Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add conn.log entries for connections with unhandled IP protocols

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-09-10 15:13:11 +02:00
parent a96515a2e8
commit 35ec9733c0
422 changed files with 97715 additions and 97282 deletions
Download patch file Download diff file Expand all files Collapse all files

54
testing/btest/Baseline/scripts.base.protocols.ssh.basic/conn.log
View file

@ -5,31 +5,31 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp ssh 6.159326 2669 2501 SF T F 0 ShAdDaFf 25 3981 20 3549 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 tcp ssh 2.079071 3813 3633 SF T F 0 ShADadFf 22 4965 26 5017 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 tcp ssh 6.641754 5253 3489 SF T T 0 ShADadFf 38 7241 29 5005 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 tcp ssh 3.862198 576 813 SF T T 0 ShAdDaFf 23 1784 16 1653 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 tcp ssh 2.557930 2757 1721 RSTR T T 0 ShADadFr 37 4693 29 3225 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 tcp ssh 8.841749 480 537 SF T T 0 ShAdDaFf 17 1376 14 1273 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 tcp ssh 1.106250 820 1125 SF T T 0 ShAdDaFf 26 2184 20 2173 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 tcp ssh 1.080767 692 997 SF T T 0 ShAdDaFf 25 2004 19 1993 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 tcp ssh 1.302395 660 965 SF T T 0 ShAdDaFf 26 2024 20 2013 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 tcp ssh 12.013506 588 549 SF T T 0 ShAdDaFf 19 1588 16 1389 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 tcp ssh 3.628964 684 825 SF T T 0 ShAdDaFf 25 1996 19 1821 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 tcp ssh 0.104978 500 609 SF T T 0 ShAdDaFf 14 1240 10 1137 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 tcp ssh 2.758790 576 813 SF T T 0 ShAdDaFf 23 1784 18 1757 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 59246 192.168.2.158 22 tcp ssh 3.076752 3049 4165 SF T T 0 ShADadFf 32 4725 23 5369 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 tcp ssh 8.485357 6087 3015 SF T F 0 ShADadFf 32 7759 33 4763 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 tcp ssh 1.910959 6471 6037 SF T F 0 ShADadFf 33 8195 29 7565 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41268 128.2.10.238 22 tcp ssh 2.710778 5613 2487 SF T F 0 ShADadFf 24 6869 20 3535 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 tcp ssh 3.658968 3729 2229 SF T T 0 ShADadFf 36 5613 24 3497 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.1.31 57621 192.168.1.255 57621 udp - - - - S0 T T 0 D 1 72 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 57621 192.168.1.31 57621 udp - - - - S0 T T 0 D 1 72 0 0 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51476 192.168.1.32 8118 tcp - 0.000539 76 0 SF T T 0 DaFfA 6 388 5 284 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 tcp ssh 4.926958 4029 2497 SF T T 0 ShAdDaFf 42 6249 27 3937 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 tcp ssh 0.587601 2885 2309 SF T F 0 ShADdaFf 16 3725 13 2993 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 tcp ssh 2.236727 4477 535101 SF T F 0 ShADadFf 179 13793 226 546861 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 tcp ssh 2.066433 4477 534861 SF T F 0 ShADadFf 183 14001 236 547141 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents protocol_id
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp ssh 6.159326 2669 2501 SF T F 0 ShAdDaFf 25 3981 20 3549 - 6
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 tcp ssh 2.079071 3813 3633 SF T F 0 ShADadFf 22 4965 26 5017 - 6
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 tcp ssh 6.641754 5253 3489 SF T T 0 ShADadFf 38 7241 29 5005 - 6
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 tcp ssh 3.862198 576 813 SF T T 0 ShAdDaFf 23 1784 16 1653 - 6
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 tcp ssh 2.557930 2757 1721 RSTR T T 0 ShADadFr 37 4693 29 3225 - 6
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 tcp ssh 8.841749 480 537 SF T T 0 ShAdDaFf 17 1376 14 1273 - 6
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 tcp ssh 1.106250 820 1125 SF T T 0 ShAdDaFf 26 2184 20 2173 - 6
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 tcp ssh 1.080767 692 997 SF T T 0 ShAdDaFf 25 2004 19 1993 - 6
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 tcp ssh 1.302395 660 965 SF T T 0 ShAdDaFf 26 2024 20 2013 - 6
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 tcp ssh 12.013506 588 549 SF T T 0 ShAdDaFf 19 1588 16 1389 - 6
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 tcp ssh 3.628964 684 825 SF T T 0 ShAdDaFf 25 1996 19 1821 - 6
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 tcp ssh 0.104978 500 609 SF T T 0 ShAdDaFf 14 1240 10 1137 - 6
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 tcp ssh 2.758790 576 813 SF T T 0 ShAdDaFf 23 1784 18 1757 - 6
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 59246 192.168.2.158 22 tcp ssh 3.076752 3049 4165 SF T T 0 ShADadFf 32 4725 23 5369 - 6
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 tcp ssh 8.485357 6087 3015 SF T F 0 ShADadFf 32 7759 33 4763 - 6
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 tcp ssh 1.910959 6471 6037 SF T F 0 ShADadFf 33 8195 29 7565 - 6
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41268 128.2.10.238 22 tcp ssh 2.710778 5613 2487 SF T F 0 ShADadFf 24 6869 20 3535 - 6
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 tcp ssh 3.658968 3729 2229 SF T T 0 ShADadFf 36 5613 24 3497 - 6
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.1.31 57621 192.168.1.255 57621 udp - - - - S0 T T 0 D 1 72 0 0 - 17
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 57621 192.168.1.31 57621 udp - - - - S0 T T 0 D 1 72 0 0 - 17
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51476 192.168.1.32 8118 tcp - 0.000539 76 0 SF T T 0 DaFfA 6 388 5 284 - 6
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 tcp ssh 4.926958 4029 2497 SF T T 0 ShAdDaFf 42 6249 27 3937 - 6
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 tcp ssh 0.587601 2885 2309 SF T F 0 ShADdaFf 16 3725 13 2993 - 6
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 tcp ssh 2.236727 4477 535101 SF T F 0 ShADadFf 179 13793 226 546861 - 6
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 tcp ssh 2.066433 4477 534861 SF T F 0 ShADadFf 183 14001 236 547141 - 6
#close XXXX-XX-XX-XX-XX-XX