Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update btest baselines to reflect the use of local address ranges.

Browse source
This commit is contained in:
Christian Kreibich 2023-02-08 19:30:45 -08:00
parent 4281d704c1
commit 1843e2daae
117 changed files with 2134 additions and 2124 deletions
Download patch file Download diff file Expand all files Collapse all files

4
testing/btest/Baseline/core.checksums_ignore_nets/conn-failed.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - - - - OTH - - 0 C 0 0 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.221.46.9 80 192.168.1.28 53246 tcp - 0.063810 432 0 SH - - 0 HcADF 4 604 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - - - - OTH T F 0 C 0 0 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.221.46.9 80 192.168.1.28 53246 tcp - 0.063810 432 0 SH F T 0 HcADF 4 604 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.checksums_ignore_nets/conn-worked-multi-subnets.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF - - 0 ShADadFf 6 338 4 604 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.checksums_ignore_nets/conn-worked.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF - - 0 ShADadFf 6 338 4 604 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 -
#close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/core.cisco-fabric-path/conn.log
View file

@ -7,36 +7,36 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 1.1.1.6 57005 2.2.2.2 48879 tcp - 0.001018 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 1.1.1.4 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 1.1.1.14 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 1.1.1.12 57005 2.2.2.2 48879 tcp - 0.000926 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 1.1.1.0 57005 2.2.2.2 48879 tcp - 0.001042 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 1.1.1.2 57005 2.2.2.2 48879 tcp - 0.000920 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 1.1.1.8 57005 2.2.2.2 48879 tcp - 0.000930 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 1.1.1.10 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 - - 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 1234::e 57005 5678:: 48879 tcp - 0.001139 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 1234::c 57005 5678:: 48879 tcp - 0.001027 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 1234::6 57005 5678:: 48879 tcp - 0.001055 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 1234::4 57005 5678:: 48879 tcp - 0.001018 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 1234::8 57005 5678:: 48879 tcp - 0.001029 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 1234::a 57005 5678:: 48879 tcp - 0.001005 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 1234:: 57005 5678:: 48879 tcp - 0.001005 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 1234::2 57005 5678:: 48879 tcp - 0.001120 0 0 S0 - - 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 1.1.1.0 57005 2.2.2.2 48879 udp - 0.000926 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 1.1.1.4 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.6 57005 2.2.2.2 48879 udp - 0.001243 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 - - 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 - - 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 1.1.1.6 57005 2.2.2.2 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 1.1.1.4 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 1.1.1.14 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 1.1.1.12 57005 2.2.2.2 48879 tcp - 0.000926 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 1.1.1.0 57005 2.2.2.2 48879 tcp - 0.001042 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 1.1.1.2 57005 2.2.2.2 48879 tcp - 0.000920 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 1.1.1.8 57005 2.2.2.2 48879 tcp - 0.000930 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 1.1.1.10 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 1234::e 57005 5678:: 48879 tcp - 0.001139 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 1234::c 57005 5678:: 48879 tcp - 0.001027 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 1234::6 57005 5678:: 48879 tcp - 0.001055 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 1234::4 57005 5678:: 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 1234::8 57005 5678:: 48879 tcp - 0.001029 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 1234::a 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 1234:: 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 1234::2 57005 5678:: 48879 tcp - 0.001120 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 1.1.1.0 57005 2.2.2.2 48879 udp - 0.000926 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 1.1.1.4 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.6 57005 2.2.2.2 48879 udp - 0.001243 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 F F 0 D 2 96 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.erspanI/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.133.2 8 172.217.11.78 0 icmp - 0.014360 280 280 OTH - - 0 - 5 420 5 420 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.133.2 8 172.217.11.78 0 icmp - 0.014360 280 280 OTH T F 0 - 5 420 5 420 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.erspanII/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 23.0.0.2 8 23.0.0.3 0 icmp - 0.001727 144 144 OTH - - 0 - 2 200 2 200 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 23.0.0.2 8 23.0.0.3 0 icmp - 0.001727 144 144 OTH F F 0 - 2 200 2 200 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.erspanIII/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.15.47 8 1.1.1.1 0 icmp - 0.004305 56 56 OTH - - 0 - 1 84 1 84 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.15.47 8 1.1.1.1 0 icmp - 0.004305 56 56 OTH T F 0 - 1 84 1 84 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.expire-all-timers/conn-all.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 0.000010 18 0 OTH - - 0 Da 1 58 1 40 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.1 51889 192.168.0.1 80 tcp - - - - OTH - - 0 D 1 58 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 0.000010 18 0 OTH T T 0 Da 1 58 1 40 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.1 51889 192.168.0.1 80 tcp - - - - OTH T T 0 D 1 58 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.expire-all-timers/conn-limited.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 300.000010 18 0 OTH - - 0 DaT 2 116 1 40 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 300.000010 18 0 OTH T T 0 DaT 2 116 1 40 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.history-flip/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 - 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF F F 0 ^hADdFaf 11 670 10 9945 - 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.mpls-in-vlan/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 257 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH F F 0 ^d 0 0 1 1500 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 710 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.pbb/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.199.249.11 49601 10.199.249.12 49416 tcp - 0.002215 209 0 SF - - 0 ShADFaf 5 421 3 132 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.199.249.11 49601 10.199.249.12 49416 tcp - 0.002215 209 0 SF T T 0 ShADFaf 5 421 3 132 -
#close XXXX-XX-XX-XX-XX-XX

32
testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
View file

@ -7,20 +7,20 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH F F 0 D 1 515 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.pppoe-over-qinq/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.1 20394 2.2.2.2 443 tcp - 273.626833 11352 4984 SF - - 0 ShADdtaTTtFf 44 25283 42 13001 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.1 20394 2.2.2.2 443 tcp - 273.626833 11352 4984 SF F F 0 ShADdtaTTtFf 44 25283 42 13001 -
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/core.pppoe/conn.log
View file

@ -7,11 +7,11 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH T T 0 - 5 500 5 500 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH T T 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 T T 0 D 2 288 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH T F 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH T F 0 - 8 608 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 48 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 T F 0 D 2 210 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.print-bpf-filters/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF T T 0 ShADadfF 7 381 7 3801 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.q-in-q/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 T T 0 D 2 92 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 F F 0 D 2 608 0 0 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.radiotap/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF - - 0 Dd 1 63 1 156 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF T F 0 Dd 1 63 1 156 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 T F 0 D 1 328 0 0 -
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/core.skip_analyzer/conn.log
View file

@ -7,11 +7,11 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 40264 172.28.2.3 22 tcp - 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 40264 172.28.2.3 22 tcp - 3.157831 952 1671 SF F T 0 ShAdDaFf 12 1584 10 2199 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH F T 0 - 4 336 4 336 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 F T 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH T F 0 - 2 178 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tcp.flip-without-syn/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 6669 192.150.187.43 80 tcp http 0.141744 136 5007 SF - - 0 ^hADadFf 6 456 7 5371 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 6669 192.150.187.43 80 tcp http 0.141744 136 5007 SF F F 0 ^hADadFf 6 456 7 5371 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 5416642848 ShAdgfFa 13 688 12 24454 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF T T 0 ShAdfFa 5 272 4 486 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF T T 5416642848 ShAdgfFa 13 688 12 24454 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF T T 0 ShAdDaFf 31 1728 18 1985 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FnoIda1WW6kUCpRjRc ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 FTP_DATA 0 DATA_EVENT text/plain - 0.000000 - F 270 - 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX F1jSMF2ntWAIdj4juj C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 FTP_DATA 0 DATA_EVENT text/plain - 150.490904 - F 23822 - 5416642848 0 F - - - - - - -
XXXXXXXXXX.XXXXXX FnoIda1WW6kUCpRjRc ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 FTP_DATA 0 DATA_EVENT text/plain - 0.000000 T F 270 - 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX F1jSMF2ntWAIdj4juj C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 FTP_DATA 0 DATA_EVENT text/plain - 150.490904 T F 23822 - 5416642848 0 F - - - - - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tcp.miss-end-data/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafgF 5 750 4 172 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF T F 2902 ShADafgF 5 750 4 172 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tcp.missing-syn/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF F F 0 ^hADdFaf 11 670 10 9945 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tcp.reassembly-known-ports/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp http 0.211484 136 5007 SF - - 0 ShADadFf 7 512 7 5379 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp http 0.211484 136 5007 SF F F 0 ShADadFf 7 512 7 5379 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADaGdgtR 17 1250 22 28961 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO T T 24257 ShADaGdgtR 17 1250 22 28961 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH F F 0 ^h 0 0 1 48 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.tunnels.analyzer-confirmation/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.200.131 50000 10.1.1.172 4789 udp vxlan 0.627090 10203 0 S0 - - 0 D 12 10539 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.11.201 40354 54.86.237.188 80 tcp http 0.627052 87 9212 SF - - 0 ShADadFf 7 459 5 9480 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.200.131 50000 10.1.1.172 4789 udp vxlan 0.627090 10203 0 S0 T T 0 D 12 10539 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.11.201 40354 54.86.237.188 80 tcp http 0.627052 87 9212 SF T F 0 ShADadFf 7 459 5 9480 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/core.tunnels.ayiya/conn.log
View file

@ -7,12 +7,12 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH T F 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR T F 0 ^d 0 0 1 176 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF T F 0 Dd 21 5717 13 6473 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 F F 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH F F 0 - 3 312 1 104 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH T F 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH T F 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH T F 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.geneve/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 20.0.0.2 0 20.0.0.1 6081 udp geneve 1.999999 318 0 S0 - - 0 D 3 402 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 20.0.0.1 50901 20.0.0.2 6081 udp geneve 1.999995 342 0 S0 - - 0 D 3 426 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 30.0.0.1 8 30.0.0.2 0 icmp - 2.000182 168 168 OTH - - 0 - 3 252 3 252 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 20.0.0.2 0 20.0.0.1 6081 udp geneve 1.999999 318 0 S0 F F 0 D 3 402 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 20.0.0.1 50901 20.0.0.2 6081 udp geneve 1.999995 342 0 S0 F F 0 D 3 426 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 30.0.0.1 8 30.0.0.2 0 icmp - 2.000182 168 168 OTH F F 0 - 3 252 3 252 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.gre-in-gre/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - - 0 D 2 224 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - - 0 D 2 104 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - - 0 - 312 31200 312 31200 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 F F 0 D 2 224 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 F F 0 D 2 104 0 0 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH T T 0 - 312 31200 312 31200 ClEkJM2Vm5giqnMf4h
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tunnels.gre-pptp/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.16.44.3 40768 8.8.8.8 53 udp dns 0.213894 71 146 SF - - 0 Dd 1 99 1 174 ClEkJM2Vm5giqnMf4h
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.16.44.3 40768 8.8.8.8 53 udp dns 0.213894 71 146 SF T F 0 Dd 1 99 1 174 ClEkJM2Vm5giqnMf4h
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/core.tunnels.gre/conn.log
View file

@ -7,11 +7,11 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 123 18.26.4.105 123 udp ntp 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 66.59.111.182 123 udp ntp 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 66.59.111.190 123 129.170.17.4 123 udp ntp 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF F T 0 ShAdDaFf 12 1584 10 2199 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 F T 0 D 2 122 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 123 18.26.4.105 123 udp ntp 0.074086 48 48 SF F F 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 66.59.111.182 123 udp ntp 0.056629 48 48 SF F F 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 66.59.111.190 123 129.170.17.4 123 udp ntp 0.072374 48 48 SF F F 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH F T 0 - 4 336 4 336 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH T F 0 - 2 178 0 0 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tunnels.gre/ssh.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
#types time string addr port addr port count bool count enum string string string string string string string string
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 2 - 0 - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 blowfish-cbc hmac-md5 zlib diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 2 - 0 INBOUND SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 blowfish-cbc hmac-md5 zlib diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 T F 0 ShADadf 29 2310 49 65396 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 F F 0 D 49 67160 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 F F 0 D 29 3354 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/core.tunnels.gtp.false_gtp/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 T F 0 D 1 64 0 0 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 T F 0 D 1 80 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 F F 0 D 2 208 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 56 0 0 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

34
testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
View file

@ -7,21 +7,21 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 Ck51lg1bScffFj34Ri
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C0LAHyvtKSQHyJxIl,C9rXSW3KSpTYvPrlI1
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR T F 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR T F 0 ^d 0 0 1 84 Ck51lg1bScffFj34Ri
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 T F 0 D 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 T F 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 T F 0 D 1 88 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 T F 0 D 1 80 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 T F 0 D 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 T F 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 T F 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 F F 0 D 1 124 0 0 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 F F 0 D 2 248 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF F F 0 Dd 1 116 1 120 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 F F 0 D 1 120 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 F F 0 D 2 248 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 F F 0 D 2 250 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH T F 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH T F 0 - 2 96 0 0 C0LAHyvtKSQHyJxIl,C9rXSW3KSpTYvPrlI1
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.tunnels.gtp.not_user_plane_data/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF T F 0 Dd 1 40 1 42 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 T T 0 D 1 52 0 0 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.tunnels.gtp.opt_header/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 T F 0 ShADad 17 1604 14 1762 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF F T 0 Dd 17 2216 14 2322 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 5760 ShADadfgF 27 3204 41 52594 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF T F 5760 ShADadfgF 27 3204 41 52594 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF F F 0 Dd 27 4176 41 54070 -
#close XXXX-XX-XX-XX-XX-XX

42
testing/btest/Baseline/core.tunnels.teredo/conn.log
View file

@ -7,25 +7,25 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 ^fA 1 40 1 40 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.16 1576 75.126.130.163 80 tcp - - - - OTH - - 0 R 1 40 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR T F 0 ^fA 1 40 1 40 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR T F 0 ^fA 1 40 1 40 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH T F 0 Fa 1 40 1 40 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.16 1576 75.126.130.163 80 tcp - - - - OTH T F 0 R 1 40 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO T F 0 ShADadR 6 1038 4 335 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF T T 0 Dd 2 122 2 494 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 T T 0 D 3 234 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF T T 0 Dd 3 207 3 682 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 T T 0 D 1 328 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF T F 0 Dd 2 185 1 76 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR T F 0 ^d 0 0 1 137 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF T F 0 ShADadFf 7 757 6 4164 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH T F 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH T F 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH T F 0 ^r 0 0 1 40 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF T F 0 Dd 12 2695 13 11607 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 T T 0 D 2 472 0 0 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH T F 0 - 1 52 1 52 Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 T F 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH T T 0 - 1 88 0 0 CmES5u32sYpV7JYN
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
View file

@ -7,11 +7,11 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF T F 0 Dd 2 185 1 80 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR T F 0 ^d 0 0 1 137 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF T F 0 Dd 12 2703 13 11607 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH T F 0 - 1 52 1 52 CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 T F 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH T T 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/core.tunnels.vxlan-unknown-internal-packet/conn.log
View file

@ -1,12 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2023-01-25-16-21-59
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1673538029.809899 CHhAvVGS1DHFjwGM9 172.30.0.1 48036 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 -
1673538054.797831 ClEkJM2Vm5giqnMf4h 172.30.0.1 45303 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 -
1673538167.375490 C4J4Th3PJpwUYZZ6gc 172.30.0.1 36030 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 -
#close 2023-01-25-16-21-59
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.30.0.1 48036 172.30.0.2 4789 udp - - - - OTH T T 0 C 0 0 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.30.0.1 45303 172.30.0.2 4789 udp - - - - OTH T T 0 C 0 0 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.30.0.1 36030 172.30.0.2 4789 udp - - - - OTH T T 0 C 0 0 0 0 -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/core.tunnels.vxlan/conn.log
View file

@ -7,9 +7,9 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.1 8 10.0.0.2 0 icmp - 3.004616 224 224 OTH - - 0 - 4 336 4 336 CUM0KZ3MLUfNB0cl11,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 udp vxlan 3.004278 424 0 S0 - - 0 D 4 536 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.12 40908 192.168.56.11 4789 udp vxlan - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.11 39924 192.168.56.12 4789 udp vxlan - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 udp vxlan 3.004434 424 0 S0 - - 0 D 4 536 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.1 8 10.0.0.2 0 icmp - 3.004616 224 224 OTH T T 0 - 4 336 4 336 CUM0KZ3MLUfNB0cl11,C4J4Th3PJpwUYZZ6gc
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 udp vxlan 3.004278 424 0 S0 T T 0 D 4 536 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.12 40908 192.168.56.11 4789 udp vxlan - - - S0 T T 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.11 39924 192.168.56.12 4789 udp vxlan - - - S0 T T 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 udp vxlan 3.004434 424 0 S0 T T 0 D 4 536 0 0 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.vlan-mpls/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH T T 0 SADF 11 470 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF F F 0 ShADdFaf 12 730 10 9945 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF T T 0 ShADadfF 7 381 7 3801 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.wlanmon/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.009303 35 128 SF - - 0 Dd 1 63 1 156 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.009303 35 128 SF T F 0 Dd 1 63 1 156 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 T F 0 D 1 328 0 0 -
#close XXXX-XX-XX-XX-XX-XX

115
testing/btest/Baseline/plugins.hooks/output
View file

File diff suppressed because one or more lines are too long

4
testing/btest/Baseline/plugins.packet-protocol/output_raw
View file

@ -8,6 +8,6 @@ raw_layer_message (Message = 'I am encapsulating IP', Protocol = 4950)
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.22.214.60 8 192.0.78.150 0 icmp - - - - OTH - - 0 - 1 28 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.22.214.60 8 192.0.78.212 0 icmp - - - - OTH - - 0 - 1 28 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.22.214.60 8 192.0.78.150 0 icmp - - - - OTH T F 0 - 1 28 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.22.214.60 8 192.0.78.212 0 icmp - - - - OTH T F 0 - 1 28 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/plugins.pktsrc/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - - 0 S 1 64 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 F F 0 S 1 64 0 0 -
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/plugins.writer/output
View file

@ -11,14 +11,14 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
[conn] XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
[conn] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
[conn] XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CmES5u32sYpV7JYN|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CP5puj4I8PtEU4qzYg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[files] XXXXXXXXXX.XXXXXX|F44J9mUl78AQMlNe3|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|-|-|-
[conn] XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|T|F|0|S|5|320|0|0|-
[conn] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|T|F|0|ShADadfF|23|5080|20|3986|-
[conn] XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CmES5u32sYpV7JYN|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-
[conn] XXXXXXXXXX.XXXXXX|CP5puj4I8PtEU4qzYg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-
[files] XXXXXXXXXX.XXXXXX|F44J9mUl78AQMlNe3|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|HTTP|0||image/gif|-|0.000034|F|F|1368|1368|0|0|F|-|-|-|-|-|-|-
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
[http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|3|GET|www.osnews.com|/images/icons/9.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-

2
testing/btest/Baseline/scripts.base.files.extract.limit/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid extracted extracted_cutoff extracted_size md5 sha1 sha256
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string bool count string string string
XXXXXXXXXX.XXXXXX FCceqBvpMfirSN0Ri ClEkJM2Vm5giqnMf4h 141.142.228.5 50737 141.142.192.162 38141 FTP_DATA 0 EXTRACT text/plain - 0.001059 - F 16557 - 0 0 F - 2 T 6000 - - -
XXXXXXXXXX.XXXXXX FCceqBvpMfirSN0Ri ClEkJM2Vm5giqnMf4h 141.142.228.5 50737 141.142.192.162 38141 FTP_DATA 0 EXTRACT text/plain - 0.001059 F F 16557 - 0 0 F - 2 T 6000 - - -
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.files.x509.files/files.log
View file

@ -7,10 +7,10 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 - F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 - F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX F1H4bd2OKGbLPEdHm4 ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Fgsbci2jxFXYMOHOhi ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 - F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
XXXXXXXXXX.XXXXXX FgN3AE3of2TRIqaeQe CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 F F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX Fv2Agc4z5boBOacQi6 CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 F F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Ftmyeg2qgI2V38Dt3g CHhAvVGS1DHFjwGM9 192.168.4.149 60623 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 F F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
XXXXXXXXXX.XXXXXX FUFNf84cduA0IJCp07 ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-user-cert - 0.000000 F F 1859 - 0 0 F - 7af07aca6d5c6e8e87fe4bb34786edc0 548b9e03bc183d1cd39f93a37985cb3950f8f06f 6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
XXXXXXXXXX.XXXXXX F1H4bd2OKGbLPEdHm4 ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 F F 1032 - 0 0 F - 9e4ac96474245129d9766700412a1f89 d83c1a7f4d0446bb2081b81a1670f8183451ca24 a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
XXXXXXXXXX.XXXXXX Fgsbci2jxFXYMOHOhi ClEkJM2Vm5giqnMf4h 192.168.4.149 60624 74.125.239.129 443 SSL 0 SHA256,X509,SHA1,MD5 application/x-x509-ca-cert - 0.000000 F F 897 - 0 0 F - 2e7db2a31d0e3da4b25f49b9542a2e1a 7359755c6df9a0abc3060bce369564c8ec4542a3 3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
#close XXXX-XX-XX-XX-XX-XX

48
testing/btest/Baseline/scripts.base.frameworks.analyzer.request-analyzer/conn.log
View file

@ -7,28 +7,28 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA - - - - -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h - - - - -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA - - - - -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 F F 0 ShADad - - - - -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH F F 0 ^h - - - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.register_mime_type/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 MD5 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac - - - - -
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 MD5 text/plain - 0.000263 F F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac - - - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.file-analysis.big-bof-buffer/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 SHA1,MD5 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 - - - -
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 SHA1,MD5 text/plain - 0.000263 F F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 - - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.file-analysis.byteranges/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FZkGcy26oUimsCoAH1 CHhAvVGS1DHFjwGM9 192.168.1.105 49219 198.189.255.75 80 HTTP 0 EXTRACT - - 0.046240 - F 54229 605292323 4244449 0 T - - - - extract-XXXXXXXXXX.XXXXXX-HTTP-FZkGcy26oUimsCoAH1 T 4000
XXXXXXXXXX.XXXXXX FZkGcy26oUimsCoAH1 CHhAvVGS1DHFjwGM9 192.168.1.105 49219 198.189.255.75 80 HTTP 0 EXTRACT - - 0.046240 F F 54229 605292323 4244449 0 T - - - - extract-XXXXXXXXXX.XXXXXX-HTTP-FZkGcy26oUimsCoAH1 T 4000
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 SHA256,EXTRACT,SHA1,MD5,DATA_EVENT text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 FMnxxt3xjVcWNS2141-file F -
XXXXXXXXXX.XXXXXX FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 HTTP 0 SHA256,EXTRACT,SHA1,MD5,DATA_EVENT text/plain - 0.000263 F F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 FMnxxt3xjVcWNS2141-file F -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-include-exclude/conn-exc.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
- - - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp - 0.211484 136 5007 SF - - 0 ShADadFf 7 512 7 5379 -
- - - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp - 0.211484 136 5007 SF F F 0 ShADadFf 7 512 7 5379 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map2/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid src_ip src_port dst_ip dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.2 49159 192.168.1.1 20000 tcp - 0.463113 120 0 S0 - - 0 SAD 5 332 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.2 49159 192.168.1.1 20000 tcp - 0.463113 120 0 S0 T T 0 SAD 5 332 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH F F 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH F F 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 F F 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 F F 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 F F 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 F F 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 F F 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 F F 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 F F 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 F F 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 F F 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 F F 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 T F 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 T F 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 T F 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX

68
testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/conn.select
View file

@ -1,35 +1,35 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|73|0|0|
XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|||0|D|1|199|0|0|
XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|179|0|0|
XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|||0|DdA|2|567|1|402|
XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|||0|ShADad|4|741|3|396|
XXXXXXXXXX.XXXXXX|CmES5u32sYpV7JYN|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|||0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CP5puj4I8PtEU4qzYg|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|||0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C37jN32gN3y3AZzyf6|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|||0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|C3eiCBGOLw3VtHfOj|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|||0|ShADad|6|1491|4|949|
XXXXXXXXXX.XXXXXX|CwjjYJ2WqgTbAqiHl6|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|||0|ShADad|6|1445|4|950|
XXXXXXXXXX.XXXXXX|C0LAHyvtKSQHyJxIl|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|||0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CFLRIC3zaTU1loLGxh|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|||0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C9rXSW3KSpTYvPrlI1|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|||0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|Ck51lg1bScffFj34Ri|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|||0|ShADad|6|1450|4|950|
XXXXXXXXXX.XXXXXX|C9mvWx3ezztgzcexV7|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|||0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CNnMIj2QSd84NKf7U3|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|||0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C7fIlMZDuRiqjpYbb|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|||0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|CykQaM33ztNt0csB9a|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|||0|ShADad|6|1457|4|949|
XXXXXXXXXX.XXXXXX|CtxTCR2Yer0FR1tIBg|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|||0|ShADad|6|1468|4|950|
XXXXXXXXXX.XXXXXX|CpmdRlaUoJLN3uIRa|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|||0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|C1Xkzz2MaGtLrc1Tla|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|||0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|CqlVyW1YwZ15RhTBc4|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|||0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|CLNN1k2QMum1aexUK7|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|||0|ShADad|6|1498|4|950|
XXXXXXXXXX.XXXXXX|CBA8792iHmnhPLksKa|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|||0|Dd|1|64|1|159|
XXXXXXXXXX.XXXXXX|CGLPPc35OzDQij1XX8|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|||0|Dd|1|64|1|226|
XXXXXXXXXX.XXXXXX|CiyBAq1bBLNaTiTAc|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|||0|ShADad|4|750|3|576|
XXXXXXXXXX.XXXXXX|CFSwNi4CNGxcuffo49|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|||0|^h|0|0|1|48|
XXXXXXXXXX.XXXXXX|Cipfzj1BEnhejw8cGf|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|85|0|0|
XXXXXXXXXX.XXXXXX|CV5WJ42jPYbNW9JNWf|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|||0|D|7|546|0|0|
XXXXXXXXXX.XXXXXX|CPhDKt12KQPUVbQz06|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|||0|D|2|162|0|0|
XXXXXXXXXX.XXXXXX|CAnFrb2Cvxr5T7quOc|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|||0|D|2|122|0|0|
XXXXXXXXXX.XXXXXX|C8rquZ3DjgNW06JGLl|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|||0|D|2|162|0|0|
XXXXXXXXXX.XXXXXX|CzrZOtXqhwwndQva3|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|||0|D|2|122|0|0|
XXXXXXXXXX.XXXXXX|CaGCc13FffXe6RkQl9|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|||0|D|1|78|0|0|
XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|0|0|0|D|1|73|0|0|
XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|1|0|0|D|1|199|0|0|
XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|0|0|0|D|1|179|0|0|
XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|0|0|0|DdA|2|567|1|402|
XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|0|0|0|ShADad|4|741|3|396|
XXXXXXXXXX.XXXXXX|CmES5u32sYpV7JYN|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|0|0|0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CP5puj4I8PtEU4qzYg|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|0|0|0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C37jN32gN3y3AZzyf6|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|0|0|0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|C3eiCBGOLw3VtHfOj|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|0|0|0|ShADad|6|1491|4|949|
XXXXXXXXXX.XXXXXX|CwjjYJ2WqgTbAqiHl6|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|0|0|0|ShADad|6|1445|4|950|
XXXXXXXXXX.XXXXXX|C0LAHyvtKSQHyJxIl|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|0|0|0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CFLRIC3zaTU1loLGxh|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|0|0|0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C9rXSW3KSpTYvPrlI1|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|0|0|0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|Ck51lg1bScffFj34Ri|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|0|0|0|ShADad|6|1450|4|950|
XXXXXXXXXX.XXXXXX|C9mvWx3ezztgzcexV7|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|0|0|0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|CNnMIj2QSd84NKf7U3|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|0|0|0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|C7fIlMZDuRiqjpYbb|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|0|0|0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|CykQaM33ztNt0csB9a|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|0|0|0|ShADad|6|1457|4|949|
XXXXXXXXXX.XXXXXX|CtxTCR2Yer0FR1tIBg|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|0|0|0|ShADad|6|1468|4|950|
XXXXXXXXXX.XXXXXX|CpmdRlaUoJLN3uIRa|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|0|0|0|Dd|1|66|1|117|
XXXXXXXXXX.XXXXXX|C1Xkzz2MaGtLrc1Tla|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|0|0|0|Dd|1|80|1|127|
XXXXXXXXXX.XXXXXX|CqlVyW1YwZ15RhTBc4|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|0|0|0|Dd|1|66|1|211|
XXXXXXXXXX.XXXXXX|CLNN1k2QMum1aexUK7|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|0|0|0|ShADad|6|1498|4|950|
XXXXXXXXXX.XXXXXX|CBA8792iHmnhPLksKa|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|0|0|0|Dd|1|64|1|159|
XXXXXXXXXX.XXXXXX|CGLPPc35OzDQij1XX8|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|0|0|0|Dd|1|64|1|226|
XXXXXXXXXX.XXXXXX|CiyBAq1bBLNaTiTAc|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|0|0|0|ShADad|4|750|3|576|
XXXXXXXXXX.XXXXXX|CFSwNi4CNGxcuffo49|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|0|0|0|^h|0|0|1|48|
XXXXXXXXXX.XXXXXX|Cipfzj1BEnhejw8cGf|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|0|0|0|D|1|85|0|0|
XXXXXXXXXX.XXXXXX|CV5WJ42jPYbNW9JNWf|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|0|0|0|D|7|546|0|0|
XXXXXXXXXX.XXXXXX|CPhDKt12KQPUVbQz06|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|1|0|0|D|2|162|0|0|
XXXXXXXXXX.XXXXXX|CAnFrb2Cvxr5T7quOc|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|0|0|0|D|2|122|0|0|
XXXXXXXXXX.XXXXXX|C8rquZ3DjgNW06JGLl|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|1|0|0|D|2|162|0|0|
XXXXXXXXXX.XXXXXX|CzrZOtXqhwwndQva3|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|0|0|0|D|2|122|0|0|
XXXXXXXXXX.XXXXXX|CaGCc13FffXe6RkQl9|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|0|0|0|D|1|78|0|0|

10
testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log
View file

@ -7,9 +7,9 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.133.100 49648 192.168.133.102 25 tcp - 0.004707 0 0 S1 - - 0 Sh 1 64 1 60 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF T T 0 Dd 1 62 1 128 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 T T 0 D 1 229 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 T F 0 Sh 1 48 1 48 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH T F 0 Da 1 93 1 52 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.133.100 49648 192.168.133.102 25 tcp - 0.004707 0 0 S1 T T 0 Sh 1 64 1 60 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.frameworks.notice.file-info-multiple-conns/files.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 CHhAvVGS1DHFjwGM9 127.0.0.1 48768 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 - F 34 34 0 0 F -
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 ClEkJM2Vm5giqnMf4h 127.0.0.1 48770 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 - F 34 34 0 0 F -
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 C4J4Th3PJpwUYZZ6gc 127.0.0.1 48776 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 - F 34 34 0 0 F -
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 CHhAvVGS1DHFjwGM9 127.0.0.1 48768 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 T F 34 34 0 0 F -
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 ClEkJM2Vm5giqnMf4h 127.0.0.1 48770 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 T F 34 34 0 0 F -
XXXXXXXXXX.XXXXXX FDXrtA2UOyNDs2wzk8 C4J4Th3PJpwUYZZ6gc 127.0.0.1 48776 127.0.0.1 8080 HTTP 0 SHA1 text/plain - 0.002150 T F 34 34 0 0 F -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.cwd-navigation/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 - - 233 ShAdDaGg 4139 206914 4178 326799 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 T T 233 ShAdDaGg 4139 206914 4178 326799 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51354 127.0.0.1 21 tcp - 9.891089 34 71 SF - - 0 ShAdDaFf 13 718 10 599 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51354 127.0.0.1 21 tcp - 9.891089 34 71 SF T T 0 ShAdDaFf 13 718 10 599 -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
View file

@ -7,9 +7,9 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF F F 0 ShAdfFa 4 216 4 562 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF F F 0 ShAdfFa 4 216 4 297 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF F F 0 ShADaFf 5 614 3 164 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF F F 0 ShADaFf 5 349 3 164 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF F F 0 ShAdDfFa 38 2164 25 4458 -
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
View file

@ -7,10 +7,10 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - - 0 ShAdfFa 5 372 4 642 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - - 0 ShAdfFa 5 372 4 343 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - - 0 ShAdfFa 5 372 4 377 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - - 0 ShADFaf 5 449 4 300 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - - 0 ShAdDfFa 57 4426 34 5908 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - - 0 ShADFaf 5 714 4 300 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF F F 0 ShAdfFa 5 372 4 642 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF F F 0 ShAdfFa 5 372 4 343 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF F F 0 ShAdfFa 5 372 4 377 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF F F 0 ShADFaf 5 449 4 300 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF F F 0 ShAdDfFa 57 4426 34 5908 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF F F 0 ShADFaf 5 714 4 300 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-command-length/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 tcp ftp 0.213412 358 313 SF - - 0 ShAdDaFf 23 1562 17 1205 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 tcp ftp 0.213412 358 313 SF T T 0 ShAdDaFf 23 1562 17 1205 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-pending-commands/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 37950 127.0.0.1 21 tcp ftp 0.202144 98 261 SF - - 0 ShADadfF 21 1198 20 1309 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 37950 127.0.0.1 21 tcp ftp 0.202144 98 261 SF T T 0 ShADadfF 21 1198 20 1309 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51344 127.0.0.1 21 tcp - 10.862185 34 74 SF - - 0 ShAdDaFf 13 718 10 602 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51344 127.0.0.1 21 tcp - 10.862185 34 74 SF T T 0 ShAdDaFf 13 718 10 602 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51346 127.0.0.1 21 tcp - 11.705309 34 68 SF - - 0 ShAdDaFf 13 718 10 596 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51346 127.0.0.1 21 tcp - 11.705309 34 68 SF T T 0 ShAdDaFf 13 718 10 596 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,ssl,gridftp 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp gridftp-data,ssl 0.010760 2109 3196 S1 - - 0 ShADad 7 2481 6 3516 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,ssl,gridftp 0.294743 4491 6659 SF T T 0 ShAdDaFf 22 5643 21 7759 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp gridftp-data,ssl 0.010760 2109 3196 S1 T T 0 ShADad 7 2481 6 3516 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.http.concurrent-range-requests/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 tcp http 0.125216 117 10290 SF - - 0 ShADadFf 9 593 7 10662 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 tcp http 0.173517 111 10284 SF - - 0 ShADadtFf 11 703 10 10812 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 tcp http 0.124639 117 10290 SF - - 0 ShADadFf 11 697 9 10766 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 tcp http 0.125216 117 10290 SF T F 0 ShADadFf 9 593 7 10662 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 tcp http 0.173517 111 10284 SF T F 0 ShADadtFf 11 703 10 10812 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 tcp http 0.124639 117 10290 SF T F 0 ShADadFf 11 697 9 10766 -
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.http.concurrent-range-requests/files.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 - F 30003 104857600 179998 0 T -
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 - F 30003 104857600 179998 0 T -
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 - F 30003 104857600 179998 0 T -
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 F F 30003 104857600 179998 0 T -
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 F F 30003 104857600 179998 0 T -
XXXXXXXXXX.XXXXXX FaGjhv1ozACeoEnwg5 ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 HTTP 0 (empty) - - 0.076646 F F 30003 104857600 179998 0 T -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 T T 0 ShAaDd 29 5744 29 57599 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp smtp,http 6.722274 1685 223 SF - - 0 ShADadtTfF 14 2257 16 944 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp smtp,http 6.722274 1685 223 SF F T 0 ShADadtTfF 14 2257 16 944 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.6.206 49783 5.2.136.90 80 tcp http 109.987365 36349 1483945 SF - - 0 ShADadfF 406 52601 1113 1528477 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.6.206 49783 5.2.136.90 80 tcp http 109.987365 36349 1483945 SF T F 0 ShADadfF 406 52601 1113 1528477 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.imap.starttls/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 tcp imap,ssl 2.827002 540 5653 SF - - 0 ShAdDafFr 18 1284 14 6225 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 tcp imap,ssl 2.827002 540 5653 SF T F 0 ShAdDafFr 18 1284 14 6225 -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/scripts.base.protocols.irc.basic/conn.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - - 0 ShAdDaFf 28 1592 43 44452 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - - 0 ShADdTtaf 63 3761 52 28194 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF T F 0 ShAdDaFf 28 1592 43 44452 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 T F 0 ShADdTtaf 63 3761 52 28194 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 tcp irc,ssl 4.923144 913 1903 SF - - 0 ShADadFRf 11 1469 9 2379 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 tcp irc,ssl 4.923144 913 1903 SF F F 0 ShADadFRf 11 1469 9 2379 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.krb.krb-service-name/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.202.110 43792 192.168.229.251 88 tcp krb_tcp 0.010000 110 90 S1 - - 0 ^hADd 2 214 2 206 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.202.110 43792 192.168.229.251 88 tcp krb_tcp 0.010000 110 90 S1 T T 0 ^hADd 2 214 2 206 -
#close XXXX-XX-XX-XX-XX-XX

18
testing/btest/Baseline/scripts.base.protocols.modbus.events/conn.log
View file

@ -7,13 +7,13 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.57 2387 10.0.0.3 502 tcp - 0.000493 0 0 SF - - 0 FafA 2 80 2 80 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.0.0.57 2579 10.0.0.8 502 tcp modbus 23.256631 24 0 SF - - 0 ShADaFf 6 272 5 208 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 tcp modbus 385.694948 112 138 S3 - - 0 ShADdf 20 920 12 626 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.9 3082 10.0.0.3 502 tcp modbus 177.095534 72 69 SF - - 0 ShADdFaf 16 720 9 437 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 10.0.0.57 2585 10.0.0.8 502 tcp - 76.561880 926 0 SF - - 0 ShADafF 8 1254 7 288 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 10.0.0.8 502 10.0.0.57 4446 tcp - 155.114237 128 0 SF - - 0 ShADaFf 16 776 15 608 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.66.235 2582 166.161.16.230 502 tcp - 2.905078 0 0 S0 - - 0 S 2 96 0 0 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp - 85.560847 1692 1278 S1 - - 0 ShADad 167 8380 181 8522 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 10.1.1.234 51411 10.10.5.85 502 tcp modbus 2100.811351 237936 4121200 S2 - - 0 ShADdaF 39659 2300216 20100 5166412 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.57 2387 10.0.0.3 502 tcp - 0.000493 0 0 SF T T 0 FafA 2 80 2 80 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.0.0.57 2579 10.0.0.8 502 tcp modbus 23.256631 24 0 SF T T 0 ShADaFf 6 272 5 208 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 tcp modbus 385.694948 112 138 S3 T T 0 ShADdf 20 920 12 626 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.9 3082 10.0.0.3 502 tcp modbus 177.095534 72 69 SF T T 0 ShADdFaf 16 720 9 437 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 10.0.0.57 2585 10.0.0.8 502 tcp - 76.561880 926 0 SF T T 0 ShADafF 8 1254 7 288 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 10.0.0.8 502 10.0.0.57 4446 tcp - 155.114237 128 0 SF T T 0 ShADaFf 16 776 15 608 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.66.235 2582 166.161.16.230 502 tcp - 2.905078 0 0 S0 T F 0 S 2 96 0 0 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp - 85.560847 1692 1278 S1 T F 0 ShADad 167 8380 181 8522 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 10.1.1.234 51411 10.10.5.85 502 tcp modbus 2100.811351 237936 4121200 S2 T T 0 ShADdaF 39659 2300216 20100 5166412 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.mysql.encrypted-aws-rds/tls-12.conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 58132 79.107.90.25 3306 tcp ssl,mysql 2.043921 724 3255 SF - - 0 ShAdDaFf 14 1460 11 3835 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 58132 79.107.90.25 3306 tcp ssl,mysql 2.043921 724 3255 SF F F 0 ShAdDaFf 14 1460 11 3835 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.mysql.encrypted-aws-rds/tls-13.conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 57902 79.107.90.25 3306 tcp ssl,mysql 6.756360 1076 3776 SF - - 0 ShAdDaFf 19 2072 14 4512 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 57902 79.107.90.25 3306 tcp ssl,mysql 6.756360 1076 3776 SF F F 0 ShAdDaFf 19 2072 14 4512 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.mysql.encrypted/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59272 127.0.0.1 3306 tcp ssl,mysql 0.021783 713 1959 SF - - 0 ShAdDaFf 10 1241 8 2383 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59272 127.0.0.1 3306 tcp ssl,mysql 0.021783 713 1959 SF T T 0 ShAdDaFf 10 1241 8 2383 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.pop3.starttls/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp ssl,pop3 2.489002 851 2590 SF - - 0 ShAadDfFr 16 1695 17 3462 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp ssl,pop3 2.489002 851 2590 SF T T 0 ShAadDfFr 16 1695 17 3462 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.rdp.rdpeudp-handshake-fail/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.38.1 63568 192.168.38.102 3389 udp - 6.226782 3696 0 S0 - - 0 D 3 3780 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.38.1 63568 192.168.38.102 3389 udp - 6.226782 3696 0 S0 T T 0 D 3 3780 0 0 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.rdp.rdpeudp-handshake-success/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 61291 ::1 3389 udp rdpeudp 0.122551 1738 2655 SF - - 0 Dd 5 1978 5 2895 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 61291 ::1 3389 udp rdpeudp 0.122551 1738 2655 SF T T 0 Dd 5 1978 5 2895 -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.rdp.rdpeudp2-handshake-success/conn.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.5 65368 192.168.57.8 3389 udp rdpeudp 0.036087 2398 6585 SF - - 0 Dd 3 2482 7 6781 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.5 65368 192.168.57.8 3389 udp rdpeudp 0.036087 2398 6585 SF T T 0 Dd 3 2482 7 6781 -
#close XXXX-XX-XX-XX-XX-XX

1
testing/btest/Baseline/scripts.base.protocols.smb.smb2-fscontrol/out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[credit_charge=0, status=0, command=17, credits=2, flags=255, message_id=576460756581679103, process_id=213, tree_id=0, session_id=11555726885438752000, signature=\x01\x05\x05\x02\xa0`0^\xa000.\x06\x09*\x86]
[persistent=6859950276847483450, volatile=7016448126591398502]
[free_space_start_filtering=1869373806, free_space_threshold=1601467760, free_space_stop_filtering=1933860724, delete_quota_threshold=7308895133777551220, default_quota_limit=100, fs_control_flags=4278190080]

4
testing/btest/Baseline/scripts.base.protocols.smb.smb2-read-write/files.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FVTHwlRSH2WI8fFw2 CHhAvVGS1DHFjwGM9 169.254.128.18 49155 169.254.128.15 445 SMB 0 (empty) text/plain pythonfile 0.000000 - F 16 16 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX FAI5Dc4cLr5RAw3j0e CHhAvVGS1DHFjwGM9 169.254.128.18 49155 169.254.128.15 445 SMB 0 (empty) text/plain pythonfile2 0.000000 - T 7000 - 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX FVTHwlRSH2WI8fFw2 CHhAvVGS1DHFjwGM9 169.254.128.18 49155 169.254.128.15 445 SMB 0 (empty) text/plain pythonfile 0.000000 T F 16 16 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX FAI5Dc4cLr5RAw3j0e CHhAvVGS1DHFjwGM9 169.254.128.18 49155 169.254.128.15 445 SMB 0 (empty) text/plain pythonfile2 0.000000 T T 7000 - 0 0 F - - - - - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.smb.smb2/files.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string string bool count
XXXXXXXXXX.XXXXXX FwL5Z01az5ZsFYcHh5 CHhAvVGS1DHFjwGM9 10.0.0.11 49208 10.0.0.12 445 SMB 0 (empty) application/pdf WP_SMBPlugin.pdf 0.073970 - T 1508939 - 0 0 F - - - - - - -
XXXXXXXXXX.XXXXXX FwL5Z01az5ZsFYcHh5 CHhAvVGS1DHFjwGM9 10.0.0.11 49208 10.0.0.12 445 SMB 0 (empty) application/pdf WP_SMBPlugin.pdf 0.073970 T T 1508939 - 0 0 F - - - - - - -
#close XXXX-XX-XX-XX-XX-XX

Some files were not shown because too many files have changed in this diff Show more