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/297 bytes <-> 3 pkts/186 bytes][Goodput ratio: 37/0][0.81 sec][bytes ratio: 0.230 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/43 24/43 49/43 24/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/62 165/66 48/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/297 bytes <-> 3 pkts/186 bytes][Goodput ratio: 37/0][0.81 sec][bytes ratio: 0.230 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/43 24/43 49/43 24/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/62 165/66 48/3][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.43 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 21/43 42/43 21/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][1.67 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/skype_no_unknown.pcap.out b/tests/cfgs/default/result/skype_no_unknown.pcap.out index ccbb5afee96..d0a2ff7931e 100644 --- a/tests/cfgs/default/result/skype_no_unknown.pcap.out +++ b/tests/cfgs/default/result/skype_no_unknown.pcap.out @@ -269,47 +269,47 @@ JA3 Host Stats: Undetected flows: - 1 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 27][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][Goodput ratio: 78/89][22.75 sec][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/215 3095/3095 411/401][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/612 1506/1506 406/626][PLAIN TEXT (nZREBS)][Plen Bins: 22,7,2,1,4,2,0,1,0,4,1,0,0,2,0,0,2,1,1,1,2,0,0,0,0,0,0,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,25,0,0] - 2 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][19 pkts/2794 bytes <-> 14 pkts/2303 bytes][Goodput ratio: 55/60][4.66 sec][bytes ratio: 0.096 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 224/386 1936/2004 482/578][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/164 818/1190 200/285][Plen Bins: 44,33,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][17 pkts/2686 bytes <-> 13 pkts/2218 bytes][Goodput ratio: 58/61][4.67 sec][bytes ratio: 0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 290/379 2303/2313 574/649][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/171 843/1090 215/267][Plen Bins: 37,25,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][12 pkts/2194 bytes <-> 8 pkts/1711 bytes][Goodput ratio: 63/68][4.10 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/102 400/620 2746/2734 804/960][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/214 843/1090 250/332][Plen Bins: 50,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/3242 bytes <-> 3 pkts/290 bytes][Goodput ratio: 75/29][14.87 sec][bytes ratio: 0.836 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1411/28 6276/55 1939/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 270/97 401/150 156/38][Plen Bins: 10,0,20,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][11 pkts/1407 bytes <-> 9 pkts/652 bytes][Goodput ratio: 48/8][1.10 sec][bytes ratio: 0.367 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 87/130 407/550 121/177][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/72 389/104 106/11][Plen Bins: 44,22,11,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1104 bytes <-> 5 pkts/392 bytes][Goodput ratio: 15/15][27.78 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2245/26 12163/53 3486/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/78 162/126 23/24][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1106 bytes <-> 5 pkts/385 bytes][Goodput ratio: 15/14][26.33 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129/26 11912/51 3215/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/77 164/119 24/21][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1070 bytes <-> 4 pkts/420 bytes][Goodput ratio: 14/34][15.49 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/102 1186/102 6044/102 1932/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/105 156/166 23/39][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][11 pkts/835 bytes <-> 7 pkts/647 bytes][Goodput ratio: 12/27][1.90 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/69 104/312 618/693 186/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/92 107/127 15/21][Plen Bins: 44,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1117 bytes <-> 4 pkts/337 bytes][Goodput ratio: 16/21][30.54 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2455/42 9200/81 2778/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 80/84 175/137 27/31][Plen Bins: 81,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1059 bytes <-> 4 pkts/367 bytes][Goodput ratio: 12/27][27.54 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 2213/38 8343/69 2500/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/92 117/167 12/44][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1011 bytes <-> 4 pkts/415 bytes][Goodput ratio: 15/34][12.52 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1044/40 4851/80 1546/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/104 163/171 25/41][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1093 bytes <-> 4 pkts/333 bytes][Goodput ratio: 14/18][12.01 sec][bytes ratio: 0.533 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 948/22 4970/44 1451/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/83 159/127 23/25][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/991 bytes <-> 4 pkts/378 bytes][Goodput ratio: 13/27][18.68 sec][bytes ratio: 0.448 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/217 1484/217 8694/217 2597/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/94 151/118 22/23][Plen Bins: 66,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1006 bytes <-> 4 pkts/361 bytes][Goodput ratio: 15/25][17.15 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 1477/38 6479/71 1968/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/90 158/147 24/33][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/976 bytes <-> 4 pkts/365 bytes][Goodput ratio: 12/25][24.64 sec][bytes ratio: 0.456 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2103/67 5862/132 2208/65][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/91 128/151 16/35][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/986 bytes <-> 4 pkts/344 bytes][Goodput ratio: 12/23][32.35 sec][bytes ratio: 0.483 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2797/63 14147/123 3995/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/86 118/144 13/34][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/981 bytes <-> 4 pkts/348 bytes][Goodput ratio: 13/22][17.40 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 1497/40 6272/72 2024/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/87 133/134 18/27][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1004 bytes <-> 4 pkts/318 bytes][Goodput ratio: 13/16][32.75 sec][bytes ratio: 0.519 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2833/65 14399/127 4060/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/80 136/118 17/23][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/948 bytes <-> 4 pkts/349 bytes][Goodput ratio: 15/24][29.71 sec][bytes ratio: 0.462 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2726/100 11748/200 3539/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/87 154/149 23/36][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/951 bytes <-> 4 pkts/341 bytes][Goodput ratio: 15/22][29.62 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2714/103 11633/206 3500/103][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/85 157/141 24/33][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/858 bytes <-> 5 pkts/426 bytes][Goodput ratio: 15/21][27.75 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2725/2317 12657/6632 3959/3054][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/85 158/146 26/31][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/856 bytes <-> 5 pkts/409 bytes][Goodput ratio: 15/17][29.81 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2935/2960 14701/8573 4584/3971][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/82 156/129 26/24][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/861 bytes <-> 4 pkts/397 bytes][Goodput ratio: 16/31][13.03 sec][bytes ratio: 0.369 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1397/142 5845/283 1795/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/99 161/137 27/30][Plen Bins: 62,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/844 bytes <-> 5 pkts/413 bytes][Goodput ratio: 14/18][28.48 sec][bytes ratio: 0.343 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16 2815/2538 12362/7300 3843/3369][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/83 144/133 22/25][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/815 bytes <-> 5 pkts/423 bytes][Goodput ratio: 11/20][27.98 sec][bytes ratio: 0.317 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2765/2392 12863/6880 3983/3176][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/85 115/143 14/29][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/942 bytes <-> 3 pkts/284 bytes][Goodput ratio: 16/27][12.11 sec][bytes ratio: 0.537 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/94 1118/94 4788/94 1596/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 78/95 168/136 28/29][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/832 bytes <-> 4 pkts/387 bytes][Goodput ratio: 13/30][9.26 sec][bytes ratio: 0.365 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 992/99 4167/195 1282/96][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/97 132/173 19/44][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/916 bytes <-> 3 pkts/281 bytes][Goodput ratio: 12/27][8.32 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 759/26 3131/52 1054/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/94 122/141 14/34][Plen Bins: 77,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/862 bytes <-> 3 pkts/314 bytes][Goodput ratio: 14/34][4.40 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 418/23 1902/44 578/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/105 142/174 20/49][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][10 pkts/785 bytes <-> 4 pkts/378 bytes][Goodput ratio: 16/28][17.94 sec][bytes ratio: 0.350 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1703/148 4607/294 1700/146][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/94 159/164 28/40][Plen Bins: 71,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][12 pkts/931 bytes <-> 2 pkts/219 bytes][Goodput ratio: 14/36][10.56 sec][bytes ratio: 0.619 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/70 984/70 4078/70 1362/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 78/110 137/145 18/36][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/855 bytes <-> 3 pkts/287 bytes][Goodput ratio: 14/28][6.97 sec][bytes ratio: 0.497 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 703/37 3193/74 1013/37][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/96 135/147 19/36][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/848 bytes <-> 3 pkts/286 bytes][Goodput ratio: 13/28][8.38 sec][bytes ratio: 0.496 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 876/58 3885/93 1223/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/95 128/146 17/36][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][7 pkts/571 bytes <-> 3 pkts/286 bytes][Goodput ratio: 17/28][1.10 sec][bytes ratio: 0.333 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 183/38 568/75 216/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/95 139/146 24/36][Plen Bins: 60,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 27][101 pkts/30681 bytes <-> 98 pkts/59934 bytes][Goodput ratio: 78/89][22.75 sec][bytes ratio: -0.323 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/215 3095/3095 411/401][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/612 1506/1506 406/626][Risk: ** Fully encrypted flow **][Risk Score: 50][PLAIN TEXT (nZREBS)][Plen Bins: 22,7,2,1,4,2,0,1,0,4,1,0,0,2,0,0,2,1,1,1,2,0,0,0,0,0,0,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,25,0,0] + 2 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][19 pkts/2794 bytes <-> 14 pkts/2303 bytes][Goodput ratio: 55/60][4.66 sec][bytes ratio: 0.096 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/64 224/386 1936/2004 482/578][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/164 818/1190 200/285][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 44,33,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 22][17 pkts/2686 bytes <-> 13 pkts/2218 bytes][Goodput ratio: 58/61][4.67 sec][bytes ratio: 0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 290/379 2303/2313 574/649][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/171 843/1090 215/267][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 37,25,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][12 pkts/2194 bytes <-> 8 pkts/1711 bytes][Goodput ratio: 63/68][4.10 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/102 400/620 2746/2734 804/960][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/214 843/1090 250/332][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 50,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/3242 bytes <-> 3 pkts/290 bytes][Goodput ratio: 75/29][14.87 sec][bytes ratio: 0.836 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1411/28 6276/55 1939/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 270/97 401/150 156/38][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 10,0,20,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 20][11 pkts/1407 bytes <-> 9 pkts/652 bytes][Goodput ratio: 48/8][1.10 sec][bytes ratio: 0.367 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 87/130 407/550 121/177][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/72 389/104 106/11][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 44,22,11,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1104 bytes <-> 5 pkts/392 bytes][Goodput ratio: 15/15][27.78 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2245/26 12163/53 3486/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/78 162/126 23/24][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 19][14 pkts/1106 bytes <-> 5 pkts/385 bytes][Goodput ratio: 15/14][26.33 sec][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129/26 11912/51 3215/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/77 164/119 24/21][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1070 bytes <-> 4 pkts/420 bytes][Goodput ratio: 14/34][15.49 sec][bytes ratio: 0.436 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/102 1186/102 6044/102 1932/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/105 156/166 23/39][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][11 pkts/835 bytes <-> 7 pkts/647 bytes][Goodput ratio: 12/27][1.90 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/69 104/312 618/693 186/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/92 107/127 15/21][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 44,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1117 bytes <-> 4 pkts/337 bytes][Goodput ratio: 16/21][30.54 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2455/42 9200/81 2778/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 80/84 175/137 27/31][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1059 bytes <-> 4 pkts/367 bytes][Goodput ratio: 12/27][27.54 sec][bytes ratio: 0.485 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/8 2213/38 8343/69 2500/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/92 117/167 12/44][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 81,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1011 bytes <-> 4 pkts/415 bytes][Goodput ratio: 15/34][12.52 sec][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1044/40 4851/80 1546/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/104 163/171 25/41][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 70,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 18][14 pkts/1093 bytes <-> 4 pkts/333 bytes][Goodput ratio: 14/18][12.01 sec][bytes ratio: 0.533 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 948/22 4970/44 1451/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/83 159/127 23/25][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/991 bytes <-> 4 pkts/378 bytes][Goodput ratio: 13/27][18.68 sec][bytes ratio: 0.448 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/217 1484/217 8694/217 2597/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/94 151/118 22/23][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 66,22,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1006 bytes <-> 4 pkts/361 bytes][Goodput ratio: 15/25][17.15 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 1477/38 6479/71 1968/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/90 158/147 24/33][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/976 bytes <-> 4 pkts/365 bytes][Goodput ratio: 12/25][24.64 sec][bytes ratio: 0.456 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 2103/67 5862/132 2208/65][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/91 128/151 16/35][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/986 bytes <-> 4 pkts/344 bytes][Goodput ratio: 12/23][32.35 sec][bytes ratio: 0.483 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2797/63 14147/123 3995/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 76/86 118/144 13/34][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/981 bytes <-> 4 pkts/348 bytes][Goodput ratio: 13/22][17.40 sec][bytes ratio: 0.476 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 1497/40 6272/72 2024/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/87 133/134 18/27][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 17][13 pkts/1004 bytes <-> 4 pkts/318 bytes][Goodput ratio: 13/16][32.75 sec][bytes ratio: 0.519 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 2833/65 14399/127 4060/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 77/80 136/118 17/23][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/948 bytes <-> 4 pkts/349 bytes][Goodput ratio: 15/24][29.71 sec][bytes ratio: 0.462 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2726/100 11748/200 3539/100][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/87 154/149 23/36][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][12 pkts/951 bytes <-> 4 pkts/341 bytes][Goodput ratio: 15/22][29.62 sec][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2714/103 11633/206 3500/103][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 79/85 157/141 24/33][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/858 bytes <-> 5 pkts/426 bytes][Goodput ratio: 15/21][27.75 sec][bytes ratio: 0.336 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2725/2317 12657/6632 3959/3054][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/85 158/146 26/31][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/856 bytes <-> 5 pkts/409 bytes][Goodput ratio: 15/17][29.81 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2935/2960 14701/8573 4584/3971][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/82 156/129 26/24][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/861 bytes <-> 4 pkts/397 bytes][Goodput ratio: 16/31][13.03 sec][bytes ratio: 0.369 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1397/142 5845/283 1795/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/99 161/137 27/30][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 62,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/844 bytes <-> 5 pkts/413 bytes][Goodput ratio: 14/18][28.48 sec][bytes ratio: 0.343 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16 2815/2538 12362/7300 3843/3369][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 77/83 144/133 22/25][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 16][11 pkts/815 bytes <-> 5 pkts/423 bytes][Goodput ratio: 11/20][27.98 sec][bytes ratio: 0.317 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 2765/2392 12863/6880 3983/3176][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 74/85 115/143 14/29][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/942 bytes <-> 3 pkts/284 bytes][Goodput ratio: 16/27][12.11 sec][bytes ratio: 0.537 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/94 1118/94 4788/94 1596/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/74 78/95 168/136 28/29][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][11 pkts/832 bytes <-> 4 pkts/387 bytes][Goodput ratio: 13/30][9.26 sec][bytes ratio: 0.365 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 992/99 4167/195 1282/96][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 76/97 132/173 19/44][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][12 pkts/916 bytes <-> 3 pkts/281 bytes][Goodput ratio: 12/27][8.32 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 759/26 3131/52 1054/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/94 122/141 14/34][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/862 bytes <-> 3 pkts/314 bytes][Goodput ratio: 14/34][4.40 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 418/23 1902/44 578/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/105 142/174 20/49][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][10 pkts/785 bytes <-> 4 pkts/378 bytes][Goodput ratio: 16/28][17.94 sec][bytes ratio: 0.350 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1703/148 4607/294 1700/146][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78/94 159/164 28/40][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 71,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][12 pkts/931 bytes <-> 2 pkts/219 bytes][Goodput ratio: 14/36][10.56 sec][bytes ratio: 0.619 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/70 984/70 4078/70 1362/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 78/110 137/145 18/36][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 77,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/855 bytes <-> 3 pkts/287 bytes][Goodput ratio: 14/28][6.97 sec][bytes ratio: 0.497 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 703/37 3193/74 1013/37][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/96 135/147 19/36][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 14][11 pkts/848 bytes <-> 3 pkts/286 bytes][Goodput ratio: 13/28][8.38 sec][bytes ratio: 0.496 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 876/58 3885/93 1223/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/95 128/146 17/36][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 75,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][7 pkts/571 bytes <-> 3 pkts/286 bytes][Goodput ratio: 17/28][1.10 sec][bytes ratio: 0.333 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 183/38 568/75 216/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/95 139/146 24/36][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 60,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 11][6 pkts/353 bytes <-> 5 pkts/306 bytes][Goodput ratio: 1/2][11.59 sec][bytes ratio: 0.071 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2640/2885 10417/10457 4490/4391][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 59/61 78/66 9/2][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 7][7 pkts/546 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][7.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1003/0 1175/0 2021/0 378/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36/0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26/54 53/54 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/62 161/66 46/3][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/293 bytes <-> 3 pkts/186 bytes][Goodput ratio: 36/0][0.69 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/54 26/54 53/54 26/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/62 161/66 46/3][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][6 pkts/468 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.04 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1005/0 1007/0 1013/0 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 78/0 78/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/237 bytes <-> 3 pkts/186 bytes][Goodput ratio: 21/0][0.47 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/62 34/62 68/62 34/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/62 105/66 21/3][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/237 bytes <-> 3 pkts/186 bytes][Goodput ratio: 21/0][0.47 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/62 34/62 68/62 34/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/62 105/66 21/3][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/191 bytes <-> 3 pkts/186 bytes][Goodput ratio: 3/0][0.52 sec][bytes ratio: 0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/61 31/61 62/61 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64/62 78/66 10/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.27 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/threema.pcap.out b/tests/cfgs/default/result/threema.pcap.out index c62b3fc3b20..54ac084bc99 100644 --- a/tests/cfgs/default/result/threema.pcap.out +++ b/tests/cfgs/default/result/threema.pcap.out @@ -17,7 +17,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 6/6 (search/found) @@ -27,5 +27,5 @@ Threema 83 11578 6 2 TCP 192.168.2.100:50298 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][10 pkts/2025 bytes <-> 5 pkts/548 bytes][Goodput ratio: 67/38][46.73 sec][bytes ratio: 0.574 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/31 5838/33 46525/38 15378/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 202/110 510/146 167/24][Plen Bins: 0,44,11,0,0,11,0,0,0,11,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50618 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][9 pkts/879 bytes <-> 6 pkts/1079 bytes][Goodput ratio: 31/62][5.39 sec][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/28 52/1686 209/4996 67/2340][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/180 257/661 59/217][Plen Bins: 0,40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 192.168.2.100:50500 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][8 pkts/813 bytes <-> 4 pkts/676 bytes][Goodput ratio: 34/60][61.48 sec][bytes ratio: 0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/31 290/32 1612/32 591/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/169 257/390 61/131][Plen Bins: 0,40,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.2.100:50718 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][73.43 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 12233/29 73277/30 27300/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.2.100:50860 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][60.00 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/29 9996/31 59845/33 22293/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.2.100:50718 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][73.43 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 12233/29 73277/30 27300/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.2.100:50860 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: Match by IP][DPI packets: 13][cat: Chat/9][8 pkts/775 bytes <-> 5 pkts/472 bytes][Goodput ratio: 31/28][60.00 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/29 9996/31 59845/33 22293/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/94 257/146 62/33][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,50,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index b5c1e5138b5..922c7332c19 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -89,9 +89,10 @@ flow_risks[47] = ProtoField.bool("ndpi.flow_risk.http_obsolete_server", "Obsolet flow_risks[48] = ProtoField.bool("ndpi.flow_risk.periodic_flow", "Periodic Flow", num_bits_flow_risks, nil, bit(16), "nDPI Flow Risk: Periodic Flow") flow_risks[49] = ProtoField.bool("ndpi.flow_risk.minor_issues", "Minor flow issues", num_bits_flow_risks, nil, bit(17), "nDPI Flow Risk: Minor flow issues") flow_risks[50] = ProtoField.bool("ndpi.flow_risk.tcp_issues", "TCP connection issues", num_bits_flow_risks, nil, bit(18), "nDPI Flow Risk: TCP connection issues") +flow_risks[51] = ProtoField.bool("ndpi.flow_risk.fully_encrypted", "Fully encrypted connection", num_bits_flow_risks, nil, bit(19), "nDPI Flow Risk: Fully encrypted connection") -- Last one: keep in sync the bitmask when adding new risks!! -flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(13)) +flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(20)) for _,v in pairs(flow_risks) do ndpi_fds[#ndpi_fds + 1] = v