diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 40af444a98..e20028cc60 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -209,7 +209,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			}
 		
 		int num_certs = sk_X509_num(chain);
-		chainVector = new VectorVal(new VectorType(base_type(TYPE_ANY)));
+		chainVector = new VectorVal(internal_type("any_vec")->AsVectorType());
 
 		for ( int i = 0; i < num_certs; i++ ) 
 			{
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
index 4e01411971..6de44b1fbf 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@@ -1,117 +1,118 @@
          0.000000 bro_init
          0.000000 filter_change_tracking
-1170717505.366729 ChecksumOffloading::check
-1170717505.366729 filter_change_tracking
-1170717505.366729 new_connection
-1170717505.548308 connection_established
-1170717505.549109 protocol_confirmation
-1170717505.549109 ssl_client_hello
-1170717505.734145 ssl_server_hello
-1170717505.735416 get_file_handle
-1170717505.735416 file_new
-1170717505.735416 file_over_new_connection
-1170717505.735416 x509_certificate
-1170717505.735416 x509_extension
-1170717505.735416 x509_ext_basic_constraints
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 file_hash
-1170717505.735416 file_hash
-1170717505.735416 file_state_remove
-1170717505.735416 get_file_handle
-1170717505.735416 file_new
-1170717505.735416 file_over_new_connection
-1170717505.735416 x509_certificate
-1170717505.735416 x509_extension
-1170717505.735416 x509_ext_basic_constraints
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 x509_extension
-1170717505.735416 file_hash
-1170717505.735416 file_hash
-1170717505.735416 file_state_remove
-1170717505.934612 ssl_established
-1170717508.515696 new_connection
-1170717508.696747 connection_established
-1170717508.697180 protocol_confirmation
-1170717508.697180 ssl_client_hello
-1170717508.881857 ssl_server_hello
-1170717508.883051 get_file_handle
-1170717508.883051 file_new
-1170717508.883051 file_over_new_connection
-1170717508.883051 x509_certificate
-1170717508.883051 x509_extension
-1170717508.883051 x509_ext_basic_constraints
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 file_hash
-1170717508.883051 file_hash
-1170717508.883051 file_state_remove
-1170717508.883051 get_file_handle
-1170717508.883051 file_new
-1170717508.883051 file_over_new_connection
-1170717508.883051 x509_certificate
-1170717508.883051 x509_extension
-1170717508.883051 x509_ext_basic_constraints
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 x509_extension
-1170717508.883051 file_hash
-1170717508.883051 file_hash
-1170717508.883051 file_state_remove
-1170717509.082241 ssl_established
-1170717511.541455 new_connection
-1170717511.722589 connection_established
-1170717511.722913 protocol_confirmation
-1170717511.722913 ssl_client_hello
-1170717511.908619 ssl_server_hello
-1170717511.909717 get_file_handle
-1170717511.909717 file_new
-1170717511.909717 file_over_new_connection
-1170717511.909717 x509_certificate
-1170717511.909717 x509_extension
-1170717511.909717 x509_ext_basic_constraints
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 file_hash
-1170717511.909717 file_hash
-1170717511.909717 file_state_remove
-1170717511.909717 get_file_handle
-1170717511.909717 file_new
-1170717511.909717 file_over_new_connection
-1170717511.909717 x509_certificate
-1170717511.909717 x509_extension
-1170717511.909717 x509_ext_basic_constraints
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 x509_extension
-1170717511.909717 file_hash
-1170717511.909717 file_hash
-1170717511.909717 file_state_remove
-1170717512.108799 ssl_established
-1170717528.851698 ChecksumOffloading::check
-1170717528.851698 connection_state_remove
-1170717531.882302 net_done
-1170717531.882302 filter_change_tracking
-1170717531.882302 connection_state_remove
-1170717531.882302 connection_state_remove
-1170717531.882302 bro_done
-1170717531.882302 ChecksumOffloading::check
+1254722767.492060 protocol_confirmation
+1254722767.492060 ChecksumOffloading::check
+1254722767.492060 filter_change_tracking
+1254722767.492060 new_connection
+1254722767.492060 dns_message
+1254722767.492060 dns_request
+1254722767.492060 dns_end
+1254722767.526085 dns_message
+1254722767.526085 dns_CNAME_reply
+1254722767.526085 dns_A_reply
+1254722767.526085 dns_end
+1254722767.529046 new_connection
+1254722767.875996 connection_established
+1254722768.219663 smtp_reply
+1254722768.219663 smtp_reply
+1254722768.219663 smtp_reply
+1254722768.224809 protocol_confirmation
+1254722768.224809 smtp_request
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.566183 smtp_reply
+1254722768.568729 smtp_request
+1254722768.911081 smtp_reply
+1254722768.911655 smtp_request
+1254722769.253544 smtp_reply
+1254722769.254118 smtp_request
+1254722769.613798 smtp_reply
+1254722769.614414 smtp_request
+1254722769.956765 smtp_reply
+1254722769.957250 smtp_request
+1254722770.319708 smtp_reply
+1254722770.320203 smtp_request
+1254722770.320203 mime_begin_entity
+1254722770.661679 smtp_reply
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692743 get_file_handle
+1254722770.692743 mime_end_entity
+1254722770.692743 get_file_handle
+1254722770.692743 file_new
+1254722770.692743 file_over_new_connection
+1254722770.692743 file_state_remove
+1254722770.692743 get_file_handle
+1254722770.692743 mime_begin_entity
+1254722770.692743 mime_one_header
+1254722770.692743 mime_one_header
+1254722770.692786 get_file_handle
+1254722770.692786 file_new
+1254722770.692786 file_over_new_connection
+1254722770.692804 get_file_handle
+1254722770.692804 mime_end_entity
+1254722770.692804 get_file_handle
+1254722770.692804 file_state_remove
+1254722770.692804 get_file_handle
+1254722770.692804 mime_end_entity
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 mime_begin_entity
+1254722770.692804 mime_one_header
+1254722770.692804 mime_one_header
+1254722770.692804 mime_one_header
+1254722770.692823 get_file_handle
+1254722770.692823 file_new
+1254722770.692823 file_over_new_connection
+1254722770.692823 get_file_handle
+1254722770.695115 new_connection
+1254722771.469814 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 mime_end_entity
+1254722771.858334 get_file_handle
+1254722771.858334 file_state_remove
+1254722771.858334 get_file_handle
+1254722771.858334 mime_end_entity
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 get_file_handle
+1254722771.858334 smtp_request
+1254722772.248789 smtp_reply
+1254722774.763825 smtp_request
+1254722775.105467 smtp_reply
+1254722776.690444 new_connection
+1254722776.690444 net_done
+1254722776.690444 ChecksumOffloading::check
+1254722776.690444 connection_state_remove
+1254722776.690444 filter_change_tracking
+1254722776.690444 connection_state_remove
+1254722776.690444 connection_state_remove
+1254722776.690444 connection_state_remove
+1254722776.690444 bro_done
+1254722776.690444 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
index f383249428..dc4e0fd8e5 100644
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@@ -1,479 +1,550 @@
          0.000000 bro_init
          0.000000 filter_change_tracking
-1170717505.366729 ChecksumOffloading::check
-1170717505.366729 filter_change_tracking
-1170717505.366729 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717505.366729, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717505.548308 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717505.366729, duration=0.181579, service={^J^J}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717505.549109 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
+1254722767.492060 protocol_confirmation
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] atype: enum        = Analyzer::ANALYZER_DNS
                   [2] aid: count         = 3
 
-1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 2
-                  [2] possible_ts: time  = 0.0
-                  [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
-                  [4] session_id: string = \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
+1254722767.492060 ChecksumOffloading::check
+1254722767.492060 filter_change_tracking
+1254722767.492060 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717513.0
-                  [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
+1254722767.492060 dns_message
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
+                  [3] len: count         = 34
 
-1170717505.735416 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+1254722767.492060 dns_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=<uninitialized>, qclass=<uninitialized>, qclass_name=<uninitialized>, qtype=<uninitialized>, qtype_name=<uninitialized>, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=F, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
+                  [2] query: string      = mail.patriots.in
+                  [3] qtype: count       = 1
+                  [4] qclass: count      = 1
 
-1170717505.735416 file_new
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722767.492060 dns_end
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0]
 
-1170717505.735416 file_over_new_connection
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
+1254722767.526085 dns_message
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=<uninitialized>, rcode_name=<uninitialized>, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=<uninitialized>, total_replies=<uninitialized>, saw_query=T, saw_reply=F]^J^I}, settings=[max_len=<uninitialized>], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [3] len: count         = 100
 
-1170717505.735416 x509_certificate
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722767.526085 dns_CNAME_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=<uninitialized>, TTLs=<uninitialized>, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [2] ans: dns_answer    = [answer_type=1, query=mail.patriots.in, qtype=5, qclass=1, TTL=3.0 hrs 27.0 secs]
+                  [3] name: string       = patriots.in
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+1254722767.526085 dns_A_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
+                  [2] ans: dns_answer    = [answer_type=1, query=patriots.in, qtype=1, qclass=1, TTL=3.0 hrs 28.0 secs]
+                  [3] a: addr            = 74.53.140.153
 
-1170717505.735416 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+1254722767.526085 dns_end
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] msg: dns_msg       = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
+1254722767.529046 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
+1254722767.875996 connection_established
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 
+                  [5] cont_resp: bool    = T
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = We do not authorize the use of this system to transport unsolicited, 
+                  [5] cont_resp: bool    = T
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = and/or bulk e-mail.
+                  [5] cont_resp: bool    = F
 
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717505.735416 file_state_remove
-                  [0] f: fa_file         = [id=FeCwNK3rzqPnZ7eBQ5, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717505.735416 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
-
-1170717505.735416 file_new
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
-
-1170717505.735416 file_over_new_connection
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [2] is_orig: bool      = F
-
-1170717505.735416 x509_certificate
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
-
-1170717505.735416 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
-
-1170717505.735416 x509_extension
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
-
-1170717505.735416 file_hash
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
-
-1170717505.735416 file_state_remove
-                  [0] f: fa_file         = [id=FfqS7r3rymnsSKq0m2, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717505.366729, duration=0.368687, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICXWv6p3arKYeMETxOg^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717505.735416, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.515696 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717508.515696, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.696747 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717508.515696, duration=0.181051, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.697180 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
+1254722768.224809 protocol_confirmation
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] atype: enum        = Analyzer::ANALYZER_SMTP
                   [2] aid: count         = 7
 
-1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486404.0
-                  [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
+1254722768.224809 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = EHLO
+                  [3] arg: string        = GP
 
-1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717516.0
-                  [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = xc90.websitewelcome.com Hello GP [122.162.143.157]
+                  [5] cont_resp: bool    = T
 
-1170717508.883051 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = SIZE 52428800
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = PIPELINING
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = AUTH PLAIN LOGIN
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = STARTTLS
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = HELP
+                  [5] cont_resp: bool    = F
+
+1254722768.568729 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = AUTH
+                  [3] arg: string        = LOGIN
+
+1254722768.911081 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH
+                  [4] msg: string        = VXNlcm5hbWU6
+                  [5] cont_resp: bool    = F
+
+1254722768.911655 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
+
+1254722769.253544 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = UGFzc3dvcmQ6
+                  [5] cont_resp: bool    = F
+
+1254722769.254118 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = cHVuamFiQDEyMw==
+
+1254722769.613798 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 235
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = Authentication succeeded
+                  [5] cont_resp: bool    = F
+
+1254722769.614414 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = MAIL
+                  [3] arg: string        = FROM: <gurpartap@patriots.in>
+
+1254722769.956765 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = MAIL
+                  [4] msg: string        = OK
+                  [5] cont_resp: bool    = F
+
+1254722769.957250 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = RCPT
+                  [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
+
+1254722770.319708 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = RCPT
+                  [4] msg: string        = Accepted
+                  [5] cont_resp: bool    = F
+
+1254722770.320203 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = DATA
+                  [3] arg: string        = 
+
+1254722770.320203 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.661679 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 354
+                  [3] cmd: string        = DATA
+                  [4] msg: string        = Enter message, ending with "." on a line by itself
+                  [5] cont_resp: bool    = F
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=FROM, value="Gurpartap Singh" <gurpartap@patriots.in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=TO, value=<raj_deol2002in@yahoo.co.in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=SUBJECT, value=SMTP]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=DATE, value=Mon, 5 Oct 2009 11:36:07 +0530]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=MESSAGE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=MIME-VERSION, value=1.0]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/mixed;^Iboundary="----=_NextPart_000_0004_01CA45B0.095693F0"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-MAILER, value=Microsoft Office Outlook 12.0]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=THREAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-LANGUAGE, value=en-us]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=X-CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}]
+
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/alternative;^Iboundary="----=_NextPart_001_0005_01CA45B0.095693F0"]
+
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Icharset="us-ascii"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=7bit]
+
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 file_new
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692743 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717508.883051 file_over_new_connection
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722770.692743 file_new
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=<uninitialized>, u2_events=<uninitialized>]
+
+1254722770.692743 file_over_new_connection
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 x509_certificate
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692743 file_state_remove
+                  [0] f: fa_file         = [id=Fel9gs4OtNEV6gUJZ5, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692743, seen_bytes=79, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J^M^J, mime_type=text/plain, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
 
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
-
-1170717508.883051 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717508.883051 file_state_remove
-                  [0] f: fa_file         = [id=FjkLnG4s34DVZlaBNc, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717508.883051 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 file_new
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692743 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717508.883051 file_over_new_connection
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/html;^Icharset="us-ascii"]
+
+1254722770.692743 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
+
+1254722770.692786 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717508.883051 x509_certificate
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692786 file_new
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692786, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=<uninitialized>, u2_events=<uninitialized>]
 
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
-
-1170717508.883051 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
-
-1170717508.883051 x509_extension
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
-
-1170717508.883051 file_hash
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
-
-1170717508.883051 file_state_remove
-                  [0] f: fa_file         = [id=FpMjNF4snD7UDqI5sk, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717508.515696, duration=0.367355, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICjhGID4nQcgTWjvg4c^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717508.883051, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.541455 new_connection
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717511.541455, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722589 connection_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1170717511.541455, duration=0.181134, service={^J^J}, addl=, hot=0, history=Sh, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722913 protocol_confirmation
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] atype: enum        = Analyzer::ANALYZER_SSL
-                  [2] aid: count         = 11
-
-1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486407.0
-                  [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717519.0
-                  [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
-                  [4] session_id: string = /\xaa(\x8eH\x1b\x1fO^GK^Z\xd9\x91\xa1T\xbc\x9c/^Q^R\xc3NY;\x8e^N\xd2\xec\xa6=\xc7\xb0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717511.909717 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692786 file_over_new_connection
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692786, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=[ts=1254722770.692786, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/html, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=3070, state=4, num_pkts=10, num_bytes_ip=2018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.16374, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 file_new
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
-
-1170717511.909717 file_over_new_connection
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 x509_certificate
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692804 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
 
-1170717511.909717 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
+1254722770.692804 file_state_remove
+                  [0] f: fa_file         = [id=Ft4M3f2yMvLlmwtbq9, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692804, seen_bytes=1918, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">^M^J^M^J<head>^M^J<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">^M^J<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">^M^J<style>^M^J<!--^M^J /* Font Definitions */^M^J @font-face^M^J^I{font-family:"Cambria Math";^M^J^Ipanose-1:2 4 5 3 5 4 6 3 2 4;}^M^J@font-face^M^J^I{font-family:Calibri;^M^J^Ipanose-1:2 15 5 2 2 2 4 3 2 4;}^M^J /* Style Definitions */^M^J p.MsoNormal, li.MsoNormal, div.MsoNormal^M^J^I{margin:0in;^M^J^Imargin-bottom:.0001pt;^M^J^Ifont-size:11.0pt;^M^J^Ifont-family:"Calibri","sans-serif";}^M^Ja:link, span.MsoHyperlink^M^J^I{mso-style-priority:99;^M^J^Icolor:blue;^M^J^Itext-decoration:underline;}^M^Ja:visited, span.MsoHyperlinkFollowed^M^J^I{mso-style-priority:99;^M^J^Icolor:purple;^M^J^Itext-decoration:underline;}^M^Jspan.EmailStyle17^M^J^I{mso-style-type:personal-c, mime_type=text/html, info=[ts=1254722770.692786, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=text/html, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]
-
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]
-
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = 2c322ae2b7fe91391345e070b63668978bb1c9da
-
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 38a0a008a978591ccbe41f50a174751a
-
-1170717511.909717 file_state_remove
-                  [0] f: fa_file         = [id=FQXAWgI2FB5STbrff, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^D|0\x82^C\xe5\xa0^C^B^A^B^B^P^D\xa7\x81^V\xf0^C(;\xda+\x84b^D\x9f\x9e\xcb0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x1e^W^M061114000000Z^W^M071114235959Z0\x81\xc01^K0^I^F^CU^D^F^S^BDE1^O0^M^F^CU^D^H^S^FBayern1^Q0^O^F^CU^D^G^T^HMuenchen1705^F^CU^D^J^T.AGIS Allianz Dresdner Informationssysteme GmbH1301^F^CU^D^K^T*Terms of use at www.verisign.com/rpa (c)001\x1f0\x1d^F^CU^D^C^T^Vwww.dresdner-privat.de0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xeb\xa8t~\xfb\xe3\xb4\xea\xbe\x8b\x1c=\xed\xea\x86^DbQ\xe0*Z\x9e\x86o\x98\xcb\xbc\xc5\xed\xc5\xc8\xcaV\x9dL\x92X\xe1k^So\xbc\xb7\xe5.\x98@\xf7\x8f\xd6\xa3\xc0^J\xabFR\x1b8\xfc^E \xe7\x80\xee\xc6]\xd5\xbb^C\xfc\xc5\x83\xba\x9ag^H\xfd,\xba\xa3^H\x94\xf0\xb3\x1f^V(\xf6^Ef[\xbf^?\xa8Y\xfa\xbe\x99k6b\xb8n\xc6\x83GSc^OZ\xb4Q\xc1\x88\xa8U\xb9\xd41m=*J\x95^J\xd1{\x87^B^C^A\0^A\xa3\x82^Ay0\x82^Au0^I^F^CU\x1d^S^D^B0\00^K^F^CU\x1d^O^D^D^C^B^E\xa00F^F^CU\x1d\x1f^D?0=0;\xa09\xa07\x865http://crl.verisign.com/Class3InternationalServer.crl0D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^W^C0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/rpa0(^F^CU\x1d%^D!0\x1f^F^I`\x86H^A\x86\xf8B^D^A^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B04^F^H+^F^A^E^E^G^A^A^D(0&0$^F^H+^F^A^E^E^G0^A\x86^Xhttp://ocsp.verisign.com0m^F^H+^F^A^E^E^G^A^L^Da0_\xa1]\xa0[0Y0W0U^V^Iimage/gif0!0\x1f0^G^F^E+^N^C^B^Z^D^T\x8f\xe5\xd3^Z\x86\xac\x8d\x8ek\xc3\xcf\x80j\xd4H^X,{^Y.0%^V#http://logo.verisign.com/vslogo.gif0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0/s\xe2o\xc1\x9e#~YP\x89\x95xo\xe9^D\xbd\x98TS`\xec^HR\xd2^J)\x92\x9am\xaa\xd5\xb1g\xc1b\xde\xc9^XNW=i\x9c\xb2^Cf\x92^C\xbb\xe8M\xc5\x98\xd4/B\xd9\xb6\xd2\xe0\x97^PXv\xcf\xe7\xd6\xa7\xcc\xbb\xdb%\xeeB]\xcb\xf0t\xab\xd2T\xe5\xe8\xbaQ^O\xa4\xc3>4\xfaR\xf2\xa0\xe6z\xf4\x8f\xdcvB\xbd=\xfcx\xc0\xb7\xeb^-\x1f\xc5\xa0^\xdf\xa0^Q\x87\xf8\xc3X^P\xc8y(\xf8\xe4, mime_type=binary, info=[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], u2_events=<uninitialized>]
-
-1170717511.909717 get_file_handle
-                  [0] tag: enum          = Analyzer::ANALYZER_SSL
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=1, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 file_new
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=<uninitialized>, u2_events=<uninitialized>]
+1254722770.692804 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 file_over_new_connection
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722770.692804 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                   [2] is_orig: bool      = F
 
-1170717511.909717 x509_certificate
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] cert_ref: opaque of x509 = <no value description>
-                  [2] cert: X509::Certificate = [version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>]
+1254722770.692804 mime_begin_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Iname="NEWS.txt"]
 
-1170717511.909717 x509_ext_basic_constraints
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::BasicConstraints = [ca=T, path_len=0]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]
+1254722770.692804 mime_one_header
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] h: mime_header_rec = [name=CONTENT-DISPOSITION, value=attachment;^Ifilename="NEWS.txt"]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]
+1254722770.692823 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]
+1254722770.692823 file_new
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692823, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=<uninitialized>, u2_events=<uninitialized>]
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]
+1254722770.692823 file_over_new_connection
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722770.692823, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=[ts=1254722770.692823, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 x509_extension
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] ext: X509::Extension = [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]
+1254722770.692823 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=5990, state=4, num_pkts=12, num_bytes_ip=5018, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163777, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = sha1
-                  [2] hash: string       = de0f3a63cad13841e9b62c94502cb189d7661e49
+1254722770.695115 new_connection
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
 
-1170717511.909717 file_hash
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
-                  [1] kind: string       = md5
-                  [2] hash: string       = 81c888530afcad916fbe71d9417bf10c
+1254722771.469814 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=7410, state=4, num_pkts=17, num_bytes_ip=12486, flow_label=0], resp=[size=462, state=4, num_pkts=12, num_bytes_ip=950, flow_label=0], start_time=1254722767.529046, duration=3.940768, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717511.909717 file_state_remove
-                  [0] f: fa_file         = [id=FUmSiM3TCtsyMGhcd, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp]] = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=2164, state=4, num_pkts=3, num_bytes_ip=1616, flow_label=0], start_time=1170717511.541455, duration=0.368262, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I^I194.127.84.106^J^I}, rx_hosts={^J^I^I192.150.187.164^J^I}, conn_uids={^J^I^ICCvvfg3TEfuqmmG4bh^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^IMD5,^J^I^ISHA1^J^I}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1170717511.909717, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=0\x82^C\x860\x82^B\xef\xa0^C^B^A^B^B^Px\xeeH\xde^X[ q\xc9\xc9\xc3\xb5\x1d{\xdd\xc10^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00_1^K0^I^F^CU^D^F^S^BUS1^W0^U^F^CU^D^J^S^NVeriSign, Inc.1705^F^CU^D^K^S.Class 3 Public Primary Certification Authority0\x1e^W^M970417000000Z^W^M111024235959Z0\x81\xba1\x1f0\x1d^F^CU^D^J^S^VVeriSign Trust Network1^W0^U^F^CU^D^K^S^NVeriSign, Inc.1301^F^CU^D^K^S*VeriSign International Server CA - Class 31I0G^F^CU^D^K^S@www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign0\x81\x9f0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x81\x8d\00\x81\x89^B\x81\x81\0\xd8\x82\x80\xe8\xd6^Y^B}\x1f\x85^X9%\xa2e+\xe1\xbf\xd4^E\xd3\xbc\xe66;\xaa\xf0Ll[\xb6\xe7\xaa<sEU\xb2\xf1\xbd\xea\x97B\xed\x9a4^J^U\xd4\xa9\\xf5@%\xdd\xd9^G\xc12\xb2ul\xc4\xca\xbb\xa3\xfeV'qC\xaac\xf50>\x93(\xe5\xfa\xf1^I;\xf3\xb7MN9\xf7\IZ\xb8\xc1\x1d\xd3\xb2\x8a\xfep0\x95B\xcb\xfe+Q\x8bZ<:\xf9"O\x90\xb2^B\xa7S\x9cO4\xe7\xab^D\xb2{o^B^C^A\0^A\xa3\x81\xe60\x81\xe30^O^F^CU\x1d^S^D^H0^F^A^A\xff^B^A\00D^F^CU\x1d ^D=0;09^F^K`\x86H^A\x86\xf8E^A^G^A^A0*0(^F^H+^F^A^E^E^G^B^A^V\x1chttps://www.verisign.com/CPS04^F^CU\x1d\x1f^D-0+0)\xa0'\xa0%\x86#http://crl.verisign.com/pca3-g2.crl04^F^CU\x1d%^D-0+^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B^F^I`\x86H^A\x86\xf8B^D^A^F^J`\x86H^A\x86\xf8E^A^H^A0^K^F^CU\x1d^O^D^D^C^B^A^F0^Q^F^I`\x86H^A\x86\xf8B^A^A^D^D^C^B^A^F0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0#]\xee\xa6$^E\xfdv\xd3j^Z\xd6\xbaF^F\xaaj^O^C\x90f\xb2\xb0\xa6\xc2\x9e\xc9\x1e\xa3US\xaf>E\xfd\xdc\x8c'\xddS8^I\xbb|K+\xba\x95J\xfepN\x1bi\xd6<\xf7O^G\xc5\xf2^WZL\xa2\x8f\xac^K\x8a^F\xdb\xb9\xd4k\xc5\x1dX\xda^WR\xe3!\xf1\xd2\xd7Z\xd5\xe5\xabY{!z\x86j\xd4\xfe^W^Q:S^M\x9c`\xa0J\xd9^\xe4\x1d^L)\xaa^S^Ge\x86\x1f\xbf\xb4\xc9\x82S\x9c,^B\x8f#, mime_type=binary, info=[ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], u2_events=<uninitialized>]
+1254722771.494181 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=8862, state=4, num_pkts=18, num_bytes_ip=13978, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965135, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.494181 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=8862, state=4, num_pkts=18, num_bytes_ip=13978, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965135, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717528.851698 ChecksumOffloading::check
-1170717528.851698 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=6012, state=5, num_pkts=61, num_bytes_ip=9160, flow_label=0], resp=[size=121583, state=5, num_pkts=101, num_bytes_ip=126847, flow_label=0], start_time=1170717508.515696, duration=3.001729, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFRfR, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.494199 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=10314, state=4, num_pkts=19, num_bytes_ip=15470, flow_label=0], resp=[size=462, state=4, num_pkts=13, num_bytes_ip=990, flow_label=0], start_time=1254722767.529046, duration=3.965153, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 net_done
-                  [0] t: time            = 1170717531.882302
+1254722771.834628 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=11766, state=4, num_pkts=20, num_bytes_ip=16962, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305582, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 filter_change_tracking
-1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=4879, state=5, num_pkts=32, num_bytes_ip=6555, flow_label=0], resp=[size=32965, state=6, num_pkts=36, num_bytes_ip=34813, flow_label=0], start_time=1170717505.366729, duration=23.667015, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFr, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.834655 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=13218, state=4, num_pkts=21, num_bytes_ip=18454, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 connection_state_remove
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=842, state=5, num_pkts=11, num_bytes_ip=1414, flow_label=0], resp=[size=3613, state=5, num_pkts=11, num_bytes_ip=4197, flow_label=0], start_time=1170717511.541455, duration=20.340781, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFfR, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+1254722771.834655 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=13218, state=4, num_pkts=21, num_bytes_ip=18454, flow_label=0], resp=[size=462, state=4, num_pkts=14, num_bytes_ip=1030, flow_label=0], start_time=1254722767.529046, duration=4.305609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
 
-1170717531.882302 bro_done
-1170717531.882302 ChecksumOffloading::check
+1254722771.858316 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14670, state=4, num_pkts=22, num_bytes_ip=19946, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.32927, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 file_state_remove
+                  [0] f: fa_file         = [id=FL9Y0d45OI4LpS6fmh, parent_id=<uninitialized>, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I^I<raj_deol2002in@yahoo.co.in>^J^I}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1254722771.858334, seen_bytes=10823, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=1024, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: 20^M^J  - Strip executable^M^J  - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20^M^J    k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J  - Enable use of processor specific built-in function, mime_type=text/plain, info=[ts=1254722770.692823, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=text/plain, filename=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], u2_events=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 mime_end_entity
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = T
+
+1254722771.858334 get_file_handle
+                  [0] tag: enum          = Analyzer::ANALYZER_SMTP
+                  [1] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [2] is_orig: bool      = F
+
+1254722771.858334 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = .
+                  [3] arg: string        = .
+
+1254722772.248789 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = .
+                  [4] msg: string        = OK id=1Mugho-0003Dg-Un
+                  [5] cont_resp: bool    = F
+
+1254722774.763825 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = QUIT
+                  [3] arg: string        = 
+
+1254722775.105467 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 221
+                  [3] cmd: string        = QUIT
+                  [4] msg: string        = xc90.websitewelcome.com closing connection
+                  [5] cont_resp: bool    = F
+
+1254722776.690444 new_connection
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 net_done
+                  [0] t: time            = 1254722776.690444
+
+1254722776.690444 ChecksumOffloading::check
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 filter_change_tracking
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 connection_state_remove
+                  [0] c: connection      = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+
+1254722776.690444 bro_done
+1254722776.690444 ChecksumOffloading::check
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
new file mode 100644
index 0000000000..4e01996097
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
@@ -0,0 +1,190 @@
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 
+                  [5] cont_resp: bool    = T
+
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = We do not authorize the use of this system to transport unsolicited, 
+                  [5] cont_resp: bool    = T
+
+1254722768.219663 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 220
+                  [3] cmd: string        = >
+                  [4] msg: string        = and/or bulk e-mail.
+                  [5] cont_resp: bool    = F
+
+1254722768.224809 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = EHLO
+                  [3] arg: string        = GP
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = xc90.websitewelcome.com Hello GP [122.162.143.157]
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = SIZE 52428800
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = PIPELINING
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = AUTH PLAIN LOGIN
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = STARTTLS
+                  [5] cont_resp: bool    = T
+
+1254722768.566183 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = EHLO
+                  [4] msg: string        = HELP
+                  [5] cont_resp: bool    = F
+
+1254722768.568729 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = AUTH
+                  [3] arg: string        = LOGIN
+
+1254722768.911081 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH
+                  [4] msg: string        = VXNlcm5hbWU6
+                  [5] cont_resp: bool    = F
+
+1254722768.911655 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = Z3VycGFydGFwQHBhdHJpb3RzLmlu
+
+1254722769.253544 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 334
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = UGFzc3dvcmQ6
+                  [5] cont_resp: bool    = F
+
+1254722769.254118 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = **
+                  [3] arg: string        = cHVuamFiQDEyMw==
+
+1254722769.613798 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 235
+                  [3] cmd: string        = AUTH_ANSWER
+                  [4] msg: string        = Authentication succeeded
+                  [5] cont_resp: bool    = F
+
+1254722769.614414 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = MAIL
+                  [3] arg: string        = FROM: <gurpartap@patriots.in>
+
+1254722769.956765 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = MAIL
+                  [4] msg: string        = OK
+                  [5] cont_resp: bool    = F
+
+1254722769.957250 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = RCPT
+                  [3] arg: string        = TO: <raj_deol2002in@yahoo.co.in>
+
+1254722770.319708 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = RCPT
+                  [4] msg: string        = Accepted
+                  [5] cont_resp: bool    = F
+
+1254722770.320203 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = DATA
+                  [3] arg: string        = 
+
+1254722770.661679 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 354
+                  [3] cmd: string        = DATA
+                  [4] msg: string        = Enter message, ending with "." on a line by itself
+                  [5] cont_resp: bool    = F
+
+1254722771.858334 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = .
+                  [3] arg: string        = .
+
+1254722772.248789 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<gurpartap@patriots.in>, rcptto={^J^I<raj_deol2002in@yahoo.co.in>^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={^J^I<raj_deol2002in@yahoo.co.in>^J}, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 250
+                  [3] cmd: string        = .
+                  [4] msg: string        = OK id=1Mugho-0003Dg-Un
+                  [5] cont_resp: bool    = F
+
+1254722774.763825 smtp_request
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = T
+                  [2] command: string    = QUIT
+                  [3] arg: string        = 
+
+1254722775.105467 smtp_reply
+                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
+                  [1] is_orig: bool      = F
+                  [2] code: count        = 221
+                  [3] cmd: string        = QUIT
+                  [4] msg: string        = xc90.websitewelcome.com closing connection
+                  [5] cont_resp: bool    = F
+
diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
deleted file mode 100644
index 1cab8fa5f2..0000000000
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log
+++ /dev/null
@@ -1,60 +0,0 @@
-1170717505.549109 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717505.366729, duration=0.18238, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 2
-                  [2] possible_ts: time  = 0.0
-                  [3] client_random: string = \xe6\xb8\xef\xdf\x91\xcfD\xf7\xea\xe4<\x839\x8f\xdc\xb2
-                  [4] session_id: string = \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717505.734145 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=87, state=4, num_pkts=3, num_bytes_ip=255, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717505.366729, duration=0.367416, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717513.0
-                  [3] server_random: string = +e\x8dQ\x83\xbb\xae\xdb\xf3^\x8f^Ro\xf9&\xb1Iy\xcdp=$*\xea\x99j_\xda
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717505.934612 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=269, state=4, num_pkts=5, num_bytes_ip=541, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717505.366729, duration=0.567883, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717505.549109, uid=CXWv6p3arKYeMETxOg, id=[orig_h=192.150.187.164, orig_p=58868/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717505.735416, fuid=FeCwNK3rzqPnZ7eBQ5, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FeCwNK3rzqPnZ7eBQ5, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717505.735416, fuid=FfqS7r3rymnsSKq0m2, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICXWv6p3arKYeMETxOg^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717505.735416, id=FfqS7r3rymnsSKq0m2, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FeCwNK3rzqPnZ7eBQ5, FfqS7r3rymnsSKq0m2], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717508.697180 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717508.515696, duration=0.181484, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486404.0
-                  [3] client_random: string = \xa8\xa2\xabs\x9ad\xab\xb4\xe6\x8c\xfc\xfc4p\xffbi\xb1\xa8hXP\x1f\xbb\xd12~\xd8
-                  [4] session_id: string = \xa8\xc1\xc5h^Y$\xe8^J2\xa1]^^? \xbc^?Q>V\xb2^U^C\x9d^MU\xde\xfd\xa5\xa3 \xc0
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717508.881857 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717508.515696, duration=0.366161, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717516.0
-                  [3] server_random: string = ^O\xac^?x#X|hC\x8c\x87\x87e3\xaf{^K\xaa*\x8f^Px\xeb\x8d^X"G\xe9
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717509.082241 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717508.515696, duration=0.566545, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CjhGID4nQcgTWjvg4c, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717508.69718, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=192.150.187.164, orig_p=58869/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=a8c1c5681924e80a32a15d5e7f20bc5e3f513e56b215039d0d55defda5a320c0, last_alert=<uninitialized>, analyzer_id=7, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717508.883051, fuid=FjkLnG4s34DVZlaBNc, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FjkLnG4s34DVZlaBNc, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717508.883051, fuid=FpMjNF4snD7UDqI5sk, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717508.883051, id=FpMjNF4snD7UDqI5sk, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FjkLnG4s34DVZlaBNc, FpMjNF4snD7UDqI5sk], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
-1170717511.722913 ssl_client_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], start_time=1170717511.541455, duration=0.181458, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 2486407.0
-                  [3] client_random: string = $^F^D\xbe/VD\xc8\xdf\xd2\xe5\x1c\xc2\xb3\xa3^Aq\xbdX\x85>\xd7\xc6\xe3\xfc\xd1\x88F
-                  [4] session_id: string = \x9eQ\xca\xef@\xad\x85\xf9\xf0=\xbb\x8c\x1f\xdc\x866!\x80\x8c1^Rr\xe1^BB\xcb@k\xf9^W\xbc\xd9
-                  [5] ciphers: vector of count = [57, 56, 53, 51, 50, 4, 5, 47, 22, 19, 65279, 10, 21, 18, 65278, 9, 100, 98, 3, 6]
-
-1170717511.908619 ssl_server_hello
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=120, state=4, num_pkts=3, num_bytes_ip=288, flow_label=0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], start_time=1170717511.541455, duration=0.367164, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-                  [1] version: count     = 769
-                  [2] possible_ts: time  = 1170717519.0
-                  [3] server_random: string = \xfd\x1b\x8c^S^H\xa2\xca\xac^A^O\xcbv\xe9\xbd!\x98}\x89|\xb6\xc0(\xcd\xb3^WmY^D
-                  [4] session_id: string = /\xaa(\x8eH\x1b\x1fO^GK^Z\xd9\x91\xa1T\xbc\x9c/^Q^R\xc3NY;\x8e^N\xd2\xec\xa6=\xc7\xb0
-                  [5] cipher: count      = 4
-                  [6] comp_method: count = 0
-
-1170717512.108799 ssl_established
-                  [0] c: connection      = [id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], orig=[size=302, state=4, num_pkts=5, num_bytes_ip=574, flow_label=0], resp=[size=2207, state=4, num_pkts=5, num_bytes_ip=2436, flow_label=0], start_time=1170717511.541455, duration=0.567344, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=CCvvfg3TEfuqmmG4bh, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1170717511.722913, uid=CCvvfg3TEfuqmmG4bh, id=[orig_h=192.150.187.164, orig_p=58870/tcp, resp_h=194.127.84.106, resp_p=443/tcp], version=TLSv10, cipher=TLS_RSA_WITH_RC4_128_MD5, server_name=<uninitialized>, session_id=9e51caef40ad85f9f03dbb8c1fdc863621808c311272e10242cb406bf917bcd9, last_alert=<uninitialized>, analyzer_id=11, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1170717511.909717, fuid=FQXAWgI2FB5STbrff, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1152, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=38a0a008a978591ccbe41f50a174751a, sha1=2c322ae2b7fe91391345e070b63668978bb1c9da, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FQXAWgI2FB5STbrff, certificate=[version=2, serial=04A78116F003283BDA2B8462049F9ECB, subject=CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE, issuer=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, not_valid_before=1163462400.0, not_valid_after=1195084799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:FALSE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Digital Signature, Key Encipherment], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/Class3InternationalServer.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.23.3^J  CPS: https://www.verisign.com/rpa^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=Netscape Server Gated Crypto, TLS Web Server Authentication, TLS Web Client Authentication], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.verisign.com^J], [name=1.3.6.1.5.5.7.1.12, short_name=UNDEF, oid=1.3.6.1.5.5.7.1.12, critical=F, value=0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif]], san=<uninitialized>, basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1170717511.909717, fuid=FUmSiM3TCtsyMGhcd, tx_hosts={^J^I194.127.84.106^J}, rx_hosts={^J^I192.150.187.164^J}, conn_uids={^J^ICCvvfg3TEfuqmmG4bh^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^IMD5,^J^ISHA1^J}, mime_type=binary, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=906, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=81c888530afcad916fbe71d9417bf10c, sha1=de0f3a63cad13841e9b62c94502cb189d7661e49, sha256=<uninitialized>, x509=[ts=1170717511.909717, id=FUmSiM3TCtsyMGhcd, certificate=[version=2, serial=78EE48DE185B2071C9C9C3B51D7BDDC1, subject=OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\, Inc.,O=VeriSign Trust Network, issuer=OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US, not_valid_before=861235200.0, not_valid_after=1319500799.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=1024, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=F, value=CA:TRUE, pathlen:0], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.1.1^J  CPS: https://www.verisign.com/CPS^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J  URI:http://crl.verisign.com/pca3-g2.crl^J], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=F, value=Certificate Sign, CRL Sign], [name=Netscape Cert Type, short_name=nsCertType, oid=2.16.840.1.113730.1.1, critical=F, value=SSL CA, S/MIME CA]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FQXAWgI2FB5STbrff, FUmSiM3TCtsyMGhcd], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=2, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
-
diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.bro
new file mode 100644
index 0000000000..5dd1e97f4e
--- /dev/null
+++ b/testing/btest/core/leaks/x509_verify.bro
@@ -0,0 +1,27 @@
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT
+# @TEST-EXEC: btest-bg-wait 15
+
+@load base/protocols/ssl
+
+event ssl_established(c: connection) &priority=3
+	{
+	local chain: vector of opaque of x509 = vector();
+	for ( i in c$ssl$cert_chain )
+		{
+		chain[i] = c$ssl$cert_chain[i]$x509$handle;
+		}
+
+	local result = x509_verify(chain, SSL::root_certs);
+	print fmt("Validation result: %s", result$result_string);
+	if ( result$result != 0 ) # not ok
+		return;
+
+	print "Resulting chain:";
+	for ( i in result$chain_certs )
+		{
+		local cert = result$chain_certs[i];
+		local certinfo = x509_parse(cert);
+		local sha1 = sha1_hash(x509_get_certificate_string(cert));
+		print fmt("Fingerprint: %s, Subject: %s", sha1, certinfo$subject);
+		}
+	}
diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.bro
index 59834b6854..49d3a47aee 100644
--- a/testing/btest/scripts/policy/misc/dump-events.bro
+++ b/testing/btest/scripts/policy/misc/dump-events.bro
@@ -1,7 +1,7 @@
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro >all-events.log
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
-# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include=/ssl_/ >ssl-events.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro >all-events.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
+# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro DumpEvents::include=/smtp_/ >smtp-events.log
 # 
 # @TEST-EXEC: btest-diff all-events.log
 # @TEST-EXEC: btest-diff all-events-no-args.log
-# @TEST-EXEC: btest-diff ssl-events.log
+# @TEST-EXEC: btest-diff smtp-events.log