diff --git a/example/reader_util.c b/example/reader_util.c index dec8e121628..d36c42a16c9 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1116,11 +1116,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->http.response_status_code = flow->ndpi_flow->http.response_status_code; ndpi_snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : ""); ndpi_snprintf(flow->http.request_content_type, sizeof(flow->http.request_content_type), "%s", flow->ndpi_flow->http.request_content_type ? flow->ndpi_flow->http.request_content_type : ""); - ndpi_snprintf(flow->http.user_agent, sizeof(flow->http.user_agent), "%s", flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : ""); } - } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SSDP) || - is_ndpi_proto(flow, NDPI_PROTOCOL_XIAOMI)) { - ndpi_snprintf(flow->http.user_agent, sizeof(flow->http.user_agent), "%s", flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : ""); } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_TELNET)) { if(flow->ndpi_flow->protos.telnet.username[0] != '\0') flow->telnet.username = ndpi_strdup(flow->ndpi_flow->protos.telnet.username); @@ -1145,8 +1141,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl ) { flow->ssh_tls.ssl_version = flow->ndpi_flow->protos.tls_quic.ssl_version; - ndpi_snprintf(flow->http.user_agent, sizeof(flow->http.user_agent), "%s", flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : ""); - if(flow->ndpi_flow->protos.tls_quic.server_names_len > 0 && flow->ndpi_flow->protos.tls_quic.server_names) flow->ssh_tls.server_names = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.server_names); @@ -1224,6 +1218,10 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } + ndpi_snprintf(flow->http.user_agent, + sizeof(flow->http.user_agent), + "%s", (flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : "")); + if(flow->detection_completed && (!flow->check_extra_packets)) { if(is_ndpi_proto(flow, NDPI_PROTOCOL_UNKNOWN)) { if(workflow->__flow_giveup_callback != NULL) diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 790fa4c33e4..ab9170fbf4b 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -161,6 +161,7 @@ extern "C" { const char *alpn_to_check, u_int alpn_to_check_len); char *ndpi_hostname_sni_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); + char *ndpi_user_agent_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); #ifdef __cplusplus } diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5a6376c6f46..a9e34f30b84 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -8421,3 +8421,22 @@ char *ndpi_hostname_sni_set(struct ndpi_flow_struct *flow, const u_int8_t *value return dst; } + +/* ******************************************************************** */ + +char *ndpi_user_agent_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len) +{ + if (flow->http.user_agent != NULL) + { + return NULL; + } + + flow->http.user_agent = ndpi_malloc(value_len + 1); + if (flow->http.user_agent != NULL) + { + memcpy(flow->http.user_agent, value, value_len); + flow->http.user_agent[value_len] = '\0'; + } + + return flow->http.user_agent; +} diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 8b65ece5055..8ecadb303ae 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -535,14 +535,11 @@ int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct, } } - if(flow->http.user_agent == NULL) { - flow->http.user_agent = ndpi_malloc(ua_ptr_len + 1); - if(flow->http.user_agent) { - memcpy(flow->http.user_agent, (char*)ua_ptr, ua_ptr_len); - flow->http.user_agent[ua_ptr_len] = '\0'; - - ndpi_check_user_agent(ndpi_struct, flow, flow->http.user_agent); - } + if (ndpi_user_agent_set(flow, ua_ptr, ua_ptr_len) != NULL) + { + ndpi_check_user_agent(ndpi_struct, flow, flow->http.user_agent); + } else { + NDPI_LOG_DBG2(ndpi_struct, "Could not set HTTP user agent\n"); } NDPI_LOG_DBG2(ndpi_struct, "User Agent Type line found %.*s\n", diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index cc2eb2f7125..9fb1d0eaeec 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -38,13 +38,9 @@ static void ssdp_parse_lines(struct ndpi_detection_module_struct /* Save user-agent for device discovery if available */ if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) { - if(flow->http.user_agent == NULL) { - flow->http.user_agent = ndpi_malloc(packet->user_agent_line.len + 1); - if(flow->http.user_agent) { - memcpy(flow->http.user_agent, - (char*)packet->user_agent_line.ptr, packet->user_agent_line.len); - flow->http.user_agent[packet->user_agent_line.len] = '\0'; - } + if (ndpi_user_agent_set(flow, packet->user_agent_line.ptr, packet->user_agent_line.len) == NULL) + { + NDPI_LOG_DBG2(ndpi_struct, "Could not set SSDP user agent\n"); } } } diff --git a/src/lib/protocols/xiaomi.c b/src/lib/protocols/xiaomi.c index 831478e9e90..f18c6202b3f 100644 --- a/src/lib/protocols/xiaomi.c +++ b/src/lib/protocols/xiaomi.c @@ -52,10 +52,9 @@ static void xiaomi_dissect_metadata(struct ndpi_detection_module_struct *ndpi_st switch(op) { case 0x12: - flow->http.user_agent = ndpi_malloc(len + 1); - if(flow->http.user_agent != NULL) { - memcpy(flow->http.user_agent, &payload[offset], len); - flow->http.user_agent[len] = '\0'; + if (ndpi_user_agent_set(flow, &payload[offset], len) == NULL) + { + NDPI_LOG_DBG2(ndpi_struct, "Could not set Xiaomi user agent\n"); } break; diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index dcd38408f9d..7b0581267a0 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -29,7 +29,7 @@ JA3 Host Stats: 5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][Goodput ratio: 71/27][1.96 sec][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 141/117 494/295 163/92][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195/78 735/189 228/35][Risk: ** Obsolete TLS Version (1.1 or older) **** Possibly Malicious JA3 Fingerprint **][Risk Score: 150][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 30,23,0,0,15,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][ClearText][Confidence: DPI][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][Goodput ratio: 69/69][45.10 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4203/4247 4716/5160 1131/719][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141/142 150/142 6/0][Plen Bins: 0,0,4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][ClearText][Confidence: DPI][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][Goodput ratio: 69/69][43.84 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266/3766 4903/4991 1245/1144][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140/140 142/142 6/6][Plen Bins: 0,0,9,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Goodput ratio: 54/34][3.79 sec][Hostname/SNI: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406/439 2019/1166 732/515][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 140/87 665/262 199/71][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Goodput ratio: 54/34][3.79 sec][Hostname/SNI: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406/439 2019/1166 732/515][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 140/87 665/262 199/71][User-Agent: MicroMessenger Client][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][ClearText][Confidence: Match by port][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][Goodput ratio: 25/64][24.77 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920/8061 17431/17434 6679/7163][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90/189 130/504 24/164][Plen Bins: 16,51,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 265/AmazonAWS][Encrypted][Confidence: Match by IP][cat: Cloud/13][2 pkts/225 bytes <-> 2 pkts/171 bytes][Goodput ratio: 39/20][0.46 sec][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index b370b2b2db0..b7839d001db 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -30,25 +30,25 @@ JA3 Host Stats: 1 10.0.2.15 1 - 1 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][673 pkts/38650 bytes <-> 1683 pkts/2280370 bytes][Goodput ratio: 6/96][431.96 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/225 9653/1135 666/419][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57/1355 587/1514 40/279][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] - 2 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][420 pkts/23742 bytes <-> 831 pkts/1095030 bytes][Goodput ratio: 4/96][422.59 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.958 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 1002/479 1310/1219 140/510][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57/1318 592/1514 36/217][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49,0,0,0,0,0,0,0,0,0,0,50,0,0] - 3 TCP 10.0.2.15:50284 <-> 104.156.226.72:53258 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][182 pkts/12456 bytes <-> 183 pkts/50754 bytes][Goodput ratio: 21/81][504.99 sec][bytes ratio: -0.606 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2737/2652 27658/29635 5861/5897][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/277 654/1078 50/396][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 69,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 10.0.2.15:50285 <-> 75.133.101.93:52367 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][153 pkts/10889 bytes <-> 159 pkts/25403 bytes][Goodput ratio: 24/66][505.01 sec][bytes ratio: -0.400 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3311/2989 31483/31436 6322/5994][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/160 653/1514 54/290][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 80,3,0,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] - 5 TCP 10.0.2.15:50312 <-> 104.238.172.250:23548 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][146 pkts/10497 bytes <-> 149 pkts/15445 bytes][Goodput ratio: 25/48][502.88 sec][bytes ratio: -0.191 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3325/3112 28295/28349 6532/6371][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/104 655/1078 56/155][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 82,3,2,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 10.0.2.15:50300 <-> 188.61.52.183:11852 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][66 pkts/6593 bytes <-> 69 pkts/10484 bytes][Goodput ratio: 46/64][502.91 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 8559/7533 32308/32351 8859/8516][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/152 653/1514 91/201][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 1,43,9,6,26,4,0,1,1,0,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + 1 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][673 pkts/38650 bytes <-> 1683 pkts/2280370 bytes][Goodput ratio: 6/96][431.96 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/225 9653/1135 666/419][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57/1355 587/1514 40/279][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] + 2 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][420 pkts/23742 bytes <-> 831 pkts/1095030 bytes][Goodput ratio: 4/96][422.59 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.958 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 1002/479 1310/1219 140/510][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57/1318 592/1514 36/217][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49,0,0,0,0,0,0,0,0,0,0,50,0,0] + 3 TCP 10.0.2.15:50284 <-> 104.156.226.72:53258 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][182 pkts/12456 bytes <-> 183 pkts/50754 bytes][Goodput ratio: 21/81][504.99 sec][bytes ratio: -0.606 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2737/2652 27658/29635 5861/5897][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/277 654/1078 50/396][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 69,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 10.0.2.15:50285 <-> 75.133.101.93:52367 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][153 pkts/10889 bytes <-> 159 pkts/25403 bytes][Goodput ratio: 24/66][505.01 sec][bytes ratio: -0.400 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3311/2989 31483/31436 6322/5994][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/160 653/1514 54/290][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 80,3,0,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + 5 TCP 10.0.2.15:50312 <-> 104.238.172.250:23548 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][146 pkts/10497 bytes <-> 149 pkts/15445 bytes][Goodput ratio: 25/48][502.88 sec][bytes ratio: -0.191 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3325/3112 28295/28349 6532/6371][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/104 655/1078 56/155][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 82,3,2,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 10.0.2.15:50300 <-> 188.61.52.183:11852 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][66 pkts/6593 bytes <-> 69 pkts/10484 bytes][Goodput ratio: 46/64][502.91 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 8559/7533 32308/32351 8859/8516][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/152 653/1514 91/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 1,43,9,6,26,4,0,1,1,0,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] 7 UDP [fe80::c50d:519f:96a4:e108]:63958 -> [ff02::c]:3702 [proto: 153/WSD][ClearText][Confidence: DPI][cat: Network/14][14 pkts/15504 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][586.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 48849/0 583774/0 161286/0][Pkt Len c2s/s2c min/avg/max/stddev: 834/0 1107/0 1153/0 112/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 10.0.2.15:63957 -> 239.255.255.250:3702 [proto: 153/WSD][ClearText][Confidence: DPI][cat: Network/14][13 pkts/14194 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][586.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 53286/0 583775/0 167755/0][Pkt Len c2s/s2c min/avg/max/stddev: 814/0 1092/0 1115/0 80/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,92,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0] - 10 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** HTTP Numeric IP Address **** Unsafe Protocol **][Risk Score: 20][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0] + 10 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 10.0.2.15:28681 <-> 80.61.221.246:30577 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5195 bytes][Goodput ratio: 68/93][197.38 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/35 26439/26440 107210/107216 34356/34358][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 132/577 274/769 53/274][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,33,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 10.0.2.15:28681 <-> 193.37.255.130:61616 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5176 bytes][Goodput ratio: 68/93][197.67 sec][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/126 26488/26488 107228/107229 34539/34539][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 132/575 274/769 53/277][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,39,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 10.0.2.15:28681 <-> 103.232.107.100:43508 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][9 pkts/1157 bytes <-> 8 pkts/4890 bytes][Goodput ratio: 67/93][230.22 sec][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 4875/4875 31136/30836 107031/107033 32420/35010][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 129/611 274/769 56/273][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 11,0,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 10.0.2.15:28681 <-> 51.68.153.214:26253 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][8 pkts/1062 bytes <-> 8 pkts/4408 bytes][Goodput ratio: 68/92][197.45 sec][bytes ratio: -0.612 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/38 31792/31788 106707/106688 36689/36683][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 133/551 274/769 56/285][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (client)][Plen Bins: 6,6,37,6,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 10.0.2.15:28681 <-> 88.120.73.215:24562 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][8 pkts/1062 bytes <-> 8 pkts/4403 bytes][Goodput ratio: 68/92][197.35 sec][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 12255/12264 32087/32089 63452/63450 17379/17409][Pkt Len c2s/s2c min/avg/max/stddev: 70/125 133/550 274/769 56/286][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 6,6,37,6,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 10.0.2.15:50319 <-> 185.187.74.173:53489 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 14 pkts/3313 bytes][Goodput ratio: 67/77][0.65 sec][bytes ratio: -0.289 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/57 467/514 150/152][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/237 654/1514 175/396][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 9,9,9,9,9,18,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] - 18 TCP 10.0.2.15:50318 <-> 193.32.126.214:59596 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 14 pkts/3298 bytes][Goodput ratio: 67/77][0.69 sec][bytes ratio: -0.287 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/59 484/500 155/147][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/236 654/1514 175/395][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 9,9,9,9,9,18,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] - 19 TCP 10.0.2.15:50316 <-> 142.132.165.13:30566 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 13 pkts/3246 bytes][Goodput ratio: 67/78][0.65 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/58 448/502 144/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/250 654/1514 175/407][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,10,10,10,10,10,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 17 TCP 10.0.2.15:50319 <-> 185.187.74.173:53489 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 14 pkts/3313 bytes][Goodput ratio: 67/77][0.65 sec][bytes ratio: -0.289 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/57 467/514 150/152][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/237 654/1514 175/396][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 9,9,9,9,9,18,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] + 18 TCP 10.0.2.15:50318 <-> 193.32.126.214:59596 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 14 pkts/3298 bytes][Goodput ratio: 67/77][0.69 sec][bytes ratio: -0.287 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/59 484/500 155/147][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/236 654/1514 175/395][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 9,9,9,9,9,18,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] + 19 TCP 10.0.2.15:50316 <-> 142.132.165.13:30566 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][11 pkts/1827 bytes <-> 13 pkts/3246 bytes][Goodput ratio: 67/78][0.65 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/58 448/502 144/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/250 654/1514 175/407][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,10,10,10,10,10,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 20 UDP 10.0.2.15:28681 <-> 47.220.186.140:27641 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/894 bytes <-> 6 pkts/3993 bytes][Goodput ratio: 72/94][80.99 sec][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 420/439 19846/19862 51326/51324 19053/19041][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 149/666 274/769 56/231][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 0,0,41,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 10.0.2.15:28681 <-> 118.240.69.199:6348 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/894 bytes <-> 6 pkts/3993 bytes][Goodput ratio: 72/94][81.12 sec][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 241/238 19801/19800 46706/46704 17174/17175][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 149/666 274/769 56/231][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 0,0,41,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP [fe80::c50d:519f:96a4:e108]:63965 -> [ff02::c]:3702 [proto: 153/WSD][ClearText][Confidence: DPI][cat: Network/14][7 pkts/4802 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][6.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 155/0 1062/0 2014/0 752/0][Pkt Len c2s/s2c min/avg/max/stddev: 686/0 686/0 686/0 0/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -68,66 +68,66 @@ JA3 Host Stats: 36 UDP 10.0.2.15:28681 <-> 86.129.196.84:9915 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/693 bytes <-> 5 pkts/2101 bytes][Goodput ratio: 70/90][118.91 sec][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 41/46 29718/29717 110727/110724 46814/46813][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 139/420 274/769 71/290][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 10,10,30,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 10.0.2.15:28681 <-> 109.132.188.98:62851 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/369 bytes <-> 3 pkts/2307 bytes][Goodput ratio: 66/94][44.01 sec][bytes ratio: -0.724 (Download)][IAT c2s/s2c min/avg/max/stddev: 21200/21199 21989/21988 22778/22778 789/789][Pkt Len c2s/s2c min/avg/max/stddev: 123/769 123/769 123/769 0/0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 10.0.2.15:63962 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][15 pkts/2505 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][583.18 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44833/0 571480/0 152034/0][Pkt Len c2s/s2c min/avg/max/stddev: 143/0 167/0 179/0 17/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 10.0.2.15:50315 <-> 45.31.152.112:26851 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1435 bytes <-> 6 pkts/1018 bytes][Goodput ratio: 77/68][0.43 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/36 143/142 71/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 239/170 653/744 259/257][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 10.0.2.15:50322 <-> 164.132.10.25:55302 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1439 bytes <-> 6 pkts/998 bytes][Goodput ratio: 77/67][0.16 sec][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/13 51/48 26/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/166 653/724 260/249][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 10.0.2.15:50295 <-> 38.142.119.234:49732 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/991 bytes][Goodput ratio: 77/67][0.54 sec][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/82 320/319 129/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/165 654/717 260/247][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 10.0.2.15:50308 <-> 193.37.255.130:61616 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/991 bytes][Goodput ratio: 77/67][0.38 sec][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/32 128/126 64/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/165 654/717 260/247][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 10.0.2.15:50311 <-> 149.28.163.175:49956 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/956 bytes][Goodput ratio: 77/66][0.92 sec][bytes ratio: 0.201 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 154/78 306/304 152/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/159 654/682 260/234][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP 10.0.2.15:50313 <-> 96.65.68.194:35481 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1433 bytes <-> 6 pkts/948 bytes][Goodput ratio: 76/65][0.41 sec][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/34 136/135 68/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 239/158 652/674 259/231][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 10.0.2.15:50315 <-> 45.31.152.112:26851 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1435 bytes <-> 6 pkts/1018 bytes][Goodput ratio: 77/68][0.43 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/36 143/142 71/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 239/170 653/744 259/257][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 10.0.2.15:50322 <-> 164.132.10.25:55302 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1439 bytes <-> 6 pkts/998 bytes][Goodput ratio: 77/67][0.16 sec][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/13 51/48 26/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/166 653/724 260/249][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 10.0.2.15:50295 <-> 38.142.119.234:49732 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/991 bytes][Goodput ratio: 77/67][0.54 sec][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/82 320/319 129/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/165 654/717 260/247][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 10.0.2.15:50308 <-> 193.37.255.130:61616 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/991 bytes][Goodput ratio: 77/67][0.38 sec][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/32 128/126 64/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/165 654/717 260/247][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 10.0.2.15:50311 <-> 149.28.163.175:49956 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1437 bytes <-> 6 pkts/956 bytes][Goodput ratio: 77/66][0.92 sec][bytes ratio: 0.201 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 154/78 306/304 152/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/159 654/682 260/234][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP 10.0.2.15:50313 <-> 96.65.68.194:35481 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/1433 bytes <-> 6 pkts/948 bytes][Goodput ratio: 76/65][0.41 sec][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/34 136/135 68/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 239/158 652/674 259/231][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 10.0.2.15:28681 <-> 164.132.10.25:55302 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][4 pkts/414 bytes <-> 4 pkts/1953 bytes][Goodput ratio: 59/91][191.69 sec][bytes ratio: -0.650 (Download)][IAT c2s/s2c min/avg/max/stddev: 54/57 63876/63879 163590/163585 71425/71419][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 104/488 123/769 22/286][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 12,12,37,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 UDP 10.0.2.15:28681 <-> 176.99.176.20:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][4 pkts/414 bytes <-> 4 pkts/1923 bytes][Goodput ratio: 59/91][191.72 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 59/60 63888/63888 147596/147598 61850/61851][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 104/481 123/769 22/290][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 12,12,25,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 10.0.2.15:28681 <-> 188.165.203.190:21995 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][4 pkts/414 bytes <-> 4 pkts/1836 bytes][Goodput ratio: 59/91][191.45 sec][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 35550/35547 63808/63807 112098/112099 34311/34312][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 104/459 123/769 22/310][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 12,12,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 10.0.2.15:28681 <-> 190.192.210.182:6754 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/525 bytes <-> 3 pkts/1686 bytes][Goodput ratio: 76/92][8.37 sec][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 2425/2441 4050/4054 5674/5668 1624/1613][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 175/562 274/769 70/293][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 0,0,33,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 UDP 10.0.2.15:28681 <-> 63.228.175.169:1936 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/520 bytes <-> 3 pkts/1686 bytes][Goodput ratio: 76/92][37.66 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 8739/8738 18728/18726 28718/28714 9990/9988][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 173/562 274/769 71/293][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,33,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 10.0.2.15:50198 <-> 86.129.196.84:9915 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][7 pkts/1013 bytes <-> 5 pkts/772 bytes][Goodput ratio: 59/64][15.56 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 3112/22 6485/43 2789/21][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 145/154 653/552 208/199][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 10.0.2.15:50198 <-> 86.129.196.84:9915 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][7 pkts/1013 bytes <-> 5 pkts/772 bytes][Goodput ratio: 59/64][15.56 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 3112/22 6485/43 2789/21][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 145/154 653/552 208/199][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 UDP 10.0.2.15:28681 <-> 73.250.179.237:20848 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][43.97 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 UDP 10.0.2.15:28681 <-> 92.217.84.16:20223 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][44.00 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 10.0.2.15:28681 <-> 173.183.183.110:59920 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][44.11 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 10.0.2.15:28681 <-> 181.118.53.212:29998 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][29.05 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 TCP 10.0.2.15:50226 <-> 116.241.162.162:15677 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/820 bytes][Goodput ratio: 68/67][0.53 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 132/88 260/260 128/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/164 655/600 239/218][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 TCP 10.0.2.15:50268 <-> 210.209.249.84:24751 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/818 bytes][Goodput ratio: 68/66][0.46 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 116/76 232/228 115/107][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/164 654/598 239/217][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 10.0.2.15:50211 <-> 14.199.10.60:23458 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/818 bytes][Goodput ratio: 68/66][0.36 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/59 178/176 89/83][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/164 652/598 238/217][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 TCP 10.0.2.15:50232 <-> 182.155.242.225:15068 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/814 bytes][Goodput ratio: 68/66][0.44 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 110/73 219/219 110/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/163 655/594 239/216][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP 10.0.2.15:50203 <-> 61.222.160.99:18994 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/815 bytes][Goodput ratio: 68/66][0.49 sec][bytes ratio: 0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/81 245/244 122/115][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 653/595 238/216][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 TCP 10.0.2.15:50267 <-> 113.252.86.162:9239 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.45 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/74 223/222 111/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 654/593 239/215][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 10.0.2.15:50269 <-> 218.103.139.2:3186 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.53 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 133/87 270/261 133/123][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 653/593 238/215][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 TCP 10.0.2.15:50196 <-> 218.250.6.59:12556 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.52 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/11 131/91 250/249 119/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 652/593 238/215][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 10.0.2.15:50197 <-> 118.168.15.71:3931 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/811 bytes][Goodput ratio: 68/66][0.62 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 153/105 302/299 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/162 653/591 238/214][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 TCP 10.0.2.15:50320 <-> 194.163.180.126:10825 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/792 bytes][Goodput ratio: 68/65][0.05 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 24/19 11/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/158 655/572 239/207][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 TCP 10.0.2.15:50303 <-> 88.120.73.215:24562 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/789 bytes][Goodput ratio: 68/65][0.06 sec][bytes ratio: 0.055 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 16/11 32/29 15/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/158 653/569 238/206][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 TCP 10.0.2.15:50317 <-> 188.165.203.190:21995 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/784 bytes][Goodput ratio: 68/65][0.05 sec][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 13/8 25/22 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/157 655/564 239/204][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 TCP 10.0.2.15:50323 <-> 51.68.153.214:26253 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/786 bytes][Goodput ratio: 68/65][0.10 sec][bytes ratio: 0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 25/21 55/54 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/157 653/566 238/204][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 TCP 10.0.2.15:50259 <-> 183.179.90.112:9852 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/782 bytes][Goodput ratio: 68/65][0.37 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/60 183/180 91/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/156 654/562 239/203][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 TCP 10.0.2.15:50253 <-> 103.232.107.100:43508 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/778 bytes][Goodput ratio: 68/65][0.64 sec][bytes ratio: 0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 160/103 329/308 159/145][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/156 655/558 239/201][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 TCP 10.0.2.15:50262 <-> 80.61.221.246:30577 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/777 bytes][Goodput ratio: 68/65][0.07 sec][bytes ratio: 0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 16/11 33/31 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/557 238/201][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 TCP 10.0.2.15:50301 <-> 87.123.54.234:54130 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/775 bytes][Goodput ratio: 68/65][5.37 sec][bytes ratio: 0.064 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1342/1775 5324/5324 2299/2510][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/555 238/200][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 TCP 10.0.2.15:50309 <-> 60.241.48.194:21301 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/775 bytes][Goodput ratio: 68/65][0.63 sec][bytes ratio: 0.064 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/105 317/316 158/149][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/555 238/200][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 TCP 10.0.2.15:50307 <-> 176.99.176.20:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/765 bytes][Goodput ratio: 68/64][0.12 sec][bytes ratio: 0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 29/20 56/56 27/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/153 653/545 238/196][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 TCP 10.0.2.15:50235 <-> 45.88.118.70:6906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/765 bytes][Goodput ratio: 68/64][0.09 sec][bytes ratio: 0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/14 44/43 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/153 652/545 238/196][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 TCP 10.0.2.15:50236 <-> 93.29.135.209:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/584 bytes <-> 5 pkts/1030 bytes][Goodput ratio: 52/73][1.09 sec][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 272/353 1055/1054 452/495][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 117/206 356/810 120/302][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 TCP 10.0.2.15:50226 <-> 116.241.162.162:15677 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/820 bytes][Goodput ratio: 68/67][0.53 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 132/88 260/260 128/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/164 655/600 239/218][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 10.0.2.15:50268 <-> 210.209.249.84:24751 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/818 bytes][Goodput ratio: 68/66][0.46 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 116/76 232/228 115/107][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/164 654/598 239/217][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 10.0.2.15:50211 <-> 14.199.10.60:23458 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/818 bytes][Goodput ratio: 68/66][0.36 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/59 178/176 89/83][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/164 652/598 238/217][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 TCP 10.0.2.15:50232 <-> 182.155.242.225:15068 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/814 bytes][Goodput ratio: 68/66][0.44 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 110/73 219/219 110/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/163 655/594 239/216][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 10.0.2.15:50203 <-> 61.222.160.99:18994 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/815 bytes][Goodput ratio: 68/66][0.49 sec][bytes ratio: 0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/81 245/244 122/115][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 653/595 238/216][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 TCP 10.0.2.15:50267 <-> 113.252.86.162:9239 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.45 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/74 223/222 111/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 654/593 239/215][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 10.0.2.15:50269 <-> 218.103.139.2:3186 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.53 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 133/87 270/261 133/123][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 653/593 238/215][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 10.0.2.15:50196 <-> 218.250.6.59:12556 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/813 bytes][Goodput ratio: 68/66][0.52 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/11 131/91 250/249 119/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/163 652/593 238/215][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 10.0.2.15:50197 <-> 118.168.15.71:3931 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/811 bytes][Goodput ratio: 68/66][0.62 sec][bytes ratio: 0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 153/105 302/299 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/162 653/591 238/214][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 TCP 10.0.2.15:50320 <-> 194.163.180.126:10825 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/792 bytes][Goodput ratio: 68/65][0.05 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 24/19 11/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/158 655/572 239/207][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 TCP 10.0.2.15:50303 <-> 88.120.73.215:24562 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/789 bytes][Goodput ratio: 68/65][0.06 sec][bytes ratio: 0.055 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 16/11 32/29 15/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/158 653/569 238/206][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 TCP 10.0.2.15:50317 <-> 188.165.203.190:21995 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/784 bytes][Goodput ratio: 68/65][0.05 sec][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 13/8 25/22 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/157 655/564 239/204][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 TCP 10.0.2.15:50323 <-> 51.68.153.214:26253 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/786 bytes][Goodput ratio: 68/65][0.10 sec][bytes ratio: 0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 25/21 55/54 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/157 653/566 238/204][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 TCP 10.0.2.15:50259 <-> 183.179.90.112:9852 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/782 bytes][Goodput ratio: 68/65][0.37 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/60 183/180 91/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/156 654/562 239/203][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 TCP 10.0.2.15:50253 <-> 103.232.107.100:43508 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/778 bytes][Goodput ratio: 68/65][0.64 sec][bytes ratio: 0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 160/103 329/308 159/145][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/156 655/558 239/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 TCP 10.0.2.15:50262 <-> 80.61.221.246:30577 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/777 bytes][Goodput ratio: 68/65][0.07 sec][bytes ratio: 0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 16/11 33/31 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/557 238/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 TCP 10.0.2.15:50301 <-> 87.123.54.234:54130 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/775 bytes][Goodput ratio: 68/65][5.37 sec][bytes ratio: 0.064 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1342/1775 5324/5324 2299/2510][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/555 238/200][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 10.0.2.15:50309 <-> 60.241.48.194:21301 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/775 bytes][Goodput ratio: 68/65][0.63 sec][bytes ratio: 0.064 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/105 317/316 158/149][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/155 653/555 238/200][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 10.0.2.15:50307 <-> 176.99.176.20:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/765 bytes][Goodput ratio: 68/64][0.12 sec][bytes ratio: 0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 29/20 56/56 27/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/153 653/545 238/196][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 10.0.2.15:50235 <-> 45.88.118.70:6906 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/765 bytes][Goodput ratio: 68/64][0.09 sec][bytes ratio: 0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/14 44/43 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/153 652/545 238/196][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 TCP 10.0.2.15:50236 <-> 93.29.135.209:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/584 bytes <-> 5 pkts/1030 bytes][Goodput ratio: 52/73][1.09 sec][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 272/353 1055/1054 452/495][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 117/206 356/810 120/302][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 10.0.2.15:137 -> 10.0.2.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][15 pkts/1596 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][28.93 sec][Hostname/SNI: msedgewin10][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2225/0 24527/0 6445/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 106/0 110/0 7/0][PLAIN TEXT ( ENFDEFEEEHEFFHEJEODBDACACACACA)][Plen Bins: 0,20,80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 10.0.2.15:50252 <-> 123.202.31.113:19768 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/628 bytes][Goodput ratio: 68/56][0.39 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 97/61 205/183 97/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/126 654/408 239/141][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 10.0.2.15:50252 <-> 123.202.31.113:19768 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/628 bytes][Goodput ratio: 68/56][0.39 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 97/61 205/183 97/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/126 654/408 239/141][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 78 UDP 10.0.2.15:28681 <-> 194.163.180.126:10825 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/296 bytes <-> 3 pkts/1166 bytes][Goodput ratio: 57/89][113.21 sec][bytes ratio: -0.595 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/22 56592/56593 113164/113164 56572/56571][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 99/389 128/769 24/272][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 16,16,16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 ICMPV6 [fe80::c50d:519f:96a4:e108]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][Confidence: DPI][cat: Network/14][16 pkts/1460 bytes -> 0 pkts/0 bytes][Goodput ratio: 23/0][589.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 42142/0 584660/0 150469/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/0 91/0 110/0 5/0][Plen Bins: 93,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 80 TCP 10.0.2.15:50297 <-> 14.200.255.229:45710 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/577 bytes][Goodput ratio: 68/52][0.67 sec][bytes ratio: 0.209 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/113 338/338 168/159][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/115 654/357 239/121][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 81 TCP 10.0.2.15:50299 <-> 203.220.198.244:1194 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/550 bytes][Goodput ratio: 68/50][0.63 sec][bytes ratio: 0.232 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 158/105 315/314 157/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/110 655/330 239/110][Risk: ** Known Protocol on Non Standard Port **** Unsafe Protocol **][Risk Score: 60][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 82 TCP 10.0.2.15:50298 <-> 46.128.114.107:6578 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/539 bytes][Goodput ratio: 68/49][0.12 sec][bytes ratio: 0.241 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/3 30/23 61/61 27/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/108 654/319 239/106][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 TCP 10.0.2.15:50296 <-> 77.58.211.52:3806 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/529 bytes][Goodput ratio: 68/48][0.08 sec][bytes ratio: 0.249 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/19 53/52 21/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/106 652/309 238/102][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 84 TCP 10.0.2.15:50304 <-> 85.168.34.105:39908 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/528 bytes][Goodput ratio: 68/48][0.10 sec][bytes ratio: 0.251 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/14 24/19 43/42 18/17][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/106 653/308 238/101][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 TCP 10.0.2.15:50261 <-> 156.57.42.2:33476 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/879 bytes <-> 5 pkts/527 bytes][Goodput ratio: 68/48][13.84 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3460/4229 12669/12668 5337/5967][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/105 651/307 238/101][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 10.0.2.15:50250 <-> 27.94.154.53:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/524 bytes][Goodput ratio: 68/48][0.46 sec][bytes ratio: 0.254 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/85 256/255 115/120][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/105 652/304 238/100][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 TCP 10.0.2.15:50297 <-> 14.200.255.229:45710 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/577 bytes][Goodput ratio: 68/52][0.67 sec][bytes ratio: 0.209 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/113 338/338 168/159][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/115 654/357 239/121][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 TCP 10.0.2.15:50299 <-> 203.220.198.244:1194 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/883 bytes <-> 5 pkts/550 bytes][Goodput ratio: 68/50][0.63 sec][bytes ratio: 0.232 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 158/105 315/314 157/148][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 177/110 655/330 239/110][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Protocol on Non Standard Port **** Unsafe Protocol **][Risk Score: 60][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 TCP 10.0.2.15:50298 <-> 46.128.114.107:6578 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/882 bytes <-> 5 pkts/539 bytes][Goodput ratio: 68/49][0.12 sec][bytes ratio: 0.241 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/3 30/23 61/61 27/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/108 654/319 239/106][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 10.0.2.15:50296 <-> 77.58.211.52:3806 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/529 bytes][Goodput ratio: 68/48][0.08 sec][bytes ratio: 0.249 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/19 53/52 21/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/106 652/309 238/102][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 10.0.2.15:50304 <-> 85.168.34.105:39908 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/881 bytes <-> 5 pkts/528 bytes][Goodput ratio: 68/48][0.10 sec][bytes ratio: 0.251 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/14 24/19 43/42 18/17][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/106 653/308 238/101][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 10.0.2.15:50261 <-> 156.57.42.2:33476 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/879 bytes <-> 5 pkts/527 bytes][Goodput ratio: 68/48][13.84 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3460/4229 12669/12668 5337/5967][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/105 651/307 238/101][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 10.0.2.15:50250 <-> 27.94.154.53:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 5 pkts/524 bytes][Goodput ratio: 68/48][0.46 sec][bytes ratio: 0.254 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/85 256/255 115/120][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/105 652/304 238/100][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 87 UDP 10.0.2.15:57623 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][6 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 188/0 216/0 224/0 13/0][User-Agent: gtk-gnutella/1.2.2 (2022-02-25)][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 UDP 10.0.2.15:138 -> 10.0.2.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][Confidence: DPI][cat: System/18][5 pkts/1215 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][582.84 sec][Hostname/SNI: msedgewin10][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENFDEFEEEHEFFHEJEODBDACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 UDP 10.0.2.15:28681 <-> 213.229.111.224:4876 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][6 pkts/555 bytes <-> 3 pkts/612 bytes][Goodput ratio: 54/79][388.82 sec][bytes ratio: -0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 487/2153 77092/101426 199495/200699 72356/99273][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 92/204 123/320 24/83][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (CEGTKGb)][Plen Bins: 33,11,33,11,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 90 TCP 10.0.2.15:50199 <-> 47.147.52.21:36728 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 4 pkts/220 bytes][Goodput ratio: 68/0][0.44 sec][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 27/27 111/36 232/44 82/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/55 652/58 238/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 10.0.2.15:50291 <-> 200.7.155.210:28365 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/905 bytes <-> 3 pkts/166 bytes][Goodput ratio: 66/0][24.54 sec][bytes ratio: 0.690 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/2 3913/2 6610/2 2636/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 181/55 653/58 236/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 90 TCP 10.0.2.15:50199 <-> 47.147.52.21:36728 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/880 bytes <-> 4 pkts/220 bytes][Goodput ratio: 68/0][0.44 sec][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 27/27 111/36 232/44 82/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/55 652/58 238/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 10.0.2.15:50291 <-> 200.7.155.210:28365 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/905 bytes <-> 3 pkts/166 bytes][Goodput ratio: 66/0][24.54 sec][bytes ratio: 0.690 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/2 3913/2 6610/2 2636/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 181/55 653/58 236/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 92 UDP [fe80::c50d:519f:96a4:e108]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][ClearText][Confidence: DPI][cat: Network/14][7 pkts/1071 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][63.04 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 993/0 10506/0 32011/0 10831/0][Pkt Len c2s/s2c min/avg/max/stddev: 153/0 153/0 153/0 0/0][PLAIN TEXT (MSEDGEWIN)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 93 UDP 10.0.2.15:28681 <-> 149.28.163.175:49956 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/198 bytes <-> 1 pkts/769 bytes][Goodput ratio: 57/94][113.17 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (.LGTKG)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 UDP 10.0.2.15:28681 <-> 38.142.119.234:49732 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][2 pkts/193 bytes <-> 1 pkts/769 bytes][Goodput ratio: 56/94][163.26 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 95 TCP 10.0.2.15:50294 <-> 14.200.255.229:37058 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/774 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][0.67 sec][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 167/0 334/0 167/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 654/58 280/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 96 TCP 10.0.2.15:50306 <-> 220.238.145.82:33527 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/774 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][7.42 sec][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 156/0 313/0 156/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 654/58 280/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 10.0.2.15:50293 <-> 97.83.183.148:8890 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/773 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][0.34 sec][bytes ratio: 0.646 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/5 82/5 160/5 78/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 653/58 280/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 98 TCP 10.0.2.15:50302 <-> 75.64.6.175:4743 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/771 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][11.17 sec][bytes ratio: 0.646 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/0 153/0 76/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 257/55 651/58 279/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 10.0.2.15:50294 <-> 14.200.255.229:37058 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/774 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][0.67 sec][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 167/0 334/0 167/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 654/58 280/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 10.0.2.15:50306 <-> 220.238.145.82:33527 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/774 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][7.42 sec][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 156/0 313/0 156/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 654/58 280/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 10.0.2.15:50293 <-> 97.83.183.148:8890 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/773 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][0.34 sec][bytes ratio: 0.646 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/5 82/5 160/5 78/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 258/55 653/58 280/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 TCP 10.0.2.15:50302 <-> 75.64.6.175:4743 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][3 pkts/771 bytes <-> 3 pkts/166 bytes][Goodput ratio: 77/0][11.17 sec][bytes ratio: 0.646 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/0 153/0 76/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 257/55 651/58 279/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 UDP [fe80::c50d:519f:96a4:e108]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/906 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][30.66 sec][Hostname/SNI: msedgewin10.local][msedgewin10.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3832/0 27655/0 9028/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 101/0 135/0 13/0][PLAIN TEXT (MSEDGEWIN)][Plen Bins: 44,44,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 10.0.2.15:28681 <-> 76.226.85.105:6346 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][1 pkts/123 bytes <-> 1 pkts/769 bytes][Goodput ratio: 65/94][0.17 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 101 UDP 10.0.2.15:28681 <-> 221.198.205.196:20778 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][1 pkts/123 bytes <-> 1 pkts/769 bytes][Goodput ratio: 65/94][0.15 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -136,7 +136,7 @@ JA3 Host Stats: 104 UDP 10.0.2.15:51685 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.03 sec][User-Agent: Microsoft Edge/99.0.1150.30 Windows][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 UDP 10.0.2.15:55708 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.05 sec][User-Agent: Microsoft Edge/99.0.1150.30 Windows][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 UDP 10.0.2.15:57552 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.04 sec][User-Agent: Microsoft Edge/99.0.1150.30 Windows][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 107 TCP 10.0.2.15:50206 <-> 175.181.156.244:8255 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/586 bytes <-> 4 pkts/220 bytes][Goodput ratio: 52/0][0.53 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/0 270/0 132/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 117/55 358/58 120/2][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 TCP 10.0.2.15:50206 <-> 175.181.156.244:8255 [proto: 35/Gnutella][ClearText][Confidence: DPI][cat: Download/7][5 pkts/586 bytes <-> 4 pkts/220 bytes][Goodput ratio: 52/0][0.53 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/0 270/0 132/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 117/55 358/58 120/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 UDP [fe80::c50d:519f:96a4:e108]:63960 -> [ff02::c]:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][5 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][6.01 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 UDP 10.0.2.15:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][9 pkts/726 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][30.66 sec][Hostname/SNI: msedgewin10.local][msedgewin10.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3832/0 27655/0 9028/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 81/0 115/0 13/0][PLAIN TEXT (MSEDGEWIN)][Plen Bins: 44,44,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 IGMP 10.0.2.15:0 -> 224.0.0.22:0 [proto: 82/IGMP][ClearText][Confidence: DPI][cat: Network/14][12 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][2.25 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/0 1218/0 352/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 55/0 62/0 2/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/http_connect.pcap.out b/tests/result/http_connect.pcap.out index 3a5aa23d525..6116d2d5a3c 100644 --- a/tests/result/http_connect.pcap.out +++ b/tests/result/http_connect.pcap.out @@ -14,5 +14,5 @@ JA3 Host Stats: 1 TCP 192.168.1.146:35968 <-> 151.101.2.132:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/3557 bytes <-> 30 pkts/32939 bytes][Goodput ratio: 48/94][0.11 sec][Hostname/SNI: apache.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 53/54 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/1098 583/1450 129/576][TLSv1.3][JA3C: c834494f5948ae026d160656c93c8871][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,8,8,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] - 2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][ClearText][Confidence: DPI][cat: Web/5][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20] + 2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][ClearText][Confidence: DPI][cat: Web/5][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20] 3 UDP 192.168.1.146:47767 <-> 192.168.1.2:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 48/56][< 1 sec][Hostname/SNI: apache.org][151.101.2.132][PLAIN TEXT (apache)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index a75010c41db..03b061275f6 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -22,9 +22,9 @@ Xiaomi 2 1469 1 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][ClearText][Confidence: DPI][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][ClearText][Confidence: DPI][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Goodput ratio: 91/61][2.08 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][StatusCode: 0][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][PLAIN TEXT (POST http)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Goodput ratio: 88/78][2.81 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Goodput ratio: 91/78][0.37 sec][Hostname/SNI: hkextshort.weixin.qq.com][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Goodput ratio: 85/78][0.34 sec][Hostname/SNI: hkextshort.weixin.qq.com][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][User-Agent: MicroMessenger Client][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Goodput ratio: 91/78][0.37 sec][Hostname/SNI: hkextshort.weixin.qq.com][User-Agent: MicroMessenger Client][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 285.48/Tencent.QQ][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Goodput ratio: 85/78][0.34 sec][Hostname/SNI: hkextshort.weixin.qq.com][User-Agent: MicroMessenger Client][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Goodput ratio: 76/83][0.34 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/rtsp.pcap.out b/tests/result/rtsp.pcap.out index 33dc6c4d65a..9cfb471f681 100644 --- a/tests/result/rtsp.pcap.out +++ b/tests/result/rtsp.pcap.out @@ -11,4 +11,4 @@ RTSP 568 100872 7 4 TCP 10.1.1.10:52476 <-> 10.2.2.2:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][44 pkts/5778 bytes <-> 52 pkts/10636 bytes][Goodput ratio: 55/71][7.66 sec][bytes ratio: -0.296 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 63/20 12/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 131/205 258/751 79/198][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 10.1.1.10:52474 <-> 10.2.2.2:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][40 pkts/6114 bytes <-> 44 pkts/10152 bytes][Goodput ratio: 62/75][58.31 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1816/2 58099/23 10109/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/231 258/751 77/204][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 10.1.1.10:52482 <-> 10.2.2.2:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][36 pkts/5294 bytes <-> 48 pkts/10394 bytes][Goodput ratio: 60/73][0.20 sec][bytes ratio: -0.325 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 6/20 1/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 147/217 258/751 79/201][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 10.1.1.10:52470 <-> 10.2.2.2:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][4 pkts/820 bytes <-> 8 pkts/484 bytes][Goodput ratio: 73/0][< 1 sec][bytes ratio: 0.258 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 205/56 205/60 205/62 0/3][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (PARAMETER rtsp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 10.1.1.10:52470 <-> 10.2.2.2:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][4 pkts/820 bytes <-> 8 pkts/484 bytes][Goodput ratio: 73/0][< 1 sec][bytes ratio: 0.258 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 205/56 205/60 205/62 0/3][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (PARAMETER rtsp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/rtsp_setup_http.pcapng.out b/tests/result/rtsp_setup_http.pcapng.out index dfeb99181d4..e0080c3effb 100644 --- a/tests/result/rtsp_setup_http.pcapng.out +++ b/tests/result/rtsp_setup_http.pcapng.out @@ -5,4 +5,4 @@ Confidence DPI : 1 (flows) RTSP 1 233 1 - 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][ClearText][Confidence: DPI][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]