diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index d669d6250c9..2a0780fcec0 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -301,5 +301,11 @@ This risk is generated whenever a flow is observed at a specific periodic pace ( .. _Risk 049: NDPI_MINOR_ISSUES -===================== +================= Minor packet/flow issues (e.g. DNS traffic with zero TTL) have been detected. + +.. _Risk 050: + +NDPI_TCP_ISSUES +=============== +Relevant TCP connection issues such as connection refused, scan, or probe attempt. diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4e7d97ab496..d98754db72f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2119,7 +2119,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ /* @brief heuristic choice for receiver stats */ -static int acceptable(u_int32_t num_pkts){ +static int acceptable(u_int32_t num_pkts) { return num_pkts > 5; } @@ -2177,7 +2177,7 @@ static void mergeTables(struct receiver **primary, struct receiver **secondary) HASH_ITER(hh, *primary, r, tmp) { HASH_FIND_INT(*secondary, (int *)&(r->addr), s); - if(s == NULL){ + if(s == NULL) { s = (struct receiver *)ndpi_malloc(sizeof(struct receiver)); if(!s) return; @@ -2208,7 +2208,7 @@ static void deleteReceivers(struct receiver *rcvrs) { /* *********************************************** */ /* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf * - * if(table1.size < max1 || acceptable){ + * if(table1.size < max1 || acceptable) { * create new element and add to the table1 * if(table1.size > max2) { * cut table1 back to max1 @@ -2230,7 +2230,7 @@ static void updateReceivers(struct receiver **rcvrs, u_int32_t dst_addr, HASH_FIND_INT(*rcvrs, (int *)&dst_addr, r); if(r == NULL) { if(((size = HASH_COUNT(*rcvrs)) < MAX_TABLE_SIZE_1) - || ((a = acceptable(num_pkts)) != 0)){ + || ((a = acceptable(num_pkts)) != 0)) { r = (struct receiver *)ndpi_malloc(sizeof(struct receiver)); if(!r) return; @@ -2240,13 +2240,13 @@ static void updateReceivers(struct receiver **rcvrs, u_int32_t dst_addr, HASH_ADD_INT(*rcvrs, addr, r); - if((size = HASH_COUNT(*rcvrs)) > MAX_TABLE_SIZE_2){ + if((size = HASH_COUNT(*rcvrs)) > MAX_TABLE_SIZE_2) { HASH_SORT(*rcvrs, receivers_sort_asc); *rcvrs = cutBackTo(rcvrs, size, MAX_TABLE_SIZE_1); mergeTables(rcvrs, topRcvrs); - if((size = HASH_COUNT(*topRcvrs)) > MAX_TABLE_SIZE_1){ + if((size = HASH_COUNT(*topRcvrs)) > MAX_TABLE_SIZE_1) { HASH_SORT(*topRcvrs, receivers_sort_asc); *topRcvrs = cutBackTo(topRcvrs, size, MAX_TABLE_SIZE_1); } @@ -2690,7 +2690,7 @@ static void printRiskStats() { /* *********************************************** */ /*function to use in HASH_SORT function in verbose == 4 to order in creasing order to delete host with the leatest occurency*/ -static int hash_stats_sort_to_order(void *_a, void *_b){ +static int hash_stats_sort_to_order(void *_a, void *_b) { struct hash_stats *a = (struct hash_stats*)_a; struct hash_stats *b = (struct hash_stats*)_b; @@ -2700,7 +2700,7 @@ static int hash_stats_sort_to_order(void *_a, void *_b){ /* *********************************************** */ /*function to use in HASH_SORT function in verbose == 4 to print in decreasing order*/ -static int hash_stats_sort_to_print(void *_a, void *_b){ +static int hash_stats_sort_to_print(void *_a, void *_b) { struct hash_stats *a = (struct hash_stats*)_a; struct hash_stats *b = (struct hash_stats*)_b; @@ -2752,12 +2752,12 @@ static void printFlowsStats() { ndpi_ja3_fingerprints_host *hostByJA3Found = NULL; //check if this is a ssh-ssl flow - if(all_flows[i].flow->ssh_tls.ja3_client[0] != '\0'){ + if(all_flows[i].flow->ssh_tls.ja3_client[0] != '\0') { //looking if the host is already in the hash table HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->src_ip), ja3ByHostFound); //host ip -> ja3 - if(ja3ByHostFound == NULL){ + if(ja3ByHostFound == NULL) { //adding the new host ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints)); newHost->host_client_info_hasht = NULL; @@ -2781,7 +2781,7 @@ static void printFlowsStats() { HASH_FIND_STR(ja3ByHostFound->host_client_info_hasht, all_flows[i].flow->ssh_tls.ja3_client, infoFound); - if(infoFound == NULL){ + if(infoFound == NULL) { ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_client; newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; @@ -2792,7 +2792,7 @@ static void printFlowsStats() { //ja3 -> host ip HASH_FIND_STR(hostByJA3C_ht, all_flows[i].flow->ssh_tls.ja3_client, hostByJA3Found); - if(hostByJA3Found == NULL){ + if(hostByJA3Found == NULL) { ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns)); newHost->ip = all_flows[i].flow->src_ip; @@ -2810,7 +2810,7 @@ static void printFlowsStats() { } else { ndpi_ip_dns *innerElement = NULL; HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->src_ip), innerElement); - if(innerElement == NULL){ + if(innerElement == NULL) { ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns)); newInnerElement->ip = all_flows[i].flow->src_ip; newInnerElement->ip_string = all_flows[i].flow->src_name; @@ -2820,10 +2820,10 @@ static void printFlowsStats() { } } - if(all_flows[i].flow->ssh_tls.ja3_server[0] != '\0'){ + if(all_flows[i].flow->ssh_tls.ja3_server[0] != '\0') { //looking if the host is already in the hash table HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->dst_ip), ja3ByHostFound); - if(ja3ByHostFound == NULL){ + if(ja3ByHostFound == NULL) { //adding the new host in the hash table ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints)); newHost->host_client_info_hasht = NULL; @@ -2845,7 +2845,7 @@ static void printFlowsStats() { ndpi_ja3_info *infoFound = NULL; HASH_FIND_STR(ja3ByHostFound->host_server_info_hasht, all_flows[i].flow->ssh_tls.ja3_server, infoFound); - if(infoFound == NULL){ + if(infoFound == NULL) { ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_server; newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; @@ -2855,7 +2855,7 @@ static void printFlowsStats() { } HASH_FIND_STR(hostByJA3S_ht, all_flows[i].flow->ssh_tls.ja3_server, hostByJA3Found); - if(hostByJA3Found == NULL){ + if(hostByJA3Found == NULL) { ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns)); newHost->ip = all_flows[i].flow->dst_ip; @@ -2874,7 +2874,7 @@ static void printFlowsStats() { ndpi_ip_dns *innerElement = NULL; HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->dst_ip), innerElement); - if(innerElement == NULL){ + if(innerElement == NULL) { ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns)); newInnerElement->ip = all_flows[i].flow->dst_ip; newInnerElement->ip_string = all_flows[i].flow->dst_name; @@ -3063,7 +3063,7 @@ static void printFlowsStats() { } } - if (verbose == 4){ + if (verbose == 4) { //how long the table could be unsigned int len_table_max = 1000; //number of element to delete when the table is full @@ -3073,9 +3073,9 @@ static void printFlowsStats() { struct hash_stats *tmp = NULL; int len_max = 0; - for (i = 0; ihost_server_name[0] != '\0'){ + if(all_flows[i].flow->host_server_name[0] != '\0') { int len = strlen(all_flows[i].flow->host_server_name); len_max = ndpi_max(len,len_max); @@ -3083,15 +3083,15 @@ static void printFlowsStats() { struct hash_stats *hostFound; HASH_FIND_STR(hostsHashT, all_flows[i].flow->host_server_name, hostFound); - if(hostFound == NULL){ + if(hostFound == NULL) { struct hash_stats *newHost = (struct hash_stats*)ndpi_malloc(sizeof(hash_stats)); newHost->domain_name = all_flows[i].flow->host_server_name; newHost->occurency = 1; if (HASH_COUNT(hostsHashT) == len_table_max) { int i=0; - while (i<=toDelete){ + while (i<=toDelete) { - HASH_ITER(hh, hostsHashT, host_iter, tmp){ + HASH_ITER(hh, hostsHashT, host_iter, tmp) { HASH_DEL(hostsHashT,host_iter); free(host_iter); i++; @@ -3107,7 +3107,7 @@ static void printFlowsStats() { } - if(all_flows[i].flow->ssh_tls.server_info[0] != '\0'){ + if(all_flows[i].flow->ssh_tls.server_info[0] != '\0') { int len = strlen(all_flows[i].flow->host_server_name); len_max = ndpi_max(len,len_max); @@ -3115,16 +3115,16 @@ static void printFlowsStats() { struct hash_stats *hostFound; HASH_FIND_STR(hostsHashT, all_flows[i].flow->ssh_tls.server_info, hostFound); - if(hostFound == NULL){ + if(hostFound == NULL) { struct hash_stats *newHost = (struct hash_stats*)ndpi_malloc(sizeof(hash_stats)); newHost->domain_name = all_flows[i].flow->ssh_tls.server_info; newHost->occurency = 1; if ((HASH_COUNT(hostsHashT)) == len_table_max) { int i=0; - while (idomain_name); //to print the occurency in aligned column @@ -3162,7 +3162,7 @@ static void printFlowsStats() { printf("%s", "\n\n"); //freeing the hash table - HASH_ITER(hh, hostsHashT, host_iter, tmp){ + HASH_ITER(hh, hostsHashT, host_iter, tmp) { HASH_DEL(hostsHashT, host_iter); ndpi_free(host_iter); } @@ -3982,9 +3982,10 @@ static void ndpi_process_packet(u_char *args, /* allocate an exact size buffer to check overflows */ uint8_t *packet_checked = ndpi_malloc(header->caplen); - if(packet_checked == NULL){ + if(packet_checked == NULL) { return ; } + memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked, &flow_risk); @@ -4092,7 +4093,7 @@ static void ndpi_process_packet(u_char *args, Leave the free as last statement to avoid crashes when ndpi_detection_giveup() is called above by printResults() */ - if(packet_checked){ + if(packet_checked) { ndpi_free(packet_checked); packet_checked = NULL; } diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8c1b1823a4f..67f76473b7a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -121,9 +121,10 @@ typedef enum { your app will clear this risk if future packets (not sent to nDPI) are received in the opposite direction */ NDPI_HTTP_OBSOLETE_SERVER, - NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */ - NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */ - + NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */ + NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */ + NDPI_TCP_ISSUES, /* TCP issues such as connection failed, probing or scan */ + /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 63 due to (**) */ } ndpi_risk_enum; @@ -724,10 +725,9 @@ struct ndpi_flow_tcp_struct { u_int32_t postgres_stage:3; /* Part of the TCP header. */ - u_int32_t seen_syn:1; - u_int32_t seen_syn_ack:1; - u_int32_t seen_ack:1; - + u_int32_t seen_syn:1, seen_syn_ack:1, seen_ack:1, __notused:29; + u_int8_t cli2srv_tcp_flags, srv2cli_tcp_flags; + /* NDPI_PROTOCOL_ICECAST */ u_int32_t icecast_stage:1; @@ -1525,7 +1525,8 @@ struct ndpi_flow_struct { /* Only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */ u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; - + u_int16_t all_packets_counter; /* All packets even those without payload */ + /* Every packets */ u_int16_t packet_direction_complete_counter[2]; // can be 0 - 65000 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 81eb5e27738..b2dd8f7d206 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -168,6 +168,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_HTTP_OBSOLETE_SERVER, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, { NDPI_PERIODIC_FLOW, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_MINOR_ISSUES, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE }, + { NDPI_TCP_ISSUES, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, /* Leave this as last member */ { NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY } @@ -5460,25 +5461,42 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, packet->packet_lines_parsed_complete = 0; if(tcph != NULL) { + u_int8_t flags = ((u_int8_t*)tcph)[13]; + + if(flags == 0) + ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "TCP NULL scan"); + else if(flags == (TH_FIN | TH_PUSH | TH_URG)) + ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "TCP XMAS scan"); + if(!ndpi_str->direction_detect_disable) packet->packet_direction = (ntohs(tcph->source) < ntohs(tcph->dest)) ? 1 : 0; - if(ndpi_str->input_info == NULL || - ndpi_str->input_info->seen_flow_beginning == NDPI_FLOW_BEGINNING_UNKNOWN) { - if(tcph->syn != 0 && tcph->ack == 0 && flow->l4.tcp.seen_syn == 0 && flow->l4.tcp.seen_syn_ack == 0 && - flow->l4.tcp.seen_ack == 0) { - flow->l4.tcp.seen_syn = 1; - } else { - if(tcph->syn != 0 && tcph->ack != 0 && flow->l4.tcp.seen_syn == 1 && flow->l4.tcp.seen_syn_ack == 0 && - flow->l4.tcp.seen_ack == 0) { - flow->l4.tcp.seen_syn_ack = 1; - } else { - if(tcph->syn == 0 && tcph->ack == 1 && flow->l4.tcp.seen_syn == 1 && flow->l4.tcp.seen_syn_ack == 1 && - flow->l4.tcp.seen_ack == 0) { - flow->l4.tcp.seen_ack = 1; - } - } - } + if(packet->packet_direction == 0 /* cli -> srv */) { + if(flags == TH_FIN) + ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "TCP FIN scan"); + + flow->l4.tcp.cli2srv_tcp_flags |= flags; + } else + flow->l4.tcp.srv2cli_tcp_flags |= flags; + + if((ndpi_str->input_info == NULL) + || ndpi_str->input_info->seen_flow_beginning == NDPI_FLOW_BEGINNING_UNKNOWN) { + if(tcph->syn != 0 && tcph->ack == 0 && flow->l4.tcp.seen_syn == 0 + && flow->l4.tcp.seen_syn_ack == 0 && + flow->l4.tcp.seen_ack == 0) { + flow->l4.tcp.seen_syn = 1; + } else { + if(tcph->syn != 0 && tcph->ack != 0 && flow->l4.tcp.seen_syn == 1 + && flow->l4.tcp.seen_syn_ack == 0 && + flow->l4.tcp.seen_ack == 0) { + flow->l4.tcp.seen_syn_ack = 1; + } else { + if(tcph->syn == 0 && tcph->ack == 1 && flow->l4.tcp.seen_syn == 1 && flow->l4.tcp.seen_syn_ack == 1 && + flow->l4.tcp.seen_ack == 0) { + flow->l4.tcp.seen_ack = 1; + } + } + } } if(flow->next_tcp_seq_nr[0] == 0 || flow->next_tcp_seq_nr[1] == 0 || @@ -5525,7 +5543,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, if(tcph->rst) { flow->next_tcp_seq_nr[0] = 0; flow->next_tcp_seq_nr[1] = 0; - } + } } else if(udph != NULL) { if(!ndpi_str->direction_detect_disable) packet->packet_direction = (htons(udph->source) < htons(udph->dest)) ? 1 : 0; @@ -5537,11 +5555,11 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, flow->init_finished = 1; if(tcph != NULL && - ndpi_str->input_info && - ndpi_str->input_info->seen_flow_beginning == NDPI_FLOW_BEGINNING_SEEN) { - flow->l4.tcp.seen_syn = 1; - flow->l4.tcp.seen_syn_ack = 1; - flow->l4.tcp.seen_ack = 1; + ndpi_str->input_info && + ndpi_str->input_info->seen_flow_beginning == NDPI_FLOW_BEGINNING_SEEN) { + flow->l4.tcp.seen_syn = 1; + flow->l4.tcp.seen_syn_ack = 1; + flow->l4.tcp.seen_ack = 1; } /* Client/Server direction */ @@ -5549,70 +5567,74 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, s_port = 0; d_port = 0; if(tcph != NULL) { - s_port = tcph->source; - d_port = tcph->dest; + s_port = tcph->source; + d_port = tcph->dest; } else if(udph != NULL) { - s_port = udph->source; - d_port = udph->dest; + s_port = udph->source; + d_port = udph->dest; } if(ndpi_str->input_info && - ndpi_str->input_info->in_pkt_dir != NDPI_IN_PKT_DIR_UNKNOWN) { - if(ndpi_str->input_info->in_pkt_dir == NDPI_IN_PKT_DIR_C_TO_S) - flow->client_packet_direction = packet->packet_direction; - else - flow->client_packet_direction = !packet->packet_direction; + ndpi_str->input_info->in_pkt_dir != NDPI_IN_PKT_DIR_UNKNOWN) { + if(ndpi_str->input_info->in_pkt_dir == NDPI_IN_PKT_DIR_C_TO_S) + flow->client_packet_direction = packet->packet_direction; + else + flow->client_packet_direction = !packet->packet_direction; } else { - if(tcph && tcph->syn) { - if(tcph->ack == 0) { - flow->client_packet_direction = packet->packet_direction; - } else { - flow->client_packet_direction = !packet->packet_direction; - } - } else if(ntohs(s_port) > 1024 && ntohs(d_port) < 1024) { - flow->client_packet_direction = packet->packet_direction; - } else if(ntohs(s_port) < 1024 && ntohs(d_port) > 1024) { - flow->client_packet_direction = !packet->packet_direction; - } else { - flow->client_packet_direction = packet->packet_direction; - } + if(tcph && tcph->syn) { + if(tcph->ack == 0) { + flow->client_packet_direction = packet->packet_direction; + } else { + flow->client_packet_direction = !packet->packet_direction; + } + } else if(ntohs(s_port) > 1024 && ntohs(d_port) < 1024) { + flow->client_packet_direction = packet->packet_direction; + } else if(ntohs(s_port) < 1024 && ntohs(d_port) > 1024) { + flow->client_packet_direction = !packet->packet_direction; + } else { + flow->client_packet_direction = packet->packet_direction; + } } if(ndpi_current_pkt_from_client_to_server(packet, flow)) { - if(flow->is_ipv6 == 0) { - flow->c_address.v4 = packet->iph->saddr; - flow->s_address.v4 = packet->iph->daddr; - } else { - memcpy(flow->c_address.v6, &packet->iphv6->ip6_src, 16); - memcpy(flow->s_address.v6, &packet->iphv6->ip6_dst, 16); - } - flow->c_port = s_port; - flow->s_port = d_port; + if(flow->is_ipv6 == 0) { + flow->c_address.v4 = packet->iph->saddr; + flow->s_address.v4 = packet->iph->daddr; + } else { + memcpy(flow->c_address.v6, &packet->iphv6->ip6_src, 16); + memcpy(flow->s_address.v6, &packet->iphv6->ip6_dst, 16); + } + flow->c_port = s_port; + flow->s_port = d_port; } else { - if(flow->is_ipv6 == 0) { - flow->c_address.v4 = packet->iph->daddr; - flow->s_address.v4 = packet->iph->saddr; - } else { - memcpy(flow->c_address.v6, &packet->iphv6->ip6_dst, 16); - memcpy(flow->s_address.v6, &packet->iphv6->ip6_src, 16); - } - flow->c_port = d_port; - flow->s_port = s_port; + if(flow->is_ipv6 == 0) { + flow->c_address.v4 = packet->iph->daddr; + flow->s_address.v4 = packet->iph->saddr; + } else { + memcpy(flow->c_address.v6, &packet->iphv6->ip6_dst, 16); + memcpy(flow->s_address.v6, &packet->iphv6->ip6_src, 16); + } + flow->c_port = d_port; + flow->s_port = s_port; } } if(flow->packet_counter < MAX_PACKET_COUNTER && packet->payload_packet_len) { flow->packet_counter++; } - if(flow->packet_direction_counter[packet->packet_direction] < MAX_PACKET_COUNTER && - packet->payload_packet_len) { + + if(flow->all_packets_counter < MAX_PACKET_COUNTER) + flow->all_packets_counter++; + + if((flow->packet_direction_counter[packet->packet_direction] < MAX_PACKET_COUNTER) + /* && packet->payload_packet_len */) { flow->packet_direction_counter[packet->packet_direction]++; } if(flow->packet_direction_complete_counter[packet->packet_direction] < MAX_PACKET_COUNTER) { flow->packet_direction_complete_counter[packet->packet_direction]++; } - + if(ndpi_is_multi_or_broadcast(packet)) ; /* multicast or broadcast */ else { @@ -6030,6 +6052,31 @@ static void ndpi_add_connection_as_zoom(struct ndpi_detection_module_struct *ndp /* ********************************************************************************* */ +/* + NOTE: + + This function is called only by ndpi_detection_giveup() as it checks + flows that have anomalous conditions such as SYN+RST ACK+RST.... + As these conditions won't happen with nDPI protocol-detected protocols + it is not necessary to call this function elsewhere + */ +static void ndpi_check_tcp_flags(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow) { +#if 0 + printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_counter[0], flow->packet_direction_counter[1], flow->all_packets_counter); +#endif + + if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN) + && (flow->l4.tcp.srv2cli_tcp_flags & TH_RST) + && (flow->all_packets_counter < 5 /* Ignore connections terminated by RST but that exchanged data */) + ) + ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "Connection refused"); + else if((flow->l4.tcp.srv2cli_tcp_flags & TH_RST) && (flow->packet_direction_counter[1 /* server -> client */] == 1)) + ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "TCP probing attempt"); +} + +/* ********************************************************************************* */ + ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t enable_guess, u_int8_t *protocol_was_guessed) { ndpi_protocol ret = NDPI_PROTOCOL_NULL; @@ -6042,6 +6089,9 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(!ndpi_str || !flow) return(ret); + if(flow->l4_proto == IPPROTO_TCP) + ndpi_check_tcp_flags(ndpi_str, flow); + /* Init defaults */ ret.master_protocol = flow->detected_protocol_stack[1]; ret.app_protocol = flow->detected_protocol_stack[0]; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index d39eed81805..0e86314a0e0 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2051,6 +2051,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_MINOR_ISSUES: return("Minor Issues"); + case NDPI_TCP_ISSUES: + return("TCP Connection Issues"); + default: ndpi_snprintf(buf, sizeof(buf), "%d", (int)risk); return(buf); diff --git a/tests/pcap/tcp_scan.pcapng b/tests/pcap/tcp_scan.pcapng new file mode 100644 index 00000000000..28a30125e72 Binary files /dev/null and b/tests/pcap/tcp_scan.pcapng differ diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index f1f3776d66c..113400c029a 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4417 (22.42 diss/flow) +Num dissector calls: 4413 (22.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 90b4eb9a126..d6dd527c4c0 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 36 (2.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 5 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 592 (15.58 diss/flow) +Num dissector calls: 591 (15.55 diss/flow) LRU cache ookla: 0/1/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -73,4 +73,4 @@ JA3 Host Stats: 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index aef7b22af5e..ca5e064473b 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -54,9 +54,9 @@ JA3 Host Stats: 14 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index cefd49b761b..11a648d96a2 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 326 (326.00 diss/flow) +Num dissector calls: 325 (325.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/WebattackRCE.pcap.out b/tests/result/WebattackRCE.pcap.out index 7249b059f49..4df3f0422cf 100644 --- a/tests/result/WebattackRCE.pcap.out +++ b/tests/result/WebattackRCE.pcap.out @@ -24,39 +24,39 @@ HTTP 797 191003 797 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 127.0.0.1:50970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 127.0.0.1:50934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 127.0.0.1:50958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bGET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 127.0.0.1:50944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 127.0.0.1:50968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 127.0.0.1:50932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 127.0.0.1:50948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 127.0.0.1:50956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 127.0.0.1:50972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 127.0.0.1:50936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (SGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 127.0.0.1:50960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 127.0.0.1:50950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 127.0.0.1:50952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 127.0.0.1:50974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (pGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 127.0.0.1:50976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 127.0.0.1:50970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 127.0.0.1:50934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 127.0.0.1:50958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bGET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 127.0.0.1:50944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 127.0.0.1:50968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 127.0.0.1:50932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 127.0.0.1:50948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 127.0.0.1:50956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 127.0.0.1:50972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 127.0.0.1:50936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (SGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 127.0.0.1:50960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 127.0.0.1:50950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 127.0.0.1:50952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 127.0.0.1:50974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (pGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 127.0.0.1:50976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 127.0.0.1:50878 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 127.0.0.1:50902 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 127.0.0.1:50938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (TGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 127.0.0.1:50940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (WGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 127.0.0.1:50962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 127.0.0.1:50964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (hGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 127.0.0.1:50938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (TGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 127.0.0.1:50940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (WGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 127.0.0.1:50962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 127.0.0.1:50964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (hGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 127.0.0.1:50866 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 127.0.0.1:50890 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 127.0.0.1:51158 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 127.0.0.1:51160 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 127.0.0.1:51170 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 127.0.0.1:51174 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 127.0.0.1:50990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/374 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001400)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 127.0.0.1:50990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/374 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001400)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 127.0.0.1:50876 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 127.0.0.1:50900 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 127.0.0.1:50942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 127.0.0.1:50966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 127.0.0.1:50942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 127.0.0.1:50966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 TCP 127.0.0.1:51150 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 127.0.0.1:51152 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 TCP 127.0.0.1:51162 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -67,10 +67,10 @@ HTTP 797 191003 797 43 TCP 127.0.0.1:50880 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 127.0.0.1:50888 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 127.0.0.1:50904 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 127.0.0.1:50924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001394)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 127.0.0.1:50926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001395)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (KGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 127.0.0.1:50930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (OGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 127.0.0.1:50954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 127.0.0.1:50924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001394)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 127.0.0.1:50926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001395)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (KGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 127.0.0.1:50930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (OGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 127.0.0.1:50954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 127.0.0.1:50868 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 127.0.0.1:50892 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 127.0.0.1:50882 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -91,19 +91,19 @@ HTTP 797 191003 797 67 TCP 127.0.0.1:50858 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001388)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 TCP 127.0.0.1:50862 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 69 TCP 127.0.0.1:50886 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 TCP 127.0.0.1:50982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (wGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 TCP 127.0.0.1:50982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (wGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 TCP 127.0.0.1:51148 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 127.0.0.1:51164 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 TCP 127.0.0.1:50566 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.action][StatusCode: 0][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 74 TCP 127.0.0.1:50568 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.action][StatusCode: 0][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /login.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 TCP 127.0.0.1:50980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/358 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 76 TCP 127.0.0.1:50984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/357 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (yGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 127.0.0.1:50986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 TCP 127.0.0.1:50988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 TCP 127.0.0.1:50980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/358 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 TCP 127.0.0.1:50984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/357 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (yGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 127.0.0.1:50986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 TCP 127.0.0.1:50988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 TCP 127.0.0.1:50914 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (AGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 TCP 127.0.0.1:50912 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 81 TCP 127.0.0.1:50928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001396)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 82 TCP 127.0.0.1:50978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (sGET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 TCP 127.0.0.1:50928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001396)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 TCP 127.0.0.1:50978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (sGET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 83 TCP 127.0.0.1:50916 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (BGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 TCP 127.0.0.1:50564 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 TCP 127.0.0.1:50918 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -120,19 +120,19 @@ HTTP 797 191003 797 96 TCP 127.0.0.1:51192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007184)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 97 TCP 127.0.0.1:51186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/326 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat%20/etc/passwd][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007084)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 TCP 127.0.0.1:51204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/323 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat+/etc/hosts][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007235)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 TCP 127.0.0.1:51008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/community/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /community/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 100 TCP 127.0.0.1:51012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 127.0.0.1:51004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/314 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htforum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /htforum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 102 TCP 127.0.0.1:51000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forums/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forums/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 103 TCP 127.0.0.1:51002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumz/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forumz/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 104 TCP 127.0.0.1:50998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 105 TCP 127.0.0.1:51006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/board/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /board/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 106 TCP 127.0.0.1:51010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/309 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 107 TCP 127.0.0.1:50996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/306 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 127.0.0.1:51008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/community/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /community/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 100 TCP 127.0.0.1:51012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 127.0.0.1:51004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/314 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htforum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /htforum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 127.0.0.1:51000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forums/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forums/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 127.0.0.1:51002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumz/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forumz/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 127.0.0.1:50998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 127.0.0.1:51006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/board/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /board/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 TCP 127.0.0.1:51010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/309 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 TCP 127.0.0.1:50996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/306 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 TCP 127.0.0.1:49774 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/304 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/HASH(0x5559e84fbc40)%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 127.0.0.1:49778 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 127.0.0.1:49776 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/297 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/winnt/win.ini%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 127.0.0.1:49780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/294 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 127.0.0.1:49780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/294 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 127.0.0.1:49772 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/293 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 127.0.0.1:49770 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/292 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini%00][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 TCP 127.0.0.1:50464 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/defaultwebpage.cgi][StatusCode: 0][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /defaultwebpage.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -205,7 +205,7 @@ HTTP 797 191003 797 181 TCP 127.0.0.1:50620 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000494)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 182 TCP 127.0.0.1:50622 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000495)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 183 TCP 127.0.0.1:51036 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003199)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bin/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 184 TCP 127.0.0.1:51094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/265 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/etc/passwd%22%26][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006994)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /awcuser/cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 184 TCP 127.0.0.1:51094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/265 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/etc/passwd%22%26][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006994)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /awcuser/cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 185 TCP 127.0.0.1:50654 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/264 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001160)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 186 TCP 127.0.0.1:50688 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/261 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/running-config/interface/FastEthernet][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001262)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 187 TCP 127.0.0.1:51054 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003297)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -235,20 +235,20 @@ HTTP 797 191003 797 211 TCP 127.0.0.1:49764 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:negotiate)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 212 TCP 127.0.0.1:50658 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/perl/-e%20%22system('cat%20/etc/passwd');\%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001162)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /perl/)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 213 TCP 127.0.0.1:51048 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003294)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /certsrv/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 214 TCP 127.0.0.1:51068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003371)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans/ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 214 TCP 127.0.0.1:51068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003371)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans/ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 215 TCP 127.0.0.1:49550 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/238 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.rdf+destype=cache+desformat=PDF][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 216 TCP 127.0.0.1:50680 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/237 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/configuration][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001258)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 217 TCP 127.0.0.1:49690 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (OGET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 218 TCP 127.0.0.1:49702 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 219 TCP 127.0.0.1:50626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/athenareg.php?pass=%20;cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000667)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /athenareg.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 220 TCP 127.0.0.1:51066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003370)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 219 TCP 127.0.0.1:50626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/athenareg.php?pass=%20;cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000667)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /athenareg.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 220 TCP 127.0.0.1:51066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003370)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 221 TCP 127.0.0.1:50608 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-local/cgiemail-1.6/cgicso?query=AAA][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000344)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 222 TCP 127.0.0.1:50682 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/interfaces][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001259)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (nGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 223 TCP 127.0.0.1:51038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003216)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 223 TCP 127.0.0.1:51038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003216)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 224 TCP 127.0.0.1:49664 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:origin_reflection)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 225 TCP 127.0.0.1:51084 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpMyAdmin/server_sync.php?c=phpinfo()][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpMyAdmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 226 TCP 127.0.0.1:51088 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmyadmin/server_sync.php?c=phpinfo()][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmyadmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 227 TCP 127.0.0.1:51042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/232 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003218)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 227 TCP 127.0.0.1:51042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/232 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003218)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 228 TCP 127.0.0.1:50574 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/examples/cvbeans/beaninfo.cfm][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000014)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfdocs/examples/cv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 229 TCP 127.0.0.1:50644 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/snippets/gettempdirectory.cfm][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001076)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfdocs/snippets/gettempdir)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 230 TCP 127.0.0.1:50652 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/mods/apage/apage.cgi?f=file.htm.|id|][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001159)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /mods/apage/apage.c)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index 0c4e2fb40ce..810e109f570 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -199,6 +199,6 @@ JA3 Host Stats: 155 UDP 172.16.42.216:52603 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 156 UDP 172.16.42.216:60804 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.05 sec][Hostname/SNI: api.amazon.com][54.239.29.146][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 157 ICMPV6 [::]:0 -> [ff02::1:ffd3:fbc2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 158 TCP 172.16.42.216:38391 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 159 TCP 172.16.42.216:38434 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 TCP 172.16.42.216:38391 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 TCP 172.16.42.216:38434 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.09 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 160 IGMP 0.0.0.0:0 -> 224.0.0.1:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][125.44 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index c08333a1f27..5192d7214ec 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 368 (122.67 diss/flow) +Num dissector calls: 367 (122.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/bittorrent_tcp_miss.pcapng.out b/tests/result/bittorrent_tcp_miss.pcapng.out index a29585767de..27b466a779e 100644 --- a/tests/result/bittorrent_tcp_miss.pcapng.out +++ b/tests/result/bittorrent_tcp_miss.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 220 (220.00 diss/flow) +Num dissector calls: 219 (219.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 5/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/cassandra.pcap.out b/tests/result/cassandra.pcap.out index 474d6d6edc6..7c959990d2a 100644 --- a/tests/result/cassandra.pcap.out +++ b/tests/result/cassandra.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 18 (9.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 328 (164.00 diss/flow) +Num dissector calls: 326 (163.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out index e26608f7a7c..f1ea42fd608 100644 --- a/tests/result/cloudflare-warp.pcap.out +++ b/tests/result/cloudflare-warp.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 173 (21.62 diss/flow) +Num dissector calls: 172 (21.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out index 9b6a56e7c31..9e60f0a0d3c 100644 --- a/tests/result/emotet.pcap.out +++ b/tests/result/emotet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 182 (30.33 diss/flow) +Num dissector calls: 181 (30.17 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fastcgi.pcap.out b/tests/result/fastcgi.pcap.out index d180d6ed79e..b6c51dde5f0 100644 --- a/tests/result/fastcgi.pcap.out +++ b/tests/result/fastcgi.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 144 (144.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp-start-tls.pcap.out b/tests/result/ftp-start-tls.pcap.out index a3083eb196d..3b4a80d6f13 100644 --- a/tests/result/ftp-start-tls.pcap.out +++ b/tests/result/ftp-start-tls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 17 (17.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +Num dissector calls: 143 (143.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out index d70f9da87b1..5631249c979 100644 --- a/tests/result/ftp.pcap.out +++ b/tests/result/ftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 49 (16.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 606 (202.00 diss/flow) +Num dissector calls: 597 (199.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out index 4f50b03c31d..aa16dc86431 100644 --- a/tests/result/ftp_failed.pcap.out +++ b/tests/result/ftp_failed.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +Num dissector calls: 143 (143.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index 982c0dc13d4..8fe0351e613 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5367 (21.38 diss/flow) +Num dissector calls: 5366 (21.38 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/180/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out index f5596743e3d..3d4b4bfba77 100644 --- a/tests/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/result/fuzz-2006-09-29-28586.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 3 (flows) Confidence Match by port : 26 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 924 (23.10 diss/flow) +Num dissector calls: 921 (23.02 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/87/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -55,7 +55,7 @@ HTTP 118 28709 37 27 TCP 172.20.3.13:80 -> 76.20.3.5:2602 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 0.20.3.13:80 -> 172.20.3.5:2601 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 172.20.3.13:80 -> 172.20.3.5:2639 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 172.20.3.13:80 -> 172.20.68.5:2604 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 172.20.3.13:80 -> 172.20.68.5:2604 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 172.20.3.13:80 -> 172.20.76.5:65069 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 172.20.3.13:80 -> 172.20.82.5:2603 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 TCP 172.20.3.13:80 -> 172.20.148.5:2608 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index 92c94af44ce..4c5841cb657 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -25,4 +25,4 @@ Unknown 1 197 1 Undetected flows: - 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP [3400:3a30:3035:2f75:706c:6f32:643f:6c3d]:44288 -> [302e::3d00::8001]:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: TCP NULL scan / No server to client traffic][PLAIN TEXT (005/uplo2)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index bfdf9757130..2887cc5830a 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -289,12 +289,12 @@ Undetected flows: 70 UDP 10.0.2.15:28681 <-> 77.58.211.52:3806 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/168 bytes <-> 2 pkts/193 bytes][Goodput ratio: 50/56][43.98 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 UDP 10.0.2.15:28681 <-> 101.128.66.8:34512 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/168 bytes <-> 2 pkts/193 bytes][Goodput ratio: 50/56][35.76 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 10.0.2.15:50202 <-> 61.238.173.128:57648 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.55 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 686/0 686/0 686/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 TCP 10.0.2.15:50220 <-> 36.233.196.226:3820 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.38 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 953/0 1015/0 1077/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 TCP 10.0.2.15:50222 <-> 119.14.143.237:6523 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.12 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 875/0 881/0 887/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 TCP 10.0.2.15:50228 <-> 111.241.31.96:14384 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 811/0 818/0 826/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 76 TCP 10.0.2.15:50256 <-> 36.233.201.161:2886 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 808/0 819/0 830/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 10.0.2.15:50266 <-> 219.70.175.103:4315 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.14 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 873/0 889/0 905/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 TCP 10.0.2.15:50283 <-> 51.68.153.214:35004 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.13 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 544/0 546/0 547/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 10.0.2.15:50220 <-> 36.233.196.226:3820 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.38 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 953/0 1015/0 1077/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 10.0.2.15:50222 <-> 119.14.143.237:6523 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.12 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 875/0 881/0 887/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 TCP 10.0.2.15:50228 <-> 111.241.31.96:14384 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 811/0 818/0 826/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 TCP 10.0.2.15:50256 <-> 36.233.201.161:2886 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 808/0 819/0 830/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 10.0.2.15:50266 <-> 219.70.175.103:4315 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.14 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 873/0 889/0 905/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 TCP 10.0.2.15:50283 <-> 51.68.153.214:35004 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.13 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 544/0 546/0 547/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 UDP 10.0.2.15:28681 <-> 27.94.154.53:6346 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][0.41 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 10.0.2.15:28681 <-> 73.89.249.8:50649 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][7.44 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 10.0.2.15:28681 <-> 75.64.6.175:4743 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][44.39 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 51ee57175d2..b54c1f48e04 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 28 (28.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 204 (204.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/http_guessed_host_and_guessed.pcapng.out b/tests/result/http_guessed_host_and_guessed.pcapng.out index 6f455effeeb..16960b67c68 100644 --- a/tests/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/result/http_guessed_host_and_guessed.pcapng.out @@ -22,4 +22,4 @@ Patricia protocols: 1/1 (search/found) POP3 1 123 1 - 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: pornhub.com][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: pornhub.com][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: No client to server traffic / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out index d5ff5fc21d7..694da48c391 100644 --- a/tests/result/imap-starttls.pcap.out +++ b/tests/result/imap-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 19 (19.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 191 (191.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/imap.pcap.out b/tests/result/imap.pcap.out index 8d2ee448d9a..e8f88e6b86d 100644 --- a/tests/result/imap.pcap.out +++ b/tests/result/imap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 191 (191.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 4aaa6d9d055..bc68782132d 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 7 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1766 (46.47 diss/flow) +Num dissector calls: 1733 (45.61 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out index 7d9a7ee2c00..d2f24862c42 100644 --- a/tests/result/irc.pcap.out +++ b/tests/result/irc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 150 (150.00 diss/flow) +Num dissector calls: 149 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/jabber.pcap.out b/tests/result/jabber.pcap.out index 2c10d5f2bd6..9652efffdcd 100644 --- a/tests/result/jabber.pcap.out +++ b/tests/result/jabber.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1346 (112.17 diss/flow) +Num dissector calls: 1341 (111.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/log4j-webapp-exploit.pcap.out b/tests/result/log4j-webapp-exploit.pcap.out index 0904b693c70..f79adc53a9c 100644 --- a/tests/result/log4j-webapp-exploit.pcap.out +++ b/tests/result/log4j-webapp-exploit.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 63 (9.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 412 (58.86 diss/flow) +Num dissector calls: 411 (58.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -34,4 +34,4 @@ LDAP 32 2796 2 Undetected flows: 1 TCP 172.16.238.10:55408 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][178 pkts/12940 bytes <-> 176 pkts/12009 bytes][Goodput ratio: 6/0][17.64 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/124 7288/7288 623/831][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 73/68 78/89 3/2][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 172.16.238.10:55498 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/76 bytes <-> 1 pkts/56 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 172.16.238.10:55498 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/76 bytes <-> 1 pkts/56 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out index bcd682f77bd..cb5eaa2bc34 100644 --- a/tests/result/mongo_false_positive.pcapng.out +++ b/tests/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (26.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 397 (397.00 diss/flow) +Num dissector calls: 396 (396.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out index 851b473d58b..22a6d4bd27d 100644 --- a/tests/result/nest_log_sink.pcap.out +++ b/tests/result/nest_log_sink.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 130 (10.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 1753 (125.21 diss/flow) +Num dissector calls: 1741 (124.36 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out index c7aa44d7426..9e7959a04d3 100644 --- a/tests/result/oracle12.pcapng.out +++ b/tests/result/oracle12.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (20.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 278 (278.00 diss/flow) +Num dissector calls: 277 (277.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pop3.pcap.out b/tests/result/pop3.pcap.out index f276fa6a866..ff47a7c616a 100644 --- a/tests/result/pop3.pcap.out +++ b/tests/result/pop3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 83 (13.83 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 1098 (183.00 diss/flow) +Num dissector calls: 1092 (182.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pop3_stls.pcap.out b/tests/result/pop3_stls.pcap.out index 45750256a25..39fda634afe 100644 --- a/tests/result/pop3_stls.pcap.out +++ b/tests/result/pop3_stls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 18 (18.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 185 (185.00 diss/flow) +Num dissector calls: 184 (184.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/reasm_segv_anon.pcapng.out b/tests/result/reasm_segv_anon.pcapng.out index df64159ab3e..e2380cf284a 100644 --- a/tests/result/reasm_segv_anon.pcapng.out +++ b/tests/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 249 (249.00 diss/flow) +Num dissector calls: 245 (245.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out index d30b283f00f..912361234d1 100644 --- a/tests/result/rsh.pcap.out +++ b/tests/result/rsh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 284 (142.00 diss/flow) +Num dissector calls: 282 (141.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rsync.pcap.out b/tests/result/rsync.pcap.out index 7704277016e..b7cc6de12fd 100644 --- a/tests/result/rsync.pcap.out +++ b/tests/result/rsync.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 162 (162.00 diss/flow) +Num dissector calls: 161 (161.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rtmp.pcap.out b/tests/result/rtmp.pcap.out index f698809917d..f1e0ad9a036 100644 --- a/tests/result/rtmp.pcap.out +++ b/tests/result/rtmp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 144 (144.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index a3ead888ed1..28d260cb54e 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 59 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 206 (flows) -Num dissector calls: 26899 (91.81 diss/flow) +Num dissector calls: 26793 (91.44 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/261/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index afbed172eb8..8d5199f81fe 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 44 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 201 (flows) -Num dissector calls: 22405 (83.91 diss/flow) +Num dissector calls: 22329 (83.63 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/198/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smb_frags.pcap.out b/tests/result/smb_frags.pcap.out index 133848d5f9e..f23a2dd8a77 100644 --- a/tests/result/smb_frags.pcap.out +++ b/tests/result/smb_frags.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 144 (144.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smtp-starttls.pcap.out b/tests/result/smtp-starttls.pcap.out index 3495fd71f94..bb6c7f90a10 100644 --- a/tests/result/smtp-starttls.pcap.out +++ b/tests/result/smtp-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 143 (71.50 diss/flow) +Num dissector calls: 142 (71.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smtp.pcap.out b/tests/result/smtp.pcap.out index 1467f53b786..ff56fde7773 100644 --- a/tests/result/smtp.pcap.out +++ b/tests/result/smtp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 186 (186.00 diss/flow) +Num dissector calls: 185 (185.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/soap.pcap.out b/tests/result/soap.pcap.out index 09397d44c88..54b89401e8c 100644 --- a/tests/result/soap.pcap.out +++ b/tests/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 357 (119.00 diss/flow) +Num dissector calls: 354 (118.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out index dec8e605990..78abe9e4801 100644 --- a/tests/result/socks-http-example.pcap.out +++ b/tests/result/socks-http-example.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 29 (9.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 451 (150.33 diss/flow) +Num dissector calls: 450 (150.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 77ad10aebc7..d2d1aedece7 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 12 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1416 (27.23 diss/flow) +Num dissector calls: 1415 (27.21 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -84,8 +84,8 @@ Starcraft 236 51494 6 47 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/result/stun.pcap.out b/tests/result/stun.pcap.out index 8645eee3ffc..f2133260728 100644 --- a/tests/result/stun.pcap.out +++ b/tests/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 572 (143.00 diss/flow) +Num dissector calls: 571 (142.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out index 622a6069b75..8810f89e85f 100644 --- a/tests/result/synscan.pcap.out +++ b/tests/result/synscan.pcap.out @@ -81,7 +81,7 @@ iSCSI 2 116 2 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.16.0.8:36050 -> 64.13.134.52:20 [proto: 175/FTP_DATA][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 172.16.0.8:36050 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 172.16.0.8:36050 -> 64.13.134.52:23 [proto: 77/Telnet][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -213,10 +213,10 @@ iSCSI 2 116 2 Undetected flows: - 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:31337 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:31337 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.16.0.8:36050 -> 64.13.134.52:1 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 172.16.0.8:36050 -> 64.13.134.52:3 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 172.16.0.8:36050 -> 64.13.134.52:4 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tcp_scan.pcapng.out b/tests/result/tcp_scan.pcapng.out new file mode 100644 index 00000000000..19d2d014ffb --- /dev/null +++ b/tests/result/tcp_scan.pcapng.out @@ -0,0 +1,39 @@ +Guessed flow protos: 7 + +DPI Packets (TCP): 18 (2.57 pkts/flow) +Confidence Unknown : 3 (flows) +Confidence Match by port : 4 (flows) +Num dissector calls: 0 (0.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/21/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/10/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 14/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 14/0 (search/found) + +Unknown 6 342 3 +HTTP 4 272 1 +SMBv23 2 138 1 +RDP 2 118 1 +TLS 4 272 1 + + 1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: System/18][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.178:43067 <-> 192.168.1.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Desktop/File Sharing **** TCP Connection Issues **][Risk Score: 60][Risk Info: Connection refused / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 TCP 192.168.1.178:57916 <-> 192.168.1.2:3391 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP NULL scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.178:62971 <-> 192.168.1.2:3390 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP FIN scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.178:63243 <-> 192.168.1.2:3392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP XMAS scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out index b45fc3b0c0a..1233a1fa074 100644 --- a/tests/result/telnet.pcap.out +++ b/tests/result/telnet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +Num dissector calls: 143 (143.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/threema.pcap.out b/tests/result/threema.pcap.out index 233c5a464cb..8cb3dd69097 100644 --- a/tests/result/threema.pcap.out +++ b/tests/result/threema.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 66 (11.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 4 (flows) -Num dissector calls: 1186 (197.67 diss/flow) +Num dissector calls: 1180 (196.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out index 94670abc68b..2a0391c9476 100644 --- a/tests/result/tinc.pcap.out +++ b/tests/result/tinc.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 19 (9.50 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 496 (124.00 diss/flow) +Num dissector calls: 494 (123.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out index 8d13921e85d..4f9c1dd7f02 100644 --- a/tests/result/tls_false_positives.pcapng.out +++ b/tests/result/tls_false_positives.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 30 (30.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 397 (397.00 diss/flow) +Num dissector calls: 396 (396.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out index 68f367d240c..df69dc3bed3 100644 --- a/tests/result/z3950.pcapng.out +++ b/tests/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 445 (222.50 diss/flow) +Num dissector calls: 443 (221.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 8fe31a4e5e2..074cfbc0710 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -71,7 +71,7 @@ JA3 Host Stats: 27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Hostname/SNI: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Hostname/SNI: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 ICMP 192.168.1.117:0 -> 192.168.1.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index d02ada33fe8..9efa33413ab 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -88,6 +88,7 @@ flow_risks[46] = ProtoField.bool("ndpi.flow_risk.unidirectional_traffic", "Unidi flow_risks[47] = ProtoField.bool("ndpi.flow_risk.http_obsolete_server", "Obsolete HTTP Server", num_bits_flow_risks, nil, bit(15), "nDPI Flow Risk: Obsolete HTTP Server") flow_risks[48] = ProtoField.bool("ndpi.flow_risk.periodic_flow", "Periodic Flow", num_bits_flow_risks, nil, bit(16), "nDPI Flow Risk: Periodic Flow") flow_risks[49] = ProtoField.bool("ndpi.flow_risk.minor_issues", "Minor flow issues", num_bits_flow_risks, nil, bit(17), "nDPI Flow Risk: Minor flow issues") +flow_risks[50] = ProtoField.bool("ndpi.flow_risk.tcp_issues", "TCP connection issues", num_bits_flow_risks, nil, bit(18), "nDPI Flow Risk: TCP connection issues") -- Last one: keep in sync the bitmask when adding new risks!! flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(13))