Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Deprecate Val(double, TypeTag) ctor, add TimeVal/DoubleVal subclasses

Browse source 
This also updates all usages of the deprecated Val ctor to use
either IntervalVal, TimeVal, or DoubleVal ctors.  The reason for
doing away with the old constructor is that using it with TYPE_INTERVAL
isn't strictly correct since there exists a more specific subclass,
IntervalVal, with overriden ValDescribe() method that ought to be used
to print such values in a more descriptive way.
This commit is contained in:
Jon Siwek 2020-06-02 18:19:40 -07:00
parent a431f6b45d
commit 5b4313b593
76 changed files with 847 additions and 782 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -240,6 +240,9 @@ Deprecated Functionality
``RecordVal*`` for analyzer arguments and replaced those with methods ``RecordVal*`` for analyzer arguments and replaced those with methods
taking ``IntrusivePtr``. taking ``IntrusivePtr``.
- The ``Val(double, TypeTag)`` constructor is deprecated, use either
``IntervalVal()``, ``TimeVal()`` or ``DoubleVal()`` constructors.
Zeek 3.1.0 Zeek 3.1.0
========== ==========

2
aux/bifcl

@ -1 +1 @@
Subproject commit db2b7cb50926cd8d87b5a1820073a6387385b40c Subproject commit 03c0264fba8f4e4fd2a29de5098b5e6127cc3026

4
src/CompHash.cc
View file

@ -803,8 +803,10 @@ const char* CompositeHash::RecoverOneVal(const HashKey& k, const char* kp0,
if ( tag == TYPE_INTERVAL ) if ( tag == TYPE_INTERVAL )
*pval = make_intrusive<IntervalVal>(*kp, 1.0); *pval = make_intrusive<IntervalVal>(*kp, 1.0);
else if ( tag == TYPE_TIME )
*pval = make_intrusive<TimeVal>(*kp);
else else
*pval = make_intrusive<Val>(*kp, tag); *pval = make_intrusive<DoubleVal>(*kp);
} }
break; break;

4
src/Conn.cc
View file

@ -401,8 +401,8 @@ const IntrusivePtr<RecordVal>& Connection::ConnVal()
if ( root_analyzer ) if ( root_analyzer )
root_analyzer->UpdateConnVal(conn_val.get()); root_analyzer->UpdateConnVal(conn_val.get());
conn_val->Assign(3, make_intrusive<Val>(start_time, TYPE_TIME)); // ### conn_val->Assign(3, make_intrusive<TimeVal>(start_time)); // ###
conn_val->Assign(4, make_intrusive<Val>(last_time - start_time, TYPE_INTERVAL)); conn_val->Assign(4, make_intrusive<IntervalVal>(last_time - start_time));
conn_val->Assign(6, make_intrusive<StringVal>(history.c_str())); conn_val->Assign(6, make_intrusive<StringVal>(history.c_str()));
conn_val->Assign(11, val_mgr->Bool(is_successful)); conn_val->Assign(11, val_mgr->Bool(is_successful));

2
src/DNS_Mgr.cc
View file

@ -718,7 +718,7 @@ IntrusivePtr<Val> DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
{ {
auto r = make_intrusive<RecordVal>(dm_rec); auto r = make_intrusive<RecordVal>(dm_rec);
r->Assign(0, make_intrusive<Val>(dm->CreationTime(), TYPE_TIME)); r->Assign(0, make_intrusive<TimeVal>(dm->CreationTime()));
r->Assign(1, make_intrusive<StringVal>(dm->ReqHost() ? dm->ReqHost() : "")); r->Assign(1, make_intrusive<StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
r->Assign(2, make_intrusive<AddrVal>(dm->ReqAddr())); r->Assign(2, make_intrusive<AddrVal>(dm->ReqAddr()));
r->Assign(3, val_mgr->Bool(dm->Valid())); r->Assign(3, val_mgr->Bool(dm->Valid()));

14
src/Expr.cc
View file

@ -675,9 +675,11 @@ IntrusivePtr<Val> BinaryExpr::Fold(Val* v1, Val* v2) const
const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType(); const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType();
if ( ret_type->Tag() == TYPE_INTERVAL ) if ( ret_type->Tag() == TYPE_INTERVAL )
return make_intrusive<IntervalVal>(d3, 1.0); return make_intrusive<IntervalVal>(d3);
else if ( ret_type->InternalType() == TYPE_INTERNAL_DOUBLE ) else if ( ret_type->Tag() == TYPE_TIME )
return make_intrusive<Val>(d3, ret_type->Tag()); return make_intrusive<TimeVal>(d3);
else if ( ret_type->Tag() == TYPE_DOUBLE )
return make_intrusive<DoubleVal>(d3);
else if ( ret_type->InternalType() == TYPE_INTERNAL_UNSIGNED ) else if ( ret_type->InternalType() == TYPE_INTERNAL_UNSIGNED )
return val_mgr->Count(u3); return val_mgr->Count(u3);
else if ( ret_type->Tag() == TYPE_BOOL ) else if ( ret_type->Tag() == TYPE_BOOL )
@ -1097,9 +1099,9 @@ NegExpr::NegExpr(IntrusivePtr<Expr> arg_op)
IntrusivePtr<Val> NegExpr::Fold(Val* v) const IntrusivePtr<Val> NegExpr::Fold(Val* v) const
{ {
if ( v->GetType()->Tag() == TYPE_DOUBLE ) if ( v->GetType()->Tag() == TYPE_DOUBLE )
return make_intrusive<Val>(- v->InternalDouble(), v->GetType()->Tag()); return make_intrusive<DoubleVal>(- v->InternalDouble());
else if ( v->GetType()->Tag() == TYPE_INTERVAL ) else if ( v->GetType()->Tag() == TYPE_INTERVAL )
return make_intrusive<IntervalVal>(- v->InternalDouble(), 1.0); return make_intrusive<IntervalVal>(- v->InternalDouble());
else else
return val_mgr->Int(- v->CoerceToInt()); return val_mgr->Int(- v->CoerceToInt());
} }
@ -3461,7 +3463,7 @@ IntrusivePtr<Val> ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) cons
{ {
switch ( t ) { switch ( t ) {
case TYPE_INTERNAL_DOUBLE: case TYPE_INTERNAL_DOUBLE:
return make_intrusive<Val>(v->CoerceToDouble(), TYPE_DOUBLE); return make_intrusive<DoubleVal>(v->CoerceToDouble());
case TYPE_INTERNAL_INT: case TYPE_INTERNAL_INT:
return val_mgr->Int(v->CoerceToInt()); return val_mgr->Int(v->CoerceToInt());

2
src/File.cc
View file

@ -288,7 +288,7 @@ RecordVal* BroFile::Rotate()
return nullptr; return nullptr;
} }
info->Assign(2, make_intrusive<Val>(open_time, TYPE_TIME)); info->Assign<TimeVal>(2, open_time);
Unlink(); Unlink();

2
src/Reporter.cc
View file

@ -493,7 +493,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
vl.reserve(vl_size); vl.reserve(vl_size);
if ( time ) if ( time )
vl.emplace_back(make_intrusive<Val>(network_time ? network_time : current_time(), TYPE_TIME)); vl.emplace_back(make_intrusive<TimeVal>(network_time ? network_time : current_time()));
vl.emplace_back(make_intrusive<StringVal>(buffer)); vl.emplace_back(make_intrusive<StringVal>(buffer));

2
src/Stmt.cc
View file

@ -212,7 +212,7 @@ static void print_log(const std::vector<IntrusivePtr<Val>>& vals)
vec->Assign(vec->Size(), make_intrusive<StringVal>(d.Description())); vec->Assign(vec->Size(), make_intrusive<StringVal>(d.Description()));
} }
record->Assign(0, make_intrusive<Val>(current_time(), TYPE_TIME)); record->Assign(0, make_intrusive<TimeVal>(current_time()));
record->Assign(1, std::move(vec)); record->Assign(1, std::move(vec));
log_mgr->Write(plval.get(), record.get()); log_mgr->Write(plval.get(), record.get());
} }

26
src/Val.cc
View file

@ -271,14 +271,14 @@ IntrusivePtr<Val> Val::SizeVal() const
return val_mgr->Count(val.uint_val); return val_mgr->Count(val.uint_val);
case TYPE_INTERNAL_DOUBLE: case TYPE_INTERNAL_DOUBLE:
return make_intrusive<Val>(fabs(val.double_val), TYPE_DOUBLE); return make_intrusive<DoubleVal>(fabs(val.double_val));
case TYPE_INTERNAL_OTHER: case TYPE_INTERNAL_OTHER:
if ( type->Tag() == TYPE_FUNC ) if ( type->Tag() == TYPE_FUNC )
return val_mgr->Count(val.func_val->GetType()->ParamList()->Types().size()); return val_mgr->Count(val.func_val->GetType()->ParamList()->Types().size());
if ( type->Tag() == TYPE_FILE ) if ( type->Tag() == TYPE_FILE )
return make_intrusive<Val>(val.file_val->Size(), TYPE_DOUBLE); return make_intrusive<DoubleVal>(val.file_val->Size());
break; break;
default: default:
@ -666,11 +666,6 @@ IntrusivePtr<StringVal> Val::ToJSON(bool only_loggable, RE_Matcher* re)
return make_intrusive<StringVal>(buffer.GetString()); return make_intrusive<StringVal>(buffer.GetString());
} }
IntervalVal::IntervalVal(double quantity, double units) :
Val(quantity * units, TYPE_INTERVAL)
{
}
void IntervalVal::ValDescribe(ODesc* d) const void IntervalVal::ValDescribe(ODesc* d) const
{ {
using unit_word = std::pair<double, const char*>; using unit_word = std::pair<double, const char*>;
@ -925,7 +920,7 @@ unsigned int SubNetVal::MemoryAllocation() const
IntrusivePtr<Val> SubNetVal::SizeVal() const IntrusivePtr<Val> SubNetVal::SizeVal() const
{ {
int retained = 128 - val.subnet_val->LengthIPv6(); int retained = 128 - val.subnet_val->LengthIPv6();
return make_intrusive<Val>(pow(2.0, double(retained)), TYPE_DOUBLE); return make_intrusive<DoubleVal>(pow(2.0, double(retained)));
} }
void SubNetVal::ValDescribe(ODesc* d) const void SubNetVal::ValDescribe(ODesc* d) const
@ -3287,7 +3282,20 @@ IntrusivePtr<Val> check_and_promote(IntrusivePtr<Val> v, const BroType* t,
break; break;
case TYPE_INTERNAL_DOUBLE: case TYPE_INTERNAL_DOUBLE:
promoted_v = make_intrusive<Val>(v->CoerceToDouble(), t_tag); switch ( t_tag ) {
case TYPE_DOUBLE:
promoted_v = make_intrusive<DoubleVal>(v->CoerceToDouble());
break;
case TYPE_INTERVAL:
promoted_v = make_intrusive<IntervalVal>(v->CoerceToDouble());
break;
case TYPE_TIME:
promoted_v = make_intrusive<TimeVal>(v->CoerceToDouble());
break;
default:
reporter->InternalError("bad internal type in check_and_promote()");
return nullptr;
}
break; break;
default: default:

20
src/Val.h
View file

@ -120,6 +120,7 @@ class Val : public BroObj {
public: public:
static inline const IntrusivePtr<Val> nil; static inline const IntrusivePtr<Val> nil;
[[deprecated("Remove in v4.1. Use IntervalVal(), TimeVal(), or DoubleVal() constructors.")]]
Val(double d, TypeTag t) Val(double d, TypeTag t)
: val(d), type(base_type(t)) : val(d), type(base_type(t))
{} {}
@ -489,14 +490,27 @@ extern ValManager* val_mgr;
class IntervalVal final : public Val { class IntervalVal final : public Val {
public: public:
IntervalVal(double quantity, double units); IntervalVal(double quantity, double units = Seconds)
: Val(quantity * units, base_type(TYPE_INTERVAL))
{}
protected: protected:
IntervalVal() {}
void ValDescribe(ODesc* d) const override; void ValDescribe(ODesc* d) const override;
}; };
class TimeVal final : public Val {
public:
TimeVal(double t)
: Val(t, base_type(TYPE_TIME))
{}
};
class DoubleVal final : public Val {
public:
DoubleVal(double v)
: Val(v, base_type(TYPE_DOUBLE))
{}
};
class PortVal final : public Val { class PortVal final : public Val {
public: public:

2
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -94,7 +94,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
{ {
EnqueueConnEvent(conn_duration_threshold_crossed, EnqueueConnEvent(conn_duration_threshold_crossed,
ConnVal(), ConnVal(),
make_intrusive<Val>(duration_thresh, TYPE_INTERVAL), make_intrusive<IntervalVal>(duration_thresh),
val_mgr->Bool(is_orig) val_mgr->Bool(is_orig)
); );
duration_thresh = 0; duration_thresh = 0;

4
src/analyzer/protocol/conn-size/functions.bif
View file

@ -139,7 +139,7 @@ function get_current_conn_duration_threshold%(cid: conn_id%): interval
%{ %{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a ) if ( ! a )
return make_intrusive<Val>(0.0, TYPE_INTERVAL); return make_intrusive<IntervalVal>(0.0);
return make_intrusive<Val>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold(), TYPE_INTERVAL); return make_intrusive<IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
%} %}

2
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -57,7 +57,7 @@ refine flow DHCP_Flow += {
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op})); dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type})); dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid})); dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
dhcp_msg_val->Assign(3, make_intrusive<Val>(secs, TYPE_INTERVAL)); dhcp_msg_val->Assign(3, make_intrusive<IntervalVal>(secs));
dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags})); dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags}));
dhcp_msg_val->Assign(5, make_intrusive<AddrVal>(htonl(${msg.ciaddr}))); dhcp_msg_val->Assign(5, make_intrusive<AddrVal>(htonl(${msg.ciaddr})));
dhcp_msg_val->Assign(6, make_intrusive<AddrVal>(htonl(${msg.yiaddr}))); dhcp_msg_val->Assign(6, make_intrusive<AddrVal>(htonl(${msg.yiaddr})));

6
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -414,7 +414,7 @@ refine flow DHCP_Flow += {
function process_lease_option(v: OptionValue): bool function process_lease_option(v: OptionValue): bool
%{ %{
double lease = static_cast<double>(${v.lease}); double lease = static_cast<double>(${v.lease});
${context.flow}->options->Assign(11, make_intrusive<Val>(lease, TYPE_INTERVAL)); ${context.flow}->options->Assign(11, make_intrusive<IntervalVal>(lease));
return true; return true;
%} %}
@ -546,7 +546,7 @@ refine flow DHCP_Flow += {
function process_renewal_time_option(v: OptionValue): bool function process_renewal_time_option(v: OptionValue): bool
%{ %{
double renewal_time = static_cast<double>(${v.renewal_time}); double renewal_time = static_cast<double>(${v.renewal_time});
${context.flow}->options->Assign(16, make_intrusive<Val>(renewal_time, TYPE_INTERVAL)); ${context.flow}->options->Assign(16, make_intrusive<IntervalVal>(renewal_time));
return true; return true;
%} %}
@ -571,7 +571,7 @@ refine flow DHCP_Flow += {
function process_rebinding_time_option(v: OptionValue): bool function process_rebinding_time_option(v: OptionValue): bool
%{ %{
double rebinding_time = static_cast<double>(${v.rebinding_time}); double rebinding_time = static_cast<double>(${v.rebinding_time});
${context.flow}->options->Assign(17, make_intrusive<Val>(rebinding_time, TYPE_INTERVAL)); ${context.flow}->options->Assign(17, make_intrusive<IntervalVal>(rebinding_time));
return true; return true;
%} %}

8
src/analyzer/protocol/dns/DNS.cc
View file

@ -1519,8 +1519,8 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, make_intrusive<StringVal>(tsig->alg_name)); r->Assign(2, make_intrusive<StringVal>(tsig->alg_name));
r->Assign(3, make_intrusive<StringVal>(tsig->sig)); r->Assign(3, make_intrusive<StringVal>(tsig->sig));
r->Assign(4, make_intrusive<Val>(rtime, TYPE_TIME)); r->Assign(4, make_intrusive<TimeVal>(rtime));
r->Assign(5, make_intrusive<Val>(double(tsig->fudge), TYPE_TIME)); r->Assign(5, make_intrusive<TimeVal>(double(tsig->fudge)));
r->Assign(6, val_mgr->Count(tsig->orig_id)); r->Assign(6, val_mgr->Count(tsig->orig_id));
r->Assign(7, val_mgr->Count(tsig->rr_error)); r->Assign(7, val_mgr->Count(tsig->rr_error));
r->Assign(8, val_mgr->Count(is_query)); r->Assign(8, val_mgr->Count(is_query));
@ -1539,8 +1539,8 @@ IntrusivePtr<RecordVal> DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
r->Assign(3, val_mgr->Count(rrsig->algorithm)); r->Assign(3, val_mgr->Count(rrsig->algorithm));
r->Assign(4, val_mgr->Count(rrsig->labels)); r->Assign(4, val_mgr->Count(rrsig->labels));
r->Assign(5, make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds)); r->Assign(5, make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds));
r->Assign(6, make_intrusive<Val>(double(rrsig->sig_exp), TYPE_TIME)); r->Assign(6, make_intrusive<TimeVal>(double(rrsig->sig_exp)));
r->Assign(7, make_intrusive<Val>(double(rrsig->sig_incep), TYPE_TIME)); r->Assign(7, make_intrusive<TimeVal>(double(rrsig->sig_incep)));
r->Assign(8, val_mgr->Count(rrsig->key_tag)); r->Assign(8, val_mgr->Count(rrsig->key_tag));
r->Assign(9, make_intrusive<StringVal>(rrsig->signer_name)); r->Assign(9, make_intrusive<StringVal>(rrsig->signer_name));
r->Assign(10, make_intrusive<StringVal>(rrsig->signature)); r->Assign(10, make_intrusive<StringVal>(rrsig->signature));

6
src/analyzer/protocol/http/HTTP.cc
View file

@ -618,7 +618,7 @@ IntrusivePtr<RecordVal> HTTP_Message::BuildMessageStat(bool interrupted, const c
static auto http_message_stat = zeek::id::find_type<RecordType>("http_message_stat"); static auto http_message_stat = zeek::id::find_type<RecordType>("http_message_stat");
auto stat = make_intrusive<RecordVal>(http_message_stat); auto stat = make_intrusive<RecordVal>(http_message_stat);
int field = 0; int field = 0;
stat->Assign(field++, make_intrusive<Val>(start_time, TYPE_TIME)); stat->Assign(field++, make_intrusive<TimeVal>(start_time));
stat->Assign(field++, val_mgr->Bool(interrupted)); stat->Assign(field++, val_mgr->Bool(interrupted));
stat->Assign(field++, make_intrusive<StringVal>(msg)); stat->Assign(field++, make_intrusive<StringVal>(msg));
stat->Assign(field++, val_mgr->Count(body_length)); stat->Assign(field++, val_mgr->Count(body_length));
@ -1156,8 +1156,8 @@ void HTTP_Analyzer::GenStats()
auto r = make_intrusive<RecordVal>(http_stats_rec); auto r = make_intrusive<RecordVal>(http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests)); r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies)); r->Assign(1, val_mgr->Count(num_replies));
r->Assign(2, make_intrusive<Val>(request_version.ToDouble(), TYPE_DOUBLE)); r->Assign(2, make_intrusive<DoubleVal>(request_version.ToDouble()));
r->Assign(3, make_intrusive<Val>(reply_version.ToDouble(), TYPE_DOUBLE)); r->Assign(3, make_intrusive<DoubleVal>(reply_version.ToDouble()));
// DEBUG_MSG("%.6f http_stats\n", network_time); // DEBUG_MSG("%.6f http_stats\n", network_time);
EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); EnqueueConnEvent(http_stats, ConnVal(), std::move(r));

2
src/analyzer/protocol/krb/krb-asn1.pac
View file

@ -51,7 +51,7 @@ IntrusivePtr<Val> GetTimeFromAsn1(StringVal* atime, int64 usecs)
if ( !lResult ) if ( !lResult )
lResult = 0; lResult = 0;
return make_intrusive<Val>(double(lResult + double(usecs/100000.0)), TYPE_TIME); return make_intrusive<TimeVal>(double(lResult + double(usecs/100000.0)));
} }
%} %}

2
src/analyzer/protocol/ntlm/ntlm-analyzer.pac
View file

@ -12,7 +12,7 @@
// Bro can't support times back to the 1600's // Bro can't support times back to the 1600's
// so we subtract a lot of seconds. // so we subtract a lot of seconds.
auto bro_ts = make_intrusive<Val>(secs - 11644473600.0, TYPE_TIME); auto bro_ts = make_intrusive<TimeVal>(secs - 11644473600.0);
return bro_ts; return bro_ts;
} }

12
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -20,15 +20,15 @@
IntrusivePtr<Val> proc_ntp_short(const NTP_Short_Time* t) IntrusivePtr<Val> proc_ntp_short(const NTP_Short_Time* t)
{ {
if ( t->seconds() == 0 && t->fractions() == 0 ) if ( t->seconds() == 0 && t->fractions() == 0 )
return make_intrusive<Val>(0.0, TYPE_INTERVAL); return make_intrusive<IntervalVal>(0.0);
return make_intrusive<Val>(t->seconds() + t->fractions()*FRAC_16, TYPE_INTERVAL); return make_intrusive<IntervalVal>(t->seconds() + t->fractions()*FRAC_16);
} }
IntrusivePtr<Val> proc_ntp_timestamp(const NTP_Time* t) IntrusivePtr<Val> proc_ntp_timestamp(const NTP_Time* t)
{ {
if ( t->seconds() == 0 && t->fractions() == 0) if ( t->seconds() == 0 && t->fractions() == 0)
return make_intrusive<Val>(0.0, TYPE_TIME); return make_intrusive<TimeVal>(0.0);
return make_intrusive<Val>(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32, TYPE_TIME); return make_intrusive<TimeVal>(EPOCH_OFFSET + t->seconds() + t->fractions()*FRAC_32);
} }
// This builds the standard msg record // This builds the standard msg record
@ -37,8 +37,8 @@
auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::StandardMessage); auto rv = make_intrusive<RecordVal>(zeek::BifType::Record::NTP::StandardMessage);
rv->Assign(0, val_mgr->Count(${nsm.stratum})); rv->Assign(0, val_mgr->Count(${nsm.stratum}));
rv->Assign(1, make_intrusive<Val>(pow(2, ${nsm.poll}), TYPE_INTERVAL)); rv->Assign(1, make_intrusive<IntervalVal>(pow(2, ${nsm.poll})));
rv->Assign(2, make_intrusive<Val>(pow(2, ${nsm.precision}), TYPE_INTERVAL)); rv->Assign(2, make_intrusive<IntervalVal>(pow(2, ${nsm.precision})));
rv->Assign(3, proc_ntp_short(${nsm.root_delay})); rv->Assign(3, proc_ntp_short(${nsm.root_delay}));
rv->Assign(4, proc_ntp_short(${nsm.root_dispersion})); rv->Assign(4, proc_ntp_short(${nsm.root_dispersion}));

8
src/analyzer/protocol/rpc/MOUNT.cc
View file

@ -187,11 +187,11 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::info_t); auto info = make_intrusive<RecordVal>(zeek::BifType::Record::MOUNT3::info_t);
info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status)); info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status)); info->Assign(1, zeek::BifType::Enum::MOUNT3::status_t->GetVal(mount_status));
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(c->StartTime()));
info->Assign(3, make_intrusive<Val>(c->LastTime() - c->StartTime(), TYPE_INTERVAL)); info->Assign(3, make_intrusive<IntervalVal>(c->LastTime() - c->StartTime()));
info->Assign(4, val_mgr->Count(c->RPCLen())); info->Assign(4, val_mgr->Count(c->RPCLen()));
info->Assign(5, make_intrusive<Val>(rep_start_time, TYPE_TIME)); info->Assign(5, make_intrusive<TimeVal>(rep_start_time));
info->Assign(6, make_intrusive<Val>(rep_last_time - rep_start_time, TYPE_INTERVAL)); info->Assign(6, make_intrusive<IntervalVal>(rep_last_time - rep_start_time));
info->Assign(7, val_mgr->Count(reply_len)); info->Assign(7, val_mgr->Count(reply_len));
info->Assign(8, val_mgr->Count(c->Uid())); info->Assign(8, val_mgr->Count(c->Uid()));
info->Assign(9, val_mgr->Count(c->Gid())); info->Assign(9, val_mgr->Count(c->Gid()));

10
src/analyzer/protocol/rpc/NFS.cc
View file

@ -320,11 +320,11 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_
auto info = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::info_t); auto info = make_intrusive<RecordVal>(zeek::BifType::Record::NFS3::info_t);
info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status)); info->Assign(0, zeek::BifType::Enum::rpc_status->GetVal(rpc_status));
info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status)); info->Assign(1, zeek::BifType::Enum::NFS3::status_t->GetVal(nfs_status));
info->Assign(2, make_intrusive<Val>(c->StartTime(), TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(c->StartTime()));
info->Assign(3, make_intrusive<Val>(c->LastTime()-c->StartTime(), TYPE_INTERVAL)); info->Assign(3, make_intrusive<IntervalVal>(c->LastTime()-c->StartTime()));
info->Assign(4, val_mgr->Count(c->RPCLen())); info->Assign(4, val_mgr->Count(c->RPCLen()));
info->Assign(5, make_intrusive<Val>(rep_start_time, TYPE_TIME)); info->Assign(5, make_intrusive<TimeVal>(rep_start_time));
info->Assign(6, make_intrusive<Val>(rep_last_time-rep_start_time, TYPE_INTERVAL)); info->Assign(6, make_intrusive<IntervalVal>(rep_last_time-rep_start_time));
info->Assign(7, val_mgr->Count(reply_len)); info->Assign(7, val_mgr->Count(reply_len));
info->Assign(8, val_mgr->Count(c->Uid())); info->Assign(8, val_mgr->Count(c->Uid()));
info->Assign(9, val_mgr->Count(c->Gid())); info->Assign(9, val_mgr->Count(c->Gid()));
@ -803,7 +803,7 @@ IntrusivePtr<Val> NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
IntrusivePtr<Val> NFS_Interp::ExtractTime(const u_char*& buf, int& n) IntrusivePtr<Val> NFS_Interp::ExtractTime(const u_char*& buf, int& n)
{ {
return make_intrusive<Val>(extract_XDR_time(buf, n), TYPE_TIME); return make_intrusive<TimeVal>(extract_XDR_time(buf, n));
} }
IntrusivePtr<Val> NFS_Interp::ExtractInterval(const u_char*& buf, int& n) IntrusivePtr<Val> NFS_Interp::ExtractInterval(const u_char*& buf, int& n)

2
src/analyzer/protocol/rpc/RPC.cc
View file

@ -342,7 +342,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
val_mgr->Count(c->Version()), val_mgr->Count(c->Version()),
val_mgr->Count(c->Proc()), val_mgr->Count(c->Proc()),
zeek::BifType::Enum::rpc_status->GetVal(status), zeek::BifType::Enum::rpc_status->GetVal(status),
make_intrusive<Val>(c->StartTime(), TYPE_TIME), make_intrusive<TimeVal>(c->StartTime()),
val_mgr->Count(c->CallLen()), val_mgr->Count(c->CallLen()),
val_mgr->Count(reply_len) val_mgr->Count(reply_len)
); );

4
src/analyzer/protocol/smb/smb-time.pac
View file

@ -12,7 +12,7 @@ IntrusivePtr<Val> filetime2brotime(uint64_t ts)
// Bro can't support times back to the 1600's // Bro can't support times back to the 1600's
// so we subtract a lot of seconds. // so we subtract a lot of seconds.
double secs = (ts / 10000000.0L) - 11644473600.0L; double secs = (ts / 10000000.0L) - 11644473600.0L;
return make_intrusive<Val>(secs, TYPE_TIME); return make_intrusive<TimeVal>(secs);
} }
IntrusivePtr<Val> time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz) IntrusivePtr<Val> time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
@ -26,7 +26,7 @@ IntrusivePtr<Val> time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
lTime.tm_year = 1980 + ${d.year}; lTime.tm_year = 1980 + ${d.year};
lTime.tm_isdst = -1; lTime.tm_isdst = -1;
double lResult = mktime(&lTime); double lResult = mktime(&lTime);
return make_intrusive<Val>(lResult + tz, TYPE_TIME); return make_intrusive<TimeVal>(lResult + tz);
} }
IntrusivePtr<RecordVal> SMB_BuildMACTimes(uint64_t modify, uint64_t access, IntrusivePtr<RecordVal> SMB_BuildMACTimes(uint64_t modify, uint64_t access,

6
src/broker/Data.cc
View file

@ -108,7 +108,7 @@ struct val_converter {
result_type operator()(double a) result_type operator()(double a)
{ {
if ( type->Tag() == TYPE_DOUBLE ) if ( type->Tag() == TYPE_DOUBLE )
return make_intrusive<Val>(a, TYPE_DOUBLE); return make_intrusive<DoubleVal>(a);
return nullptr; return nullptr;
} }
@ -168,7 +168,7 @@ struct val_converter {
using namespace std::chrono; using namespace std::chrono;
auto s = duration_cast<broker::fractional_seconds>(a.time_since_epoch()); auto s = duration_cast<broker::fractional_seconds>(a.time_since_epoch());
return make_intrusive<Val>(s.count(), TYPE_TIME); return make_intrusive<TimeVal>(s.count());
} }
result_type operator()(broker::timespan& a) result_type operator()(broker::timespan& a)
@ -178,7 +178,7 @@ struct val_converter {
using namespace std::chrono; using namespace std::chrono;
auto s = duration_cast<broker::fractional_seconds>(a); auto s = duration_cast<broker::fractional_seconds>(a);
return make_intrusive<Val>(s.count(), TYPE_INTERVAL); return make_intrusive<IntervalVal>(s.count());
} }
result_type operator()(broker::enum_value& a) result_type operator()(broker::enum_value& a)

4
src/file_analysis/File.cc
View file

@ -115,7 +115,7 @@ File::~File()
void File::UpdateLastActivityTime() void File::UpdateLastActivityTime()
{ {
val->Assign(last_active_idx, make_intrusive<Val>(network_time, TYPE_TIME)); val->Assign(last_active_idx, make_intrusive<TimeVal>(network_time));
} }
double File::GetLastActivityTime() const double File::GetLastActivityTime() const
@ -200,7 +200,7 @@ double File::GetTimeoutInterval() const
void File::SetTimeoutInterval(double interval) void File::SetTimeoutInterval(double interval)
{ {
val->Assign(timeout_interval_idx, make_intrusive<Val>(interval, TYPE_INTERVAL)); val->Assign(timeout_interval_idx, make_intrusive<IntervalVal>(interval));
} }
bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes) bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)

10
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -64,11 +64,11 @@ void Entropy::Finalize()
static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result"); static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result); auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE)); ent_result->Assign<DoubleVal>(0, ent);
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE)); ent_result->Assign<DoubleVal>(1, chisq);
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE)); ent_result->Assign<DoubleVal>(2, mean);
ent_result->Assign(3, make_intrusive<Val>(montepi, TYPE_DOUBLE)); ent_result->Assign<DoubleVal>(3, montepi);
ent_result->Assign(4, make_intrusive<Val>(scc, TYPE_DOUBLE)); ent_result->Assign<DoubleVal>(4, scc);
mgr.Enqueue(file_entropy, mgr.Enqueue(file_entropy,
GetFile()->ToVal(), GetFile()->ToVal(),

2
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -98,7 +98,7 @@ refine flow File += {
{ {
auto fh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::FileHeader); auto fh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::FileHeader);
fh->Assign(0, val_mgr->Count(${h.Machine})); fh->Assign(0, val_mgr->Count(${h.Machine}));
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME)); fh->Assign(1, make_intrusive<TimeVal>(static_cast<double>(${h.TimeDateStamp})));
fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable})); fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols})); fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols}));
fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader})); fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader}));

6
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -74,7 +74,7 @@ refine flow Flow += {
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent); auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id})); ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
ids_event->Assign(1, val_mgr->Count(${ev.event_id})); ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME)); ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(3, val_mgr->Count(${ev.signature_id})); ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
ids_event->Assign(4, val_mgr->Count(${ev.generator_id})); ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision})); ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
@ -100,7 +100,7 @@ refine flow Flow += {
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent); auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id})); ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
ids_event->Assign(1, val_mgr->Count(${ev.event_id})); ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME)); ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
ids_event->Assign(3, val_mgr->Count(${ev.signature_id})); ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
ids_event->Assign(4, val_mgr->Count(${ev.generator_id})); ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision})); ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
@ -132,7 +132,7 @@ refine flow Flow += {
packet->Assign(0, val_mgr->Count(${pkt.sensor_id})); packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
packet->Assign(1, val_mgr->Count(${pkt.event_id})); packet->Assign(1, val_mgr->Count(${pkt.event_id}));
packet->Assign(2, val_mgr->Count(${pkt.event_second})); packet->Assign(2, val_mgr->Count(${pkt.event_second}));
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME)); packet->Assign(3, make_intrusive<TimeVal>(ts_to_double(${pkt.packet_ts})));
packet->Assign(4, val_mgr->Count(${pkt.link_type})); packet->Assign(4, val_mgr->Count(${pkt.link_type}));
packet->Assign(5, to_stringval(${pkt.packet_data})); packet->Assign(5, to_stringval(${pkt.packet_data}));

14
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -518,7 +518,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
produced_at = OCSP_resp_get0_produced_at(basic_resp); produced_at = OCSP_resp_get0_produced_at(basic_resp);
#endif #endif
vl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); vl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(produced_at, GetFile(), reporter)));
// responses // responses
@ -566,7 +566,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
// revocation time and reason if revoked // revocation time and reason if revoked
if ( status == V_OCSP_CERTSTATUS_REVOKED ) if ( status == V_OCSP_CERTSTATUS_REVOKED )
{ {
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(revoke_time, GetFile(), reporter)));
if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) if ( reason != OCSP_REVOKED_STATUS_NOSTATUS )
{ {
@ -578,19 +578,19 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
} }
else else
{ {
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(0.0));
rvl.emplace_back(make_intrusive<StringVal>(0, "")); rvl.emplace_back(make_intrusive<StringVal>(0, ""));
} }
if ( this_update ) if ( this_update )
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(this_update, GetFile(), reporter)));
else else
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(0.0));
if ( next_update ) if ( next_update )
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(next_update, GetFile(), reporter)));
else else
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME)); rvl.emplace_back(make_intrusive<TimeVal>(0.0));
if ( ocsp_response_certificate ) if ( ocsp_response_certificate )
mgr.Enqueue(ocsp_response_certificate, std::move(rvl)); mgr.Enqueue(ocsp_response_certificate, std::move(rvl));

4
src/file_analysis/analyzer/x509/X509.cc
View file

@ -158,8 +158,8 @@ IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val,
pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf)); pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf));
BIO_free(bio); BIO_free(bio);
pX509Cert->Assign(5, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter), TYPE_TIME)); pX509Cert->Assign(5, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)));
pX509Cert->Assign(6, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter), TYPE_TIME)); pX509Cert->Assign(6, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)));
// we only read 255 bytes because byte 256 is always 0. // we only read 255 bytes because byte 256 is always 0.
// if the string is longer than 255, that will be our null-termination, // if the string is longer than 255, that will be our null-termination,

6
src/input/Manager.cc
View file

@ -2185,9 +2185,13 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
return val_mgr->Count(val->val.int_val).release(); return val_mgr->Count(val->val.int_val).release();
case TYPE_DOUBLE: case TYPE_DOUBLE:
return new DoubleVal(val->val.double_val);
case TYPE_TIME: case TYPE_TIME:
return new TimeVal(val->val.double_val);
case TYPE_INTERVAL: case TYPE_INTERVAL:
return new Val(val->val.double_val, val->type); return new IntervalVal(val->val.double_val);
case TYPE_STRING: case TYPE_STRING:
{ {

4
src/logging/Manager.cc
View file

@ -1511,8 +1511,8 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
info->Assign(0, {NewRef{}, winfo->type}); info->Assign(0, {NewRef{}, winfo->type});
info->Assign(1, make_intrusive<StringVal>(new_name)); info->Assign(1, make_intrusive<StringVal>(new_name));
info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path)); info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path));
info->Assign(3, make_intrusive<Val>(open, TYPE_TIME)); info->Assign(3, make_intrusive<TimeVal>(open));
info->Assign(4, make_intrusive<Val>(close, TYPE_TIME)); info->Assign(4, make_intrusive<TimeVal>(close));
info->Assign(5, val_mgr->Bool(terminating)); info->Assign(5, val_mgr->Bool(terminating));
Func* func = winfo->postprocessor; Func* func = winfo->postprocessor;

2
src/probabilistic/cardinality-counter.bif
View file

@ -113,7 +113,7 @@ function hll_cardinality_estimate%(handle: opaque of cardinality%): double
double estimate = h->Size(); double estimate = h->Size();
return make_intrusive<Val>(estimate, TYPE_DOUBLE); return make_intrusive<DoubleVal>(estimate);
%} %}
## Copy a HLL cardinality counter. ## Copy a HLL cardinality counter.

2
src/reporter.bif
View file

@ -232,7 +232,7 @@ function Reporter::set_weird_sampling_rate%(weird_sampling_rate: count%) : bool
## Returns: weird sampling duration. ## Returns: weird sampling duration.
function Reporter::get_weird_sampling_duration%(%) : interval function Reporter::get_weird_sampling_duration%(%) : interval
%{ %{
return make_intrusive<Val>(reporter->GetWeirdSamplingDuration(), TYPE_INTERVAL); return make_intrusive<IntervalVal>(reporter->GetWeirdSamplingDuration());
%} %}
## Sets the current weird sampling duration. Please note that ## Sets the current weird sampling duration. Please note that

2
src/scan.l
View file

@ -478,7 +478,7 @@ F RET_CONST(val_mgr->False()->Ref())
{D} { {D} {
RET_CONST(val_mgr->Count(static_cast<bro_uint_t>(strtoull(yytext, (char**) NULL, 10))).release()) RET_CONST(val_mgr->Count(static_cast<bro_uint_t>(strtoull(yytext, (char**) NULL, 10))).release())
} }
{FLOAT} RET_CONST(new Val(atof(yytext), TYPE_DOUBLE)) {FLOAT} RET_CONST(new DoubleVal(atof(yytext)))
{D}"/tcp" { {D}"/tcp" {
uint32_t p = atoi(yytext); uint32_t p = atoi(yytext);

2
src/stats.bif
View file

@ -152,7 +152,7 @@ function get_proc_stats%(%): ProcStats
r->Assign(n++, val_mgr->Count(0)); r->Assign(n++, val_mgr->Count(0));
#endif #endif
r->Assign(n++, make_intrusive<Val>(bro_start_time, TYPE_TIME)); r->Assign(n++, make_intrusive<TimeVal>(bro_start_time));
r->Assign(n++, make_intrusive<IntervalVal>(elapsed_time, Seconds)); r->Assign(n++, make_intrusive<IntervalVal>(elapsed_time, Seconds));
r->Assign(n++, make_intrusive<IntervalVal>(user_time, Seconds)); r->Assign(n++, make_intrusive<IntervalVal>(user_time, Seconds));

6
src/threading/SerialTypes.cc
View file

@ -456,9 +456,13 @@ Val* Value::ValueToVal(const std::string& source, const Value* val, bool& have_e
return val_mgr->Count(val->val.int_val).release(); return val_mgr->Count(val->val.int_val).release();
case TYPE_DOUBLE: case TYPE_DOUBLE:
return new DoubleVal(val->val.double_val);
case TYPE_TIME: case TYPE_TIME:
return new TimeVal(val->val.double_val);
case TYPE_INTERVAL: case TYPE_INTERVAL:
return new Val(val->val.double_val, val->type); return new IntervalVal(val->val.double_val);
case TYPE_STRING: case TYPE_STRING:
{ {

4
src/util.cc
View file

@ -1861,8 +1861,8 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
{ {
rotate_info->Assign<StringVal>(0, name); rotate_info->Assign<StringVal>(0, name);
rotate_info->Assign<StringVal>(1, newname); rotate_info->Assign<StringVal>(1, newname);
rotate_info->Assign<Val>(2, network_time, TYPE_TIME); rotate_info->Assign<TimeVal>(2, network_time);
rotate_info->Assign<Val>(3, network_time, TYPE_TIME); rotate_info->Assign<TimeVal>(3, network_time);
} }
return newf; return newf;

2
src/zeek-setup.cc
View file

@ -220,7 +220,7 @@ void done_with_network()
mgr.Drain(); mgr.Drain();
// Don't propagate this event to remote clients. // Don't propagate this event to remote clients.
mgr.Dispatch(new Event(net_done, mgr.Dispatch(new Event(net_done,
{make_intrusive<Val>(timer_mgr->Time(), TYPE_TIME)}), {make_intrusive<TimeVal>(timer_mgr->Time())}),
true); true);
} }

84
src/zeek.bif
View file

@ -319,7 +319,7 @@ static int next_fmt(const char*& fmt, const zeek::Args* args, ODesc* d, int& n)
## .. zeek:see:: network_time ## .. zeek:see:: network_time
function current_time%(%): time function current_time%(%): time
%{ %{
return make_intrusive<Val>(current_time(), TYPE_TIME); return make_intrusive<TimeVal>(current_time());
%} %}
## Returns the timestamp of the last packet processed. This function returns ## Returns the timestamp of the last packet processed. This function returns
@ -331,7 +331,7 @@ function current_time%(%): time
## .. zeek:see:: current_time ## .. zeek:see:: current_time
function network_time%(%): time function network_time%(%): time
%{ %{
return make_intrusive<Val>(network_time, TYPE_TIME); return make_intrusive<TimeVal>(network_time);
%} %}
## Returns a system environment variable. ## Returns a system environment variable.
@ -1053,11 +1053,11 @@ function find_entropy%(data: string%): entropy_test_result
static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result"); static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result); auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE)); ent_result->Assign(0, make_intrusive<DoubleVal>(ent));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE)); ent_result->Assign(1, make_intrusive<DoubleVal>(chisq));
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE)); ent_result->Assign(2, make_intrusive<DoubleVal>(mean));
ent_result->Assign(3, make_intrusive<Val>(montepi, TYPE_DOUBLE)); ent_result->Assign(3, make_intrusive<DoubleVal>(montepi));
ent_result->Assign(4, make_intrusive<Val>(scc, TYPE_DOUBLE)); ent_result->Assign(4, make_intrusive<DoubleVal>(scc));
return ent_result; return ent_result;
%} %}
@ -1105,11 +1105,11 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result
static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result"); static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result); auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE)); ent_result->Assign(0, make_intrusive<DoubleVal>(ent));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE)); ent_result->Assign(1, make_intrusive<DoubleVal>(chisq));
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE)); ent_result->Assign(2, make_intrusive<DoubleVal>(mean));
ent_result->Assign(3, make_intrusive<Val>(montepi, TYPE_DOUBLE)); ent_result->Assign(3, make_intrusive<DoubleVal>(montepi));
ent_result->Assign(4, make_intrusive<Val>(scc, TYPE_DOUBLE)); ent_result->Assign(4, make_intrusive<DoubleVal>(scc));
return ent_result; return ent_result;
%} %}
@ -1723,7 +1723,7 @@ function print_raw%(...%): bool
## .. zeek:see:: sqrt exp ln log10 ## .. zeek:see:: sqrt exp ln log10
function floor%(d: double%): double function floor%(d: double%): double
%{ %{
return make_intrusive<Val>(floor(d), TYPE_DOUBLE); return make_intrusive<DoubleVal>(floor(d));
%} %}
## Computes the square root of a :zeek:type:`double`. ## Computes the square root of a :zeek:type:`double`.
@ -1738,10 +1738,10 @@ function sqrt%(x: double%): double
if ( x < 0 ) if ( x < 0 )
{ {
reporter->Error("negative sqrt argument"); reporter->Error("negative sqrt argument");
return make_intrusive<Val>(-1.0, TYPE_DOUBLE); return make_intrusive<DoubleVal>(-1.0);
} }
return make_intrusive<Val>(sqrt(x), TYPE_DOUBLE); return make_intrusive<DoubleVal>(sqrt(x));
%} %}
## Computes the exponential function. ## Computes the exponential function.
@ -1753,7 +1753,7 @@ function sqrt%(x: double%): double
## .. zeek:see:: floor sqrt ln log10 ## .. zeek:see:: floor sqrt ln log10
function exp%(d: double%): double function exp%(d: double%): double
%{ %{
return make_intrusive<Val>(exp(d), TYPE_DOUBLE); return make_intrusive<DoubleVal>(exp(d));
%} %}
## Computes the natural logarithm of a number. ## Computes the natural logarithm of a number.
@ -1765,7 +1765,7 @@ function exp%(d: double%): double
## .. zeek:see:: exp floor sqrt log10 ## .. zeek:see:: exp floor sqrt log10
function ln%(d: double%): double function ln%(d: double%): double
%{ %{
return make_intrusive<Val>(log(d), TYPE_DOUBLE); return make_intrusive<DoubleVal>(log(d));
%} %}
## Computes the common logarithm of a number. ## Computes the common logarithm of a number.
@ -1777,7 +1777,7 @@ function ln%(d: double%): double
## .. zeek:see:: exp floor sqrt ln ## .. zeek:see:: exp floor sqrt ln
function log10%(d: double%): double function log10%(d: double%): double
%{ %{
return make_intrusive<Val>(log10(d), TYPE_DOUBLE); return make_intrusive<DoubleVal>(log10(d));
%} %}
# =========================================================================== # ===========================================================================
@ -2363,7 +2363,7 @@ function to_count%(str: string%): count
## .. zeek:see:: double_to_interval ## .. zeek:see:: double_to_interval
function interval_to_double%(i: interval%): double function interval_to_double%(i: interval%): double
%{ %{
return make_intrusive<Val>(i, TYPE_DOUBLE); return make_intrusive<DoubleVal>(i);
%} %}
## Converts a :zeek:type:`time` value to a :zeek:type:`double`. ## Converts a :zeek:type:`time` value to a :zeek:type:`double`.
@ -2375,7 +2375,7 @@ function interval_to_double%(i: interval%): double
## .. zeek:see:: double_to_time ## .. zeek:see:: double_to_time
function time_to_double%(t: time%): double function time_to_double%(t: time%): double
%{ %{
return make_intrusive<Val>(t, TYPE_DOUBLE); return make_intrusive<DoubleVal>(t);
%} %}
## Converts a :zeek:type:`double` value to a :zeek:type:`time`. ## Converts a :zeek:type:`double` value to a :zeek:type:`time`.
@ -2387,7 +2387,7 @@ function time_to_double%(t: time%): double
## .. zeek:see:: time_to_double double_to_count ## .. zeek:see:: time_to_double double_to_count
function double_to_time%(d: double%): time function double_to_time%(d: double%): time
%{ %{
return make_intrusive<Val>(d, TYPE_TIME); return make_intrusive<TimeVal>(d);
%} %}
## Converts a :zeek:type:`double` to an :zeek:type:`interval`. ## Converts a :zeek:type:`double` to an :zeek:type:`interval`.
@ -2399,7 +2399,7 @@ function double_to_time%(d: double%): time
## .. zeek:see:: interval_to_double ## .. zeek:see:: interval_to_double
function double_to_interval%(d: double%): interval function double_to_interval%(d: double%): interval
%{ %{
return make_intrusive<IntervalVal>(d, Seconds); return make_intrusive<IntervalVal>(d);
%} %}
## Converts a :zeek:type:`port` to a :zeek:type:`count`. ## Converts a :zeek:type:`port` to a :zeek:type:`count`.
@ -2548,7 +2548,7 @@ function to_double%(str: string%): double
d = 0; d = 0;
} }
return make_intrusive<Val>(d, TYPE_DOUBLE); return make_intrusive<DoubleVal>(d);
%} %}
## Converts a :zeek:type:`count` to an :zeek:type:`addr`. ## Converts a :zeek:type:`count` to an :zeek:type:`addr`.
@ -2637,13 +2637,13 @@ function bytestring_to_double%(s: string%): double
if ( s->Len() != sizeof(double) ) if ( s->Len() != sizeof(double) )
{ {
builtin_error("bad conversion to double"); builtin_error("bad conversion to double");
return make_intrusive<Val>(0.0, TYPE_DOUBLE); return make_intrusive<DoubleVal>(0.0);
} }
// See #908 for a discussion of portability. // See #908 for a discussion of portability.
double d; double d;
memcpy(&d, s->Bytes(), sizeof(double)); memcpy(&d, s->Bytes(), sizeof(double));
return make_intrusive<Val>(ntohd(d), TYPE_DOUBLE); return make_intrusive<DoubleVal>(ntohd(d));
%} %}
## Converts a string of bytes to a :zeek:type:`count`. ## Converts a string of bytes to a :zeek:type:`count`.
@ -3116,11 +3116,11 @@ function strptime%(fmt: string, d: string%) : time
! strptime(d->CheckString(), fmt->CheckString(), &t) ) ! strptime(d->CheckString(), fmt->CheckString(), &t) )
{ {
reporter->Warning("strptime conversion failed: fmt:%s d:%s", fmt->CheckString(), d->CheckString()); reporter->Warning("strptime conversion failed: fmt:%s d:%s", fmt->CheckString(), d->CheckString());
return make_intrusive<Val>(0.0, TYPE_TIME); return make_intrusive<TimeVal>(0.0);
} }
double ret = mktime(&t); double ret = mktime(&t);
return make_intrusive<Val>(ret, TYPE_TIME); return make_intrusive<TimeVal>(ret);
%} %}
@ -3320,8 +3320,8 @@ function lookup_connection%(cid: conn_id%): connection
c->Assign(1, std::move(orig_endp)); c->Assign(1, std::move(orig_endp));
c->Assign(2, std::move(resp_endp)); c->Assign(2, std::move(resp_endp));
c->Assign(3, make_intrusive<Val>(network_time, TYPE_TIME)); c->Assign(3, make_intrusive<TimeVal>(network_time));
c->Assign(4, make_intrusive<Val>(0.0, TYPE_INTERVAL)); c->Assign(4, make_intrusive<IntervalVal>(0.0));
c->Assign(5, make_intrusive<TableVal>(zeek::id::string_set)); // service c->Assign(5, make_intrusive<TableVal>(zeek::id::string_set)); // service
c->Assign(6, val_mgr->EmptyString()); // history c->Assign(6, val_mgr->EmptyString()); // history
@ -3878,7 +3878,7 @@ static IntrusivePtr<Val> mmdb_getvalue(MMDB_entry_data_s* entry_data, int status
break; break;
case MMDB_DATA_TYPE_DOUBLE: case MMDB_DATA_TYPE_DOUBLE:
return make_intrusive<Val>(entry_data->double_value, TYPE_DOUBLE); return make_intrusive<DoubleVal>(entry_data->double_value);
break; break;
case MMDB_DATA_TYPE_UINT32: case MMDB_DATA_TYPE_UINT32:
@ -4155,7 +4155,7 @@ function haversine_distance%(lat1: double, long1: double, lat2: double, long2: d
double a = s1 * s1 + cos(lat1 * PI/180) * cos(lat2 * PI/180) * s2 * s2; double a = s1 * s1 + cos(lat1 * PI/180) * cos(lat2 * PI/180) * s2 * s2;
double distance = 2 * RADIUS * asin(sqrt(a)); double distance = 2 * RADIUS * asin(sqrt(a));
return make_intrusive<Val>(distance, TYPE_DOUBLE); return make_intrusive<DoubleVal>(distance);
%} %}
## Converts UNIX file permissions given by a mode to an ASCII string. ## Converts UNIX file permissions given by a mode to an ASCII string.
@ -4368,12 +4368,12 @@ function set_inactivity_timeout%(cid: conn_id, t: interval%): interval
%{ %{
Connection* c = sessions->FindConnection(cid); Connection* c = sessions->FindConnection(cid);
if ( ! c ) if ( ! c )
return make_intrusive<Val>(0.0, TYPE_INTERVAL); return make_intrusive<IntervalVal>(0.0);
double old_timeout = c->InactivityTimeout(); double old_timeout = c->InactivityTimeout();
c->SetInactivityTimeout(t); c->SetInactivityTimeout(t);
return make_intrusive<Val>(old_timeout, TYPE_INTERVAL); return make_intrusive<IntervalVal>(old_timeout);
%} %}
# =========================================================================== # ===========================================================================
@ -4633,8 +4633,8 @@ function rotate_file%(f: file%): rotate_info
info = make_intrusive<RecordVal>(rotate_info); info = make_intrusive<RecordVal>(rotate_info);
info->Assign(0, val_mgr->EmptyString()); info->Assign(0, val_mgr->EmptyString());
info->Assign(1, val_mgr->EmptyString()); info->Assign(1, val_mgr->EmptyString());
info->Assign(2, make_intrusive<Val>(0.0, TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(0.0));
info->Assign(3, make_intrusive<Val>(0.0, TYPE_TIME)); info->Assign(3, make_intrusive<TimeVal>(0.0));
return info; return info;
%} %}
@ -4675,8 +4675,8 @@ function rotate_file_by_name%(f: string%): rotate_info
// Record indicating error. // Record indicating error.
info->Assign(0, val_mgr->EmptyString()); info->Assign(0, val_mgr->EmptyString());
info->Assign(1, val_mgr->EmptyString()); info->Assign(1, val_mgr->EmptyString());
info->Assign(2, make_intrusive<Val>(0.0, TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(0.0));
info->Assign(3, make_intrusive<Val>(0.0, TYPE_TIME)); info->Assign(3, make_intrusive<TimeVal>(0.0));
return info; return info;
} }
@ -4684,12 +4684,12 @@ function rotate_file_by_name%(f: string%): rotate_info
if ( is_pkt_dumper ) if ( is_pkt_dumper )
{ {
info->Assign(2, make_intrusive<Val>(pkt_dumper->OpenTime(), TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(pkt_dumper->OpenTime()));
pkt_dumper->Open(); pkt_dumper->Open();
} }
if ( is_addl_pkt_dumper ) if ( is_addl_pkt_dumper )
info->Assign(2, make_intrusive<Val>(addl_pkt_dumper->OpenTime(), TYPE_TIME)); info->Assign(2, make_intrusive<TimeVal>(addl_pkt_dumper->OpenTime()));
return info; return info;
%} %}
@ -4708,7 +4708,7 @@ function calc_next_rotate%(i: interval%) : interval
static auto base_time = log_rotate_base_time->AsString()->CheckString(); static auto base_time = log_rotate_base_time->AsString()->CheckString();
double base = parse_rotate_base_time(base_time); double base = parse_rotate_base_time(base_time);
return make_intrusive<Val>(calc_next_rotate(network_time, i, base), TYPE_INTERVAL); return make_intrusive<IntervalVal>(calc_next_rotate(network_time, i, base));
%} %}
## Returns the size of a given file. ## Returns the size of a given file.
@ -4721,9 +4721,9 @@ function file_size%(f: string%) : double
struct stat s; struct stat s;
if ( stat(f->CheckString(), &s) < 0 ) if ( stat(f->CheckString(), &s) < 0 )
return make_intrusive<Val>(-1.0, TYPE_DOUBLE); return make_intrusive<DoubleVal>(-1.0);
return make_intrusive<Val>(double(s.st_size), TYPE_DOUBLE); return make_intrusive<DoubleVal>(double(s.st_size));
%} %}
## Prevents escaping of non-ASCII characters when writing to a file. ## Prevents escaping of non-ASCII characters when writing to a file.

2
testing/btest/Baseline/broker.store.type-conversion/master.out
View file

@ -29,7 +29,7 @@ hello
192.168.0.0/16 192.168.0.0/16
22/tcp 22/tcp
42.0 42.0
180.0 3.0 mins
Broker::BOOL Broker::BOOL
{ {
two, two,

12
testing/btest/Baseline/core.conn-size-threshold/.stdout
View file

@ -2,14 +2,14 @@
0 0
0 0
0 0
0.0 0 secs
Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp] Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
3000 3000
2000 2000
63 63
50 50
0.1, 0.053051 100.0 msecs, 53.0 msecs 50.994873 usecs
triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 0.1, F, 0.10508 triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 100.0 msecs, F, 105.0 msecs 79.889297 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 3000, T triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 3000, T
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F
@ -17,13 +17,13 @@ triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67,
0 0
0 0
0 0
0.0 0 secs
Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp] Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
3000 3000
2000 2000
63 63
50 50
0.0, 0.176573 0 secs, 176.0 msecs 573.038101 usecs
triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 0.1, T, 0.176573 triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 100.0 msecs, T, 176.0 msecs 573.038101 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 63, T triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 63, T

104
testing/btest/Baseline/plugins.hooks/output
View file

@ -282,7 +282,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -463,7 +463,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -1203,7 +1203,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1384,7 +1384,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ()) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ()) 0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -2123,7 +2123,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2304,7 +2304,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction Notice::want_pp()
@ -2756,7 +2756,7 @@
0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLoadFile base<...>/zeek.bif.zeek 0.000000 | HookLoadFile base<...>/zeek.bif.zeek
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1588807058.873264, node=zeek, filter=ip or not ip, init=T, success=T] 0.000000 | HookLogWrite packet_filter [ts=1591143698.178012, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent filter_change_tracking()
0.000000 | HookQueueEvent zeek_init() 0.000000 | HookQueueEvent zeek_init()
@ -2767,12 +2767,12 @@
1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result> 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
1362692526.869344 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result> 1362692526.869344 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result>
1362692526.869344 MetaHookPost CallFunction(get_net_stats, <frame>, ()) -> <no result> 1362692526.869344 MetaHookPost CallFunction(get_net_stats, <frame>, ()) -> <no result>
1362692526.869344 MetaHookPost CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692526.869344 MetaHookPost CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692526.869344 MetaHookPost DrainEvents() -> <void> 1362692526.869344 MetaHookPost DrainEvents() -> <void>
1362692526.869344 MetaHookPost QueueEvent(Broker::log_flush()) -> false 1362692526.869344 MetaHookPost QueueEvent(Broker::log_flush()) -> false
1362692526.869344 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false 1362692526.869344 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false
1362692526.869344 MetaHookPost QueueEvent(filter_change_tracking()) -> false 1362692526.869344 MetaHookPost QueueEvent(filter_change_tracking()) -> false
1362692526.869344 MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false 1362692526.869344 MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
1362692526.869344 MetaHookPost SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> <void> 1362692526.869344 MetaHookPost SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> <void>
1362692526.869344 MetaHookPost UpdateNetworkTime(1362692526.869344) -> <void> 1362692526.869344 MetaHookPost UpdateNetworkTime(1362692526.869344) -> <void>
1362692526.869344 MetaHookPre BroObjDtor(<void ptr>) 1362692526.869344 MetaHookPre BroObjDtor(<void ptr>)
@ -2782,12 +2782,12 @@
1362692526.869344 MetaHookPre CallFunction(ChecksumOffloading::check, <null>, ()) 1362692526.869344 MetaHookPre CallFunction(ChecksumOffloading::check, <null>, ())
1362692526.869344 MetaHookPre CallFunction(filter_change_tracking, <null>, ()) 1362692526.869344 MetaHookPre CallFunction(filter_change_tracking, <null>, ())
1362692526.869344 MetaHookPre CallFunction(get_net_stats, <frame>, ()) 1362692526.869344 MetaHookPre CallFunction(get_net_stats, <frame>, ())
1362692526.869344 MetaHookPre CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692526.869344 MetaHookPre CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692526.869344 MetaHookPre DrainEvents() 1362692526.869344 MetaHookPre DrainEvents()
1362692526.869344 MetaHookPre QueueEvent(Broker::log_flush()) 1362692526.869344 MetaHookPre QueueEvent(Broker::log_flush())
1362692526.869344 MetaHookPre QueueEvent(ChecksumOffloading::check()) 1362692526.869344 MetaHookPre QueueEvent(ChecksumOffloading::check())
1362692526.869344 MetaHookPre QueueEvent(filter_change_tracking()) 1362692526.869344 MetaHookPre QueueEvent(filter_change_tracking())
1362692526.869344 MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692526.869344 MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692526.869344 MetaHookPre SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80) 1362692526.869344 MetaHookPre SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80)
1362692526.869344 MetaHookPre UpdateNetworkTime(1362692526.869344) 1362692526.869344 MetaHookPre UpdateNetworkTime(1362692526.869344)
1362692526.869344 | HookBroObjDtor 1362692526.869344 | HookBroObjDtor
@ -2798,26 +2798,26 @@
1362692526.869344 | HookCallFunction ChecksumOffloading::check() 1362692526.869344 | HookCallFunction ChecksumOffloading::check()
1362692526.869344 | HookCallFunction filter_change_tracking() 1362692526.869344 | HookCallFunction filter_change_tracking()
1362692526.869344 | HookCallFunction get_net_stats() 1362692526.869344 | HookCallFunction get_net_stats()
1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692526.869344 | HookDrainEvents 1362692526.869344 | HookDrainEvents
1362692526.869344 | HookQueueEvent Broker::log_flush() 1362692526.869344 | HookQueueEvent Broker::log_flush()
1362692526.869344 | HookQueueEvent ChecksumOffloading::check() 1362692526.869344 | HookQueueEvent ChecksumOffloading::check()
1362692526.869344 | HookQueueEvent filter_change_tracking() 1362692526.869344 | HookQueueEvent filter_change_tracking()
1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692526.869344 | HookSetupAnalyzerTree 1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80 1362692526.869344 | HookSetupAnalyzerTree 1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80
1362692526.869344 | RequestObjDtor Broker::log_flush() 1362692526.869344 | RequestObjDtor Broker::log_flush()
1362692526.939084 MetaHookPost CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692526.939084 MetaHookPost CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692526.939084 MetaHookPost DrainEvents() -> <void> 1362692526.939084 MetaHookPost DrainEvents() -> <void>
1362692526.939084 MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false 1362692526.939084 MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
1362692526.939084 MetaHookPost UpdateNetworkTime(1362692526.939084) -> <void> 1362692526.939084 MetaHookPost UpdateNetworkTime(1362692526.939084) -> <void>
1362692526.939084 MetaHookPre CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692526.939084 MetaHookPre CallFunction(connection_established, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692526.939084 MetaHookPre DrainEvents() 1362692526.939084 MetaHookPre DrainEvents()
1362692526.939084 MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692526.939084 MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692526.939084 MetaHookPre UpdateNetworkTime(1362692526.939084) 1362692526.939084 MetaHookPre UpdateNetworkTime(1362692526.939084)
1362692526.939084 | HookUpdateNetworkTime 1362692526.939084 1362692526.939084 | HookUpdateNetworkTime 1362692526.939084
1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692526.939084 | HookDrainEvents 1362692526.939084 | HookDrainEvents
1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.06974, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692526.939378 MetaHookPost DrainEvents() -> <void> 1362692526.939378 MetaHookPost DrainEvents() -> <void>
1362692526.939378 MetaHookPost UpdateNetworkTime(1362692526.939378) -> <void> 1362692526.939378 MetaHookPost UpdateNetworkTime(1362692526.939378) -> <void>
1362692526.939378 MetaHookPre DrainEvents() 1362692526.939378 MetaHookPre DrainEvents()
@ -2827,12 +2827,12 @@
1362692526.939527 MetaHookPost CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(fmt, <frame>, (-%s, HTTP)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(fmt, <frame>, (-%s, HTTP)) -> <no result>
@ -2847,30 +2847,30 @@
1362692526.939527 MetaHookPost CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result> 1362692526.939527 MetaHookPost CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> <no result>
1362692526.939527 MetaHookPost CallFunction(network_time, <frame>, ()) -> <no result> 1362692526.939527 MetaHookPost CallFunction(network_time, <frame>, ()) -> <no result>
1362692526.939527 MetaHookPost CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
1362692526.939527 MetaHookPost CallFunction(split_string1, <frame>, (bro.org, <...>/)) -> <no result> 1362692526.939527 MetaHookPost CallFunction(split_string1, <frame>, (bro.org, <...>/)) -> <no result>
1362692526.939527 MetaHookPost DrainEvents() -> <void> 1362692526.939527 MetaHookPost DrainEvents() -> <void>
1362692526.939527 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false 1362692526.939527 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false
1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org)) -> false
1362692526.939527 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false 1362692526.939527 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false
1362692526.939527 MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false
1362692526.939527 MetaHookPost QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> false 1362692526.939527 MetaHookPost QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) -> false
1362692526.939527 MetaHookPost UpdateNetworkTime(1362692526.939527) -> <void> 1362692526.939527 MetaHookPost UpdateNetworkTime(1362692526.939527) -> <void>
1362692526.939527 MetaHookPre CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP)) 1362692526.939527 MetaHookPre CallFunction(Analyzer::__name, <frame>, (Analyzer::ANALYZER_HTTP))
1362692526.939527 MetaHookPre CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP)) 1362692526.939527 MetaHookPre CallFunction(Analyzer::name, <frame>, (Analyzer::ANALYZER_HTTP))
1362692526.939527 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
1362692526.939527 MetaHookPre CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692526.939527 MetaHookPre CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp))
1362692526.939527 MetaHookPre CallFunction(fmt, <frame>, (-%s, HTTP)) 1362692526.939527 MetaHookPre CallFunction(fmt, <frame>, (-%s, HTTP))
@ -2885,31 +2885,31 @@
1362692526.939527 MetaHookPre CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) 1362692526.939527 MetaHookPre CallFunction(http_request, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1))
1362692526.939527 MetaHookPre CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692526.939527 MetaHookPre CallFunction(id_string, <frame>, ([orig_h=141.142.228.5, orig_p=59856<...>/tcp]))
1362692526.939527 MetaHookPre CallFunction(network_time, <frame>, ()) 1362692526.939527 MetaHookPre CallFunction(network_time, <frame>, ())
1362692526.939527 MetaHookPre CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) 1362692526.939527 MetaHookPre CallFunction(protocol_confirmation, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3))
1362692526.939527 MetaHookPre CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
1362692526.939527 MetaHookPre CallFunction(split_string1, <frame>, (bro.org, <...>/)) 1362692526.939527 MetaHookPre CallFunction(split_string1, <frame>, (bro.org, <...>/))
1362692526.939527 MetaHookPre DrainEvents() 1362692526.939527 MetaHookPre DrainEvents()
1362692526.939527 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692526.939527 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*))
1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)))
1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive)) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive))
1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org)) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org))
1362692526.939527 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) 1362692526.939527 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]))
1362692526.939527 MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) 1362692526.939527 MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1))
1362692526.939527 MetaHookPre QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)) 1362692526.939527 MetaHookPre QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3))
1362692526.939527 MetaHookPre UpdateNetworkTime(1362692526.939527) 1362692526.939527 MetaHookPre UpdateNetworkTime(1362692526.939527)
1362692526.939527 | HookUpdateNetworkTime 1362692526.939527 1362692526.939527 | HookUpdateNetworkTime 1362692526.939527
1362692526.939527 | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) 1362692526.939527 | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP)
1362692526.939527 | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) 1362692526.939527 | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP)
1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=<uninitialized>, user_agent=<uninitialized>, origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=[filename=<uninitialized>], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)
1362692526.939527 | HookCallFunction fmt(-%s, HTTP) 1362692526.939527 | HookCallFunction fmt(-%s, HTTP)
@ -2924,20 +2924,20 @@
1362692526.939527 | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) 1362692526.939527 | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)
1362692526.939527 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692526.939527 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp])
1362692526.939527 | HookCallFunction network_time() 1362692526.939527 | HookCallFunction network_time()
1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3) 1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)
1362692526.939527 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)
1362692526.939527 | HookCallFunction split_string1(bro.org, <...>/) 1362692526.939527 | HookCallFunction split_string1(bro.org, <...>/)
1362692526.939527 | HookDrainEvents 1362692526.939527 | HookDrainEvents
1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)
1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))
1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Connection, CONNECTION, Keep-Alive)
1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, Host, HOST, bro.org)
1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) 1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=0, status_code=<uninitialized>, status_msg=<uninitialized>, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>, resp_filenames=<uninitialized>, resp_mime_types=<uninitialized>, current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])
1362692526.939527 | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) 1362692526.939527 | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)
1362692526.939527 | HookQueueEvent protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.070183, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3) 1362692526.939527 | HookQueueEvent protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], Analyzer::ANALYZER_HTTP, 3)
1362692527.008509 MetaHookPost DrainEvents() -> <void> 1362692527.008509 MetaHookPost DrainEvents() -> <void>
1362692527.008509 MetaHookPost UpdateNetworkTime(1362692527.008509) -> <void> 1362692527.008509 MetaHookPost UpdateNetworkTime(1362692527.008509) -> <void>
1362692527.008509 MetaHookPre DrainEvents() 1362692527.008509 MetaHookPre DrainEvents()
@ -3212,8 +3212,8 @@
1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result> 1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692527.080972 MetaHookPost CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692527.080972 MetaHookPost CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692527.080972 MetaHookPost CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result> 1362692527.080972 MetaHookPost CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result> 1362692527.080972 MetaHookPost CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result> 1362692527.080972 MetaHookPost CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
1362692527.080972 MetaHookPost CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result> 1362692527.080972 MetaHookPost CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result> 1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result>
@ -3251,8 +3251,8 @@
1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692527.080972 MetaHookPre CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.080972 MetaHookPre CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
1362692527.080972 MetaHookPre CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, <null>, ()) 1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, <null>, ())
@ -3291,8 +3291,8 @@
1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692527.080972 | HookCallFunction KRB::do_log([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookCallFunction KRB::do_log([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]) 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction filter_change_tracking() 1362692527.080972 | HookCallFunction filter_change_tracking()

2
testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log
View file

@ -16,7 +16,7 @@
1533925012.140634 testportudp 40/tcp 42/udp ../configfile 1533925012.140634 testportudp 40/tcp 42/udp ../configfile
1533925012.140634 testaddr 127.0.0.1 127.0.0.1 ../configfile 1533925012.140634 testaddr 127.0.0.1 127.0.0.1 ../configfile
1533925012.140634 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile 1533925012.140634 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1533925012.140634 testinterval 1.0 sec 60.0 ../configfile 1533925012.140634 testinterval 1.0 sec 1.0 min ../configfile
1533925012.140634 testtime 0.0 1507321987.0 ../configfile 1533925012.140634 testtime 0.0 1507321987.0 ../configfile
1533925012.140634 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile 1533925012.140634 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1533925012.140634 test_vector (empty) 1,2,3,4,5,6 ../configfile 1533925012.140634 test_vector (empty) 1,2,3,4,5,6 ../configfile

2
testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log
View file

@ -14,7 +14,7 @@
1571067621.558501 testport 42/tcp 45/unknown ../configfile 1571067621.558501 testport 42/tcp 45/unknown ../configfile
1571067621.558501 testaddr 127.0.0.1 127.0.0.1 ../configfile 1571067621.558501 testaddr 127.0.0.1 127.0.0.1 ../configfile
1571067621.558501 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile 1571067621.558501 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1571067621.558501 testinterval 1.0 sec 60.0 ../configfile 1571067621.558501 testinterval 1.0 sec 1.0 min ../configfile
1571067621.558501 teststring a abc ../configfile 1571067621.558501 teststring a abc ../configfile
1571067621.558501 testtime 0.0 1507321987.0 ../configfile 1571067621.558501 testtime 0.0 1507321987.0 ../configfile
1571067621.558501 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile 1571067621.558501 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile

2
testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/manager-1.config.log
View file

@ -14,7 +14,7 @@
1532119210.151927 testport 42/tcp 45/unknown ../configfile 1532119210.151927 testport 42/tcp 45/unknown ../configfile
1532119210.151927 testaddr 127.0.0.1 127.0.0.1 ../configfile 1532119210.151927 testaddr 127.0.0.1 127.0.0.1 ../configfile
1532119210.151927 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile 1532119210.151927 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1532119210.151927 testinterval 1.0 sec 60.0 ../configfile 1532119210.151927 testinterval 1.0 sec 1.0 min ../configfile
1532119210.151927 testtime 0.0 1507321987.0 ../configfile 1532119210.151927 testtime 0.0 1507321987.0 ../configfile
1532119210.151927 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile 1532119210.151927 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1532119210.151927 test_vector (empty) 1,2,3,4,5,6 ../configfile 1532119210.151927 test_vector (empty) 1,2,3,4,5,6 ../configfile

2
testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log
View file

@ -14,6 +14,6 @@
1518042012.989543 testcount 0 2 ../configfile1 1518042012.989543 testcount 0 2 ../configfile1
1518042012.989543 testenum SSH::LOG Conn::LOG ../configfile1 1518042012.989543 testenum SSH::LOG Conn::LOG ../configfile1
1518042012.989543 testint 0 -1 ../configfile1 1518042012.989543 testint 0 -1 ../configfile1
1518042012.989543 testinterval 1.0 sec 60.0 ../configfile2 1518042012.989543 testinterval 1.0 sec 1.0 min ../configfile2
1518042012.989543 testport 42/tcp 45/unknown ../configfile2 1518042012.989543 testport 42/tcp 45/unknown ../configfile2
1518042012.989543 testtime 0.0 1507321987.0 ../configfile2 1518042012.989543 testtime 0.0 1507321987.0 ../configfile2

2
testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log
View file

@ -14,7 +14,7 @@
1516317401.889929 testport 42/tcp 45/unknown ../configfile 1516317401.889929 testport 42/tcp 45/unknown ../configfile
1516317401.889929 testaddr 127.0.0.1 127.0.0.1 ../configfile 1516317401.889929 testaddr 127.0.0.1 127.0.0.1 ../configfile
1516317401.889929 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile 1516317401.889929 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1516317401.889929 testinterval 1.0 sec 60.0 ../configfile 1516317401.889929 testinterval 1.0 sec 1.0 min ../configfile
1516317401.889929 testtime 0.0 1507321987.0 ../configfile 1516317401.889929 testtime 0.0 1507321987.0 ../configfile
1516317401.889929 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile 1516317401.889929 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1516317401.889929 test_vector (empty) 1,2,3,4,5,6 ../configfile 1516317401.889929 test_vector (empty) 1,2,3,4,5,6 ../configfile

2
testing/btest/Baseline/scripts.base.frameworks.config.weird/output
View file

@ -6,7 +6,7 @@ whitelisted_conn_weird
} }
10 10
10 10
5.0 5.0 secs
net_weird, my_net_weird net_weird, my_net_weird
flow_weird, my_flow_weird flow_weird, my_flow_weird
conn_weird, my_conn_weird conn_weird, my_conn_weird

2
testing/btest/Baseline/scripts.base.frameworks.input.basic/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [b=T, bt=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={ [-42] = [b=T, bt=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.config.basic/out
View file

@ -7,7 +7,7 @@ testport, 45/unknown
testportandproto, 45/udp testportandproto, 45/udp
testaddr, 127.0.0.1 testaddr, 127.0.0.1
testaddr, 2607:f8b0:4005:801::200e testaddr, 2607:f8b0:4005:801::200e
testinterval, 60.0 testinterval, 1.0 min
testtime, 1507321987.0 testtime, 1507321987.0
test_set, { test_set, {
b, b,

6
testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out
View file

@ -1,5 +1,5 @@
{ {
[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242 HOHOHO, sc={ [-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
2, 2,
4, 4,
1, 1,
@ -11,7 +11,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242 HOHOHO, sc={ [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
2, 2,
4, 4,
1, 1,
@ -23,7 +23,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2, 2,
4, 4,
1, 1,

174
testing/btest/Baseline/scripts.base.frameworks.input.reread/out
View file

@ -1,7 +1,7 @@
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-42] [i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -16,7 +16,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -54,7 +54,7 @@ Input::EVENT_NEW
Left Left
[i=-42] [i=-42]
Right Right
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -68,7 +68,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
==========SERVERS============ ==========SERVERS============
{ {
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -84,7 +84,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-43] [i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -99,7 +99,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -111,7 +111,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -149,7 +149,7 @@ Input::EVENT_NEW
Left Left
[i=-43] [i=-43]
Right Right
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -163,7 +163,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
==========SERVERS============ ==========SERVERS============
{ {
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -175,7 +175,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -191,7 +191,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_CHANGED Input::EVENT_CHANGED
[i=-43] [i=-43]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -206,7 +206,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -218,7 +218,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -256,7 +256,7 @@ Input::EVENT_CHANGED
Left Left
[i=-43] [i=-43]
Right Right
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -270,7 +270,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
==========SERVERS============ ==========SERVERS============
{ {
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -282,7 +282,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -298,7 +298,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-44] [i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -313,7 +313,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-45] [i=-45]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -328,7 +328,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-46] [i=-46]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -343,7 +343,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-47] [i=-47]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -358,7 +358,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-48] [i=-48]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -373,7 +373,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -385,7 +385,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -397,7 +397,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -409,7 +409,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -421,7 +421,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -433,7 +433,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -445,7 +445,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -483,7 +483,7 @@ Input::EVENT_NEW
Left Left
[i=-44] [i=-44]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -498,7 +498,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -510,7 +510,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -522,7 +522,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -534,7 +534,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -546,7 +546,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -558,7 +558,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -570,7 +570,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -608,7 +608,7 @@ Input::EVENT_NEW
Left Left
[i=-45] [i=-45]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -623,7 +623,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -635,7 +635,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -647,7 +647,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -659,7 +659,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -671,7 +671,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -683,7 +683,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -695,7 +695,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -733,7 +733,7 @@ Input::EVENT_NEW
Left Left
[i=-46] [i=-46]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -748,7 +748,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -760,7 +760,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -772,7 +772,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -784,7 +784,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -796,7 +796,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -808,7 +808,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -820,7 +820,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -858,7 +858,7 @@ Input::EVENT_NEW
Left Left
[i=-47] [i=-47]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -873,7 +873,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -885,7 +885,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -897,7 +897,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -909,7 +909,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -921,7 +921,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -933,7 +933,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -945,7 +945,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -983,7 +983,7 @@ Input::EVENT_NEW
Left Left
[i=-48] [i=-48]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -997,7 +997,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
==========SERVERS============ ==========SERVERS============
{ {
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1009,7 +1009,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-46] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1021,7 +1021,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1033,7 +1033,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1045,7 +1045,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-47] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1057,7 +1057,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1069,7 +1069,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-45] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1085,7 +1085,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-43] [i=-43]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1100,7 +1100,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-47] [i=-47]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1115,7 +1115,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-44] [i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1130,7 +1130,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-46] [i=-46]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1145,7 +1145,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-45] [i=-45]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1160,7 +1160,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-42] [i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1175,7 +1175,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1213,7 +1213,7 @@ Input::EVENT_REMOVED
Left Left
[i=-43] [i=-43]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1228,7 +1228,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1266,7 +1266,7 @@ Input::EVENT_REMOVED
Left Left
[i=-47] [i=-47]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1281,7 +1281,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1319,7 +1319,7 @@ Input::EVENT_REMOVED
Left Left
[i=-44] [i=-44]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1334,7 +1334,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1372,7 +1372,7 @@ Input::EVENT_REMOVED
Left Left
[i=-46] [i=-46]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1387,7 +1387,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1425,7 +1425,7 @@ Input::EVENT_REMOVED
Left Left
[i=-45] [i=-45]
Right Right
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1440,7 +1440,7 @@ CC
============EVENT============ ============EVENT============
Description Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1478,7 +1478,7 @@ Input::EVENT_REMOVED
Left Left
[i=-42] [i=-42]
Right Right
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -1492,7 +1492,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
==========SERVERS============ ==========SERVERS============
{ {
[-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-48] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

56
testing/btest/Baseline/scripts.base.frameworks.input.sqlite.basic/out
View file

@ -10,59 +10,59 @@
}] }]
0 0
[ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000435, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=435.113907 usecs, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.00042, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=420.093536 usecs, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000392, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=391.960144 usecs, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=317.09671 usecs, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000343, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=343.084335 usecs, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000375, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=375.032425 usecs, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000339, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=339.031219 usecs, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000335, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=334.978104 usecs, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000421, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=420.808792 usecs, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000384, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=384.092331 usecs, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=316.858292 usecs, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000423, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=422.954559 usecs, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000402, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={ [ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=402.212143 usecs, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={
}] }]
0 0
[ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000374, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={ [ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=374.078751 usecs, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={
}] }]
0 0
@ -70,23 +70,23 @@
}] }]
0 0
[ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.613017, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.0 secs 613.0 msecs 16.843796 usecs, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100096, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=100.0 msecs 96.225739 usecs, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100021, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=100.0 msecs 20.885468 usecs, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099801, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=99.0 msecs 801.063538 usecs, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099849, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=99.0 msecs 848.985672 usecs, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
@ -94,31 +94,31 @@
}] }]
0 0
[ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=0.119905, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={ [ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=119.0 msecs 904.994965 usecs, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={
}] }]
0 0
[ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.229603, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=229.0 msecs 603.052139 usecs, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.215893, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=215.0 msecs 893.030167 usecs, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.218501, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={ [ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=218.0 msecs 501.091003 usecs, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}] }]
0 0
[ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.227284, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=227.0 msecs 283.95462 usecs, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=0.120041, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={ [ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=120.0 msecs 40.893555 usecs, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={
}] }]
0 0
[ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.21972, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=219.0 msecs 720.125198 usecs, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
@ -126,11 +126,11 @@
}] }]
0 0
[ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=0.061329, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={ [ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=61.0 msecs 328.887939 usecs, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={
}] }]
0 0
[ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.220961, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={ [ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=220.0 msecs 960.855484 usecs, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}] }]
0 0

2
testing/btest/Baseline/scripts.base.frameworks.input.sqlite.types/out
View file

@ -1,4 +1,4 @@
[b=T, i=-42, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1358376849.393854, iv=100.0, s=hurz, sc={ [b=T, i=-42, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1358376849.393854, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

16
testing/btest/Baseline/scripts.base.frameworks.input.stream/out
View file

@ -1,7 +1,7 @@
============EVENT============ ============EVENT============
Input::EVENT_NEW Input::EVENT_NEW
[i=-42] [i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -15,7 +15,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
============SERVERS============ ============SERVERS============
{ {
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -31,7 +31,7 @@ CC
============EVENT============ ============EVENT============
Input::EVENT_NEW Input::EVENT_NEW
[i=-43] [i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -45,7 +45,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
============SERVERS============ ============SERVERS============
{ {
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -57,7 +57,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -73,7 +73,7 @@ CC
============EVENT============ ============EVENT============
Input::EVENT_CHANGED Input::EVENT_CHANGED
[i=-43] [i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -87,7 +87,7 @@ CC
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
============SERVERS============ ============SERVERS============
{ {
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -99,7 +99,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.subrecord-event/out
View file

@ -1,4 +1,4 @@
[sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=100.0, s=hurz, sc={ [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.subrecord/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

4
testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out
View file

@ -3,7 +3,7 @@
==========SERVERS============ ==========SERVERS============
done done
{ {
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -15,7 +15,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]], }, vc=[10, 20, 30], ve=[]],
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

6
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out
View file

@ -1,7 +1,7 @@
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-42] [i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -16,7 +16,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_NEW Input::EVENT_NEW
[i=-44] [i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,
@ -31,7 +31,7 @@ CC
============PREDICATE============ ============PREDICATE============
Input::EVENT_REMOVED Input::EVENT_REMOVED
[i=-42] [i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out
View file

@ -1,7 +1,7 @@
============PREDICATE 2============ ============PREDICATE 2============
Input::EVENT_NEW Input::EVENT_NEW
[i=-43] [i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.unsupported_types/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [fi=<uninitialized>, b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [fi=<uninitialized>, b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2, 2,
4, 4,
1, 1,

2
testing/btest/Baseline/scripts.base.frameworks.input.windows/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2, 2,
4, 4,
1, 1,

4
testing/btest/Baseline/scripts.base.protocols.conn.threshold/.stdout
View file

@ -1,12 +1,12 @@
Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp] Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 1, T triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 1, T
triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 0.2, F triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 200.0 msecs, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2500, T triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2500, T
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2700, T triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2700, T
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F
Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp] Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 1, T triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 1, T
triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 0.2, F triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 200.0 msecs, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 52, F triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 52, F

4
testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
View file

@ -1,2 +1,2 @@
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=552.892685 usecs, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0 secs, req_len=96, rep_start=1514568131.622537, rep_dur=0 secs, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=265.836716 usecs, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0 secs, req_len=84, rep_start=1514568131.666184, rep_dur=0 secs, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a

56
testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
View file

@ -1,28 +1,28 @@
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000529, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0.0, req_len=104, rep_start=1514568131.623576, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=528.812408 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0 secs, req_len=104, rep_start=1514568131.623576, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000673, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0.0, req_len=104, rep_start=1514568131.62372, rep_dur=0.0, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=672.81723 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0 secs, req_len=104, rep_start=1514568131.62372, rep_dur=0 secs, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.001007, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0.0, req_len=104, rep_start=1514568131.624054, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=1.0 msec 6.84166 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0 secs, req_len=104, rep_start=1514568131.624054, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.00556, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0.0, req_len=108, rep_start=1514568131.628607, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=5.0 msecs 559.921265 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0 secs, req_len=108, rep_start=1514568131.628607, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.006413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0.0, req_len=144, rep_start=1514568131.62946, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=6.0 msecs 412.982941 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0 secs, req_len=144, rep_start=1514568131.62946, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007316, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0.0, req_len=120, rep_start=1514568131.630363, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=7.0 msecs 315.8741 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0 secs, req_len=120, rep_start=1514568131.630363, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007542, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0.0, req_len=128, rep_start=1514568131.630589, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=7.0 msecs 541.894913 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0 secs, req_len=128, rep_start=1514568131.630589, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008344, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0.0, req_len=160, rep_start=1514568131.631391, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=8.0 msecs 343.935013 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0 secs, req_len=160, rep_start=1514568131.631391, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008933, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0.0, req_len=144, rep_start=1514568131.63198, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=8.0 msecs 932.828903 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0 secs, req_len=144, rep_start=1514568131.63198, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.010357, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0.0, req_len=148, rep_start=1514568131.633404, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=10.0 msecs 356.903076 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0 secs, req_len=148, rep_start=1514568131.633404, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.011929, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0.0, req_len=148, rep_start=1514568131.634976, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=11.0 msecs 928.796768 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0 secs, req_len=148, rep_start=1514568131.634976, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.012799, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0.0, req_len=136, rep_start=1514568131.635846, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=12.0 msecs 798.786163 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0 secs, req_len=136, rep_start=1514568131.635846, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.013431, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0.0, req_len=204, rep_start=1514568131.636478, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=13.0 msecs 430.833817 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0 secs, req_len=204, rep_start=1514568131.636478, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.015041, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0.0, req_len=152, rep_start=1514568131.638088, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=15.0 msecs 40.874481 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0 secs, req_len=152, rep_start=1514568131.638088, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.016413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0.0, req_len=152, rep_start=1514568131.63946, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=16.0 msecs 412.973404 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0 secs, req_len=152, rep_start=1514568131.63946, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.017567, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0.0, req_len=144, rep_start=1514568131.640614, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=17.0 msecs 566.919327 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0 secs, req_len=144, rep_start=1514568131.640614, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.018252, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0.0, req_len=200, rep_start=1514568131.641299, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=18.0 msecs 251.895905 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0 secs, req_len=200, rep_start=1514568131.641299, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.019333, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0.0, req_len=116, rep_start=1514568131.64238, rep_dur=0.0, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=19.0 msecs 332.885742 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0 secs, req_len=116, rep_start=1514568131.64238, rep_dur=0 secs, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.020916, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0.0, req_len=144, rep_start=1514568131.643963, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=20.0 msecs 915.985107 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0 secs, req_len=144, rep_start=1514568131.643963, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.021753, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0.0, req_len=136, rep_start=1514568131.6448, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=21.0 msecs 752.83432 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0 secs, req_len=136, rep_start=1514568131.6448, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.022398, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0.0, req_len=172, rep_start=1514568131.645445, rep_dur=0.0, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=22.0 msecs 397.994995 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0 secs, req_len=172, rep_start=1514568131.645445, rep_dur=0 secs, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.023841, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0.0, req_len=140, rep_start=1514568131.646888, rep_dur=0.0, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=23.0 msecs 840.904236 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0 secs, req_len=140, rep_start=1514568131.646888, rep_dur=0 secs, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.025477, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0.0, req_len=136, rep_start=1514568131.648524, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=25.0 msecs 476.932526 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0 secs, req_len=136, rep_start=1514568131.648524, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.026817, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0.0, req_len=136, rep_start=1514568131.649864, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=26.0 msecs 816.84494 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0 secs, req_len=136, rep_start=1514568131.649864, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.027593, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0.0, req_len=184, rep_start=1514568131.65064, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=27.0 msecs 592.897415 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0 secs, req_len=184, rep_start=1514568131.65064, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.028734, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0.0, req_len=120, rep_start=1514568131.651781, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=28.0 msecs 733.968735 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0 secs, req_len=120, rep_start=1514568131.651781, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.029354, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0.0, req_len=136, rep_start=1514568131.652401, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=29.0 msecs 353.85704 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0 secs, req_len=136, rep_start=1514568131.652401, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.030704, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0.0, req_len=116, rep_start=1514568131.653751, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=30.0 msecs 703.783035 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0 secs, req_len=116, rep_start=1514568131.653751, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a

80
testing/btest/Baseline/scripts.base.protocols.ntp.ntp-digest/.stdout
View file

@ -1,40 +1,40 @@
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.02623, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495804929.482904, key_id=1, digest=\xac\x01{i\x91\\xe5\xa7\xa9\xfbs\xac\x8b\xd1`;, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=26.0 msecs 229.858398 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495804929.482904, key_id=1, digest=\xac\x01{i\x91\\xe5\xa7\xa9\xfbs\xac\x8b\xd1`;, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.0271, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495804987.483591, key_id=1, digest=3\x03\x03\xf0\xaa\x15`\xf5i\xd8=\xfa\x10S\x80\xd4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=27.0 msecs 99.609375 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495804987.483591, key_id=1, digest=3\x03\x03\xf0\xaa\x15`\xf5i\xd8=\xfa\x10S\x80\xd4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.027374, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805006.483955, key_id=1, digest=\xbb\xdc\x86&\xa6\xfd\x0d\xd5q.4I\x04\xad\xeb\xe1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=27.0 msecs 374.267578 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805006.483955, key_id=1, digest=\xbb\xdc\x86&\xa6\xfd\x0d\xd5q.4I\x04\xad\xeb\xe1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.027939, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805043.484331, key_id=1, digest=\x97\x99\x90\x18t\xf8-k\xcdo0\x9945\xe1\xbf, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=27.0 msecs 938.842773 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805043.484331, key_id=1, digest=\x97\x99\x90\x18t\xf8-k\xcdo0\x9945\xe1\xbf, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.028503, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805081.484917, key_id=1, digest=}\xb9\x12\xfe\x8fT\xd2\x0fA\x8c\x86\x90\x9b\xf9\xd1p, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=28.0 msecs 503.417969 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805081.484917, key_id=1, digest=}\xb9\x12\xfe\x8fT\xd2\x0fA\x8c\x86\x90\x9b\xf9\xd1p, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.02887, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805105.48515, key_id=1, digest=\x8e\xb7\xe1\x0e\x86T\xdcsB\x05j\xe0|\xc9i\xa6, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=28.0 msecs 869.628906 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805105.48515, key_id=1, digest=\x8e\xb7\xe1\x0e\x86T\xdcsB\x05j\xe0|\xc9i\xa6, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.029678, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805159.485867, key_id=1, digest=.\x16\x11\x9e\xd1\xadJ\x16x}\x03f\x91\x11\x85_, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=29.0 msecs 678.344727 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805159.485867, key_id=1, digest=.\x16\x11\x9e\xd1\xadJ\x16x}\x03f\x91\x11\x85_, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.030334, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805203.486536, key_id=1, digest=\x1bu\x87"U\xa3\xbb*\xe7-\xecu`\x88\xb8z, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=30.0 msecs 334.472656 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805203.486536, key_id=1, digest=\x1bu\x87"U\xa3\xbb*\xe7-\xecu`\x88\xb8z, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.030396, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805207.486593, key_id=1, digest=\x10\x8eb\x92\x85\xc1\xd0#\x09\x93\x97\xff\x0a$&/, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=30.0 msecs 390.0 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805207.486593, key_id=1, digest=\x10\x8eb\x92\x85\xc1\xd0#\x09\x93\x97\xff\x0a$&/, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.031128, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805256.487243, key_id=1, digest=\xcc\x1f~\xa1\xdf\xe0.\x9f_,\xa65\x1a[\x01s, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=31.0 msecs 120.0 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805256.487243, key_id=1, digest=\xcc\x1f~\xa1\xdf\xe0.\x9f_,\xa65\x1a[\x01s, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.031479, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805279.487564, key_id=1, digest=}\xfd\xbf\x81\xae\x16\x07\x1b\x987kd\x9255\xf9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=31.0 msecs 478.881836 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805279.487564, key_id=1, digest=}\xfd\xbf\x81\xae\x16\x07\x1b\x987kd\x9255\xf9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.032242, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805330.48824, key_id=1, digest=\x90\xfc\x8c\x02\xa6w\x1f\xf2\x0aU\xfb\x04\x10\xe9\xe3\xfb, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=32.0 msecs 241.821289 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805330.48824, key_id=1, digest=\x90\xfc\x8c\x02\xa6w\x1f\xf2\x0aU\xfb\x04\x10\xe9\xe3\xfb, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.032639, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805357.488596, key_id=1, digest=\x96@\x0b\x95\x99W\xd7\xa8\xf6\x06\xf9\xa0B,\x1d\xd8, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=32.0 msecs 638.549805 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805357.488596, key_id=1, digest=\x96@\x0b\x95\x99W\xd7\xa8\xf6\x06\xf9\xa0B,\x1d\xd8, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.03302, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805382.488826, key_id=1, digest=\xd3\xd7\xd1Vn\xb7\x0e\xceg\xb9C\x0b\xc2\xac\xcc\xab, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=33.0 msecs 20.019531 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805382.488826, key_id=1, digest=\xd3\xd7\xd1Vn\xb7\x0e\xceg\xb9C\x0b\xc2\xac\xcc\xab, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.03392, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805442.489609, key_id=1, digest=\x93E\xaa\xdaj\xfc3d\x0c\xd1\xad\xb3\x83ce\xc9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=33.0 msecs 920.288086 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805442.489609, key_id=1, digest=\x93E\xaa\xdaj\xfc3d\x0c\xd1\xad\xb3\x83ce\xc9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.034058, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805451.489738, key_id=1, digest={\xaa\x86\xeb\x99\xb8H\xe4\x8b\x93\x7f\xfe\x84)%\xa4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=34.0 msecs 57.617187 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805451.489738, key_id=1, digest={\xaa\x86\xeb\x99\xb8H\xe4\x8b\x93\x7f\xfe\x84)%\xa4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.034088, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805453.489803, key_id=1, digest=1D0\x0f\x08\x16\x9fjs\xd4\xef}5\xa1\xf6\x9a, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=34.0 msecs 88.134766 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805453.489803, key_id=1, digest=1D0\x0f\x08\x16\x9fjs\xd4\xef}5\xa1\xf6\x9a, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.03421, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805461.489877, key_id=1, digest=nU~J\x8d\xe9m\xf3\.\xf1g\xb5loj, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=34.0 msecs 210.205078 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805461.489877, key_id=1, digest=nU~J\x8d\xe9m\xf3\.\xf1g\xb5loj, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.034454, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805478.490201, key_id=1, digest=\xa4\xf8A\x08\xbf\xda}F%\xf2Fl\x19\xff\xdd\xab, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=34.0 msecs 454.345703 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805478.490201, key_id=1, digest=\xa4\xf8A\x08\xbf\xda}F%\xf2Fl\x19\xff\xdd\xab, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.034851, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805504.490512, key_id=1, digest=\xb0\xeec=\xb3\x17\xa2\xc5\xab\xe5\x04\x82\xe3\xfcE\xa1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=34.0 msecs 851.074219 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805504.490512, key_id=1, digest=\xb0\xeec=\xb3\x17\xa2\xc5\xab\xe5\x04\x82\xe3\xfcE\xa1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.035263, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805532.49081, key_id=1, digest=\x0b\xa2\x86M\x0d\xdc%\xbc\xcbi\xe9\x81\xd6\x0d$\x80, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=35.0 msecs 263.061523 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805532.49081, key_id=1, digest=\x0b\xa2\x86M\x0d\xdc%\xbc\xcbi\xe9\x81\xd6\x0d$\x80, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.035339, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805537.490953, key_id=1, digest=\x01\xc1~\xeeJ'\x92g\x0cYI0\x0c\xd7\x91\xb1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=35.0 msecs 339.355469 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805537.490953, key_id=1, digest=\x01\xc1~\xeeJ'\x92g\x0cYI0\x0c\xd7\x91\xb1, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.035858, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805571.491412, key_id=1, digest=i\x90_\x89B\xf0\xe8Nq.\xe2t\xf1_jn, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=35.0 msecs 858.154297 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805571.491412, key_id=1, digest=i\x90_\x89B\xf0\xe8Nq.\xe2t\xf1_jn, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.036804, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805634.492157, key_id=1, digest=\x07p\xf5&\xff\x1b6\x04\xb3\x83/\xb9\xff\xcb\xf2\xc6, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=36.0 msecs 804.199219 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805634.492157, key_id=1, digest=\x07p\xf5&\xff\x1b6\x04\xb3\x83/\xb9\xff\xcb\xf2\xc6, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.036942, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805644.492282, key_id=1, digest=M\x05\xa9\x90'a\xbajGdb\xe03ZA\xf9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=36.0 msecs 941.52832 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805644.492282, key_id=1, digest=M\x05\xa9\x90'a\xbajGdb\xe03ZA\xf9, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.037735, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805696.492977, key_id=1, digest=\x17B\xcf\xb1y\x88\xdfA\xfe\xc2\x03u"J\xe9\xb0, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=37.0 msecs 734.985352 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805696.492977, key_id=1, digest=\x17B\xcf\xb1y\x88\xdfA\xfe\xc2\x03u"J\xe9\xb0, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.038666, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805758.493804, key_id=1, digest=\x99\xe3\xa8\x0c\xca@\xc1\x0c\x1c\xc9\xec=\x07\xc0d\xc7, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=38.0 msecs 665.771484 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805758.493804, key_id=1, digest=\x99\xe3\xa8\x0c\xca@\xc1\x0c\x1c\xc9\xec=\x07\xc0d\xc7, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.038925, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805776.494147, key_id=1, digest=T\x1bE\x16,{\x1b\x08\xc9\x05G\xce\xb9\xe2,\x9d, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=38.0 msecs 925.170898 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805776.494147, key_id=1, digest=T\x1bE\x16,{\x1b\x08\xc9\x05G\xce\xb9\xe2,\x9d, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.03952, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805815.494543, key_id=1, digest=\xb7\xa6\xc2'u\xdc\xcc\x86(\xe0^{\xdd\x8e\xde,, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=39.0 msecs 520.263672 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805815.494543, key_id=1, digest=\xb7\xa6\xc2'u\xdc\xcc\x86(\xe0^{\xdd\x8e\xde,, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.040253, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805864.495286, key_id=1, digest=\xfcU\x94Z\xca\x04x\xe0\x93z\xa2K\x89\xc0 \xb7, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=40.0 msecs 252.685547 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805864.495286, key_id=1, digest=\xfcU\x94Z\xca\x04x\xe0\x93z\xa2K\x89\xc0 \xb7, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.040268, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805865.495321, key_id=1, digest=\xf9& \x1a\xb2}O\xe5\xba\xd9\xfe\x0f\xf4J\x93P, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=40.0 msecs 267.944336 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805865.495321, key_id=1, digest=\xf9& \x1a\xb2}O\xe5\xba\xd9\xfe\x0f\xf4J\x93P, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.041031, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805916.495973, key_id=1, digest=\x8f\x8c\xb7\xcd\xd4{\x8f\x0b\x92\xee~\xa6\x17\x0e\xa1\x0f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=41.0 msecs 30.883789 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805916.495973, key_id=1, digest=\x8f\x8c\xb7\xcd\xd4{\x8f\x0b\x92\xee~\xa6\x17\x0e\xa1\x0f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.041748, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805964.496596, key_id=1, digest=L\xe68\xb6\x1d\x1d\x8cq\x0b\xb7\xf0N\xee\x9b\xb2j, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=41.0 msecs 748.046875 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805964.496596, key_id=1, digest=L\xe68\xb6\x1d\x1d\x8cq\x0b\xb7\xf0N\xee\x9b\xb2j, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.042175, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805992.496969, key_id=1, digest=D\xa4>MCS\x90h\x0f=[4u\xd0\x1f\x9f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=42.0 msecs 175.292969 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495805992.496969, key_id=1, digest=D\xa4>MCS\x90h\x0f=[4u\xd0\x1f\x9f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.042816, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806035.497545, key_id=1, digest=U\xcb]\xd3"NV\xb9[W\xa5!\xddl\x1f4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=42.0 msecs 816.162109 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806035.497545, key_id=1, digest=U\xcb]\xd3"NV\xb9[W\xa5!\xddl\x1f4, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.043106, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806055.497725, key_id=1, digest=Y\xdc\xc7]#\xb3\x9bV\xf7\x1b\xb3[\x8e\x836!, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=43.0 msecs 106.079102 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806055.497725, key_id=1, digest=Y\xdc\xc7]#\xb3\x9bV\xf7\x1b\xb3[\x8e\x836!, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.04332, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806069.497937, key_id=1, digest=\xd1-O\xc7-\xac\x10\x19\xa9h\xe4\x81;\xb4\x01e, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=43.0 msecs 319.702148 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806069.497937, key_id=1, digest=\xd1-O\xc7-\xac\x10\x19\xa9h\xe4\x81;\xb4\x01e, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.043488, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806080.498132, key_id=1, digest=\xe0\xa3^\x9ck*qa\x85\x1aVA|bJA, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=43.0 msecs 487.548828 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806080.498132, key_id=1, digest=\xe0\xa3^\x9ck*qa\x85\x1aVA|bJA, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.043793, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806100.498395, key_id=1, digest=;\x03\xae\x8a\xf1}ABj\x87\xa0\xf4\xa8C\xd7\x9f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=43.0 msecs 792.724609 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806100.498395, key_id=1, digest=;\x03\xae\x8a\xf1}ABj\x87\xa0\xf4\xa8C\xd7\x9f, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.002213, root_disp=0.044235, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806130.498813, key_id=1, digest=\x1e\xa7\xc3\xd2\xe3\x0e\x08!\x8f\xe3Z$&B\x96\x13, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 2003:51:6012:121::2 -> 2003:51:6012:110::dcf7:123:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=2.0 msecs 212.524414 usecs, root_disp=44.0 msecs 235.229492 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=182.165.128.219, ref_time=1495804247.476651, org_time=0.0, rec_time=0.0, xmt_time=1495806130.498813, key_id=1, digest=\x1e\xa7\xc3\xd2\xe3\x0e\x08!\x8f\xe3Z$&B\x96\x13, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]

64
testing/btest/Baseline/scripts.base.protocols.ntp.ntp/.stdout
View file

@ -1,32 +1,32 @@
ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.02417, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246548.048352, rec_time=1559246548.076756, xmt_time=1559246614.027421, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 169.921875 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246548.048352, rec_time=1559246548.076756, xmt_time=1559246614.027421, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=4, std_msg=[stratum=4, poll=64.0, precision=0, root_delay=0.048843, root_disp=0.07135, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=105.237.207.28, ref_time=1559245852.721794, org_time=1559246614.027421, rec_time=1559246614.048376, xmt_time=1559246614.048407, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=4, std_msg=[stratum=4, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=48.0 msecs 843.383789 usecs, root_disp=71.0 msecs 350.097656 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=105.237.207.28, ref_time=1559245852.721794, org_time=1559246614.027421, rec_time=1559246614.048376, xmt_time=1559246614.048407, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024216, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246550.040662, rec_time=1559246550.063198, xmt_time=1559246617.027452, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 215.698242 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246550.040662, rec_time=1559246550.063198, xmt_time=1559246617.027452, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.003799, root_disp=0.032959, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245541.537424, org_time=1559246617.027452, rec_time=1559246617.040799, xmt_time=1559246617.040813, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.119209 usecs, root_delay=3.0 msecs 799.438477 usecs, root_disp=32.0 msecs 958.984375 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245541.537424, org_time=1559246617.027452, rec_time=1559246617.040799, xmt_time=1559246617.040813, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024246, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.074199, rec_time=1559246553.094855, xmt_time=1559246619.027384, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 246.21582 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.074199, rec_time=1559246553.094855, xmt_time=1559246619.027384, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.040375, root_disp=0.001266, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=195.113.144.238, ref_time=1559246560.207644, org_time=1559246619.027384, rec_time=1559246619.054018, xmt_time=1559246619.054053, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=40.0 msecs 374.755859 usecs, root_disp=1.0 msec 266.479492 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=195.113.144.238, ref_time=1559246560.207644, org_time=1559246619.027384, rec_time=1559246619.054018, xmt_time=1559246619.054053, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024261, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246551.034239, rec_time=1559246551.058223, xmt_time=1559246620.027408, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 261.474609 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246551.034239, rec_time=1559246551.058223, xmt_time=1559246620.027408, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024261, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.067084, rec_time=1559246553.088704, xmt_time=1559246620.027461, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 261.474609 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.067084, rec_time=1559246553.088704, xmt_time=1559246620.027461, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024261, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246554.041266, rec_time=1559246554.063055, xmt_time=1559246620.027475, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 261.474609 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246554.041266, rec_time=1559246554.063055, xmt_time=1559246620.027475, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.003235, root_disp=0.000275, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246481.481997, org_time=1559246620.027461, rec_time=1559246620.040139, xmt_time=1559246620.040206, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=3.0 msecs 234.863281 usecs, root_disp=274.658203 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246481.481997, org_time=1559246620.027461, rec_time=1559246620.040139, xmt_time=1559246620.040206, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013397, root_disp=0.053787, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559244627.070973, org_time=1559246620.027408, rec_time=1559246620.043959, xmt_time=1559246620.043985, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=13.0 msecs 397.216797 usecs, root_disp=53.0 msecs 787.231445 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559244627.070973, org_time=1559246620.027408, rec_time=1559246620.043959, xmt_time=1559246620.043985, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000001, root_delay=0.00351, root_disp=0.036545, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245278.44239, org_time=1559246620.027475, rec_time=1559246620.048058, xmt_time=1559246620.048074, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.953674 usecs, root_delay=3.0 msecs 509.521484 usecs, root_disp=36.0 msecs 544.799805 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245278.44239, org_time=1559246620.027475, rec_time=1559246620.048058, xmt_time=1559246620.048074, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024277, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.072776, rec_time=1559246553.094814, xmt_time=1559246621.027421, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 276.733398 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.072776, rec_time=1559246553.094814, xmt_time=1559246621.027421, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.01091, root_disp=0.033463, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245577.265702, org_time=1559246621.027421, rec_time=1559246621.073143, xmt_time=1559246621.073172, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=10.0 msecs 910.03418 usecs, root_disp=33.0 msecs 462.524414 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245577.265702, org_time=1559246621.027421, rec_time=1559246621.073143, xmt_time=1559246621.073172, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024292, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246556.043833, rec_time=1559246556.073681, xmt_time=1559246622.027384, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 291.992187 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246556.043833, rec_time=1559246556.073681, xmt_time=1559246622.027384, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024292, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.078959, rec_time=1559246553.100708, xmt_time=1559246622.027446, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 291.992187 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.078959, rec_time=1559246553.100708, xmt_time=1559246622.027446, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024292, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.085177, rec_time=1559246553.102587, xmt_time=1559246622.027464, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 291.992187 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246553.085177, rec_time=1559246553.102587, xmt_time=1559246622.027464, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024292, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246554.041367, rec_time=1559246554.069181, xmt_time=1559246622.027478, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 291.992187 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246554.041367, rec_time=1559246554.069181, xmt_time=1559246622.027478, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013733, root_disp=0.041672, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245709.302032, org_time=1559246622.027446, rec_time=1559246622.071899, xmt_time=1559246622.071924, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.119209 usecs, root_delay=13.0 msecs 732.910156 usecs, root_disp=41.0 msecs 671.75293 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245709.302032, org_time=1559246622.027446, rec_time=1559246622.071899, xmt_time=1559246622.071924, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000002, root_delay=0.00351, root_disp=0.038559, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245178.020777, org_time=1559246622.027478, rec_time=1559246622.068521, xmt_time=1559246622.06856, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=1.907349 usecs, root_delay=3.0 msecs 509.521484 usecs, root_disp=38.0 msecs 558.959961 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245178.020777, org_time=1559246622.027478, rec_time=1559246622.068521, xmt_time=1559246622.06856, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0, precision=0, root_delay=0.0, root_disp=0.0, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1559246622.0, org_time=1559246622.027384, rec_time=1559246622.073734, xmt_time=1559246622.07374, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0 secs, precision=0.029802 usecs, root_delay=0 secs, root_disp=0 secs, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1559246622.0, org_time=1559246622.027384, rec_time=1559246622.073734, xmt_time=1559246622.07374, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.042236, root_disp=0.03743, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246622.027464, rec_time=1559246622.086267, xmt_time=1559246622.086348, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=42.0 msecs 236.328125 usecs, root_disp=37.0 msecs 429.80957 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246622.027464, rec_time=1559246622.086267, xmt_time=1559246622.086348, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024307, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246556.032041, rec_time=1559246556.054612, xmt_time=1559246623.027478, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 307.250977 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246556.032041, rec_time=1559246556.054612, xmt_time=1559246623.027478, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024307, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246555.051459, rec_time=1559246555.077253, xmt_time=1559246623.027521, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 307.250977 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246555.051459, rec_time=1559246555.077253, xmt_time=1559246623.027521, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.025391, root_disp=0.011642, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246412.455332, org_time=1559246623.027478, rec_time=1559246623.041209, xmt_time=1559246623.04122, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=25.0 msecs 390.625 usecs, root_disp=11.0 msecs 642.456055 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246412.455332, org_time=1559246623.027478, rec_time=1559246623.041209, xmt_time=1559246623.04122, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=4, std_msg=[stratum=4, poll=64.0, precision=0, root_delay=0.036835, root_disp=0.046951, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=73.98.4.223, ref_time=1559245789.870424, org_time=1559246623.027521, rec_time=1559246623.04836, xmt_time=1559246623.048416, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=4, std_msg=[stratum=4, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=36.0 msecs 834.716797 usecs, root_disp=46.0 msecs 951.293945 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=73.98.4.223, ref_time=1559245789.870424, org_time=1559246623.027521, rec_time=1559246623.04836, xmt_time=1559246623.048416, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024353, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246557.07812, rec_time=1559246557.097844, xmt_time=1559246626.027432, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 353.027344 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246557.07812, rec_time=1559246557.097844, xmt_time=1559246626.027432, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024353, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246558.043947, rec_time=1559246558.067904, xmt_time=1559246626.027514, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 353.027344 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246558.043947, rec_time=1559246558.067904, xmt_time=1559246626.027514, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013535, root_disp=0.025497, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246283.180069, org_time=1559246626.027514, rec_time=1559246626.044105, xmt_time=1559246626.044139, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=13.0 msecs 534.545898 usecs, root_disp=25.0 msecs 497.436523 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246283.180069, org_time=1559246626.027514, rec_time=1559246626.044105, xmt_time=1559246626.044139, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.042236, root_disp=0.037491, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246626.027432, rec_time=1559246626.058084, xmt_time=1559246626.058151, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=42.0 msecs 236.328125 usecs, root_disp=37.0 msecs 490.844727 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246626.027432, rec_time=1559246626.058084, xmt_time=1559246626.058151, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.024368, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246560.040576, rec_time=1559246560.064668, xmt_time=1559246627.027459, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=24.0 msecs 368.286133 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246560.040576, rec_time=1559246560.064668, xmt_time=1559246627.027459, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=4, std_msg=[stratum=3, poll=64.0, precision=0.000001, root_delay=0.011765, root_disp=0.001526, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=185.19.184.35, ref_time=1559245638.390748, org_time=1559246627.027459, rec_time=1559246627.050401, xmt_time=1559246627.050438, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=4, std_msg=[stratum=3, poll=1.0 min 4.0 secs, precision=0.953674 usecs, root_delay=11.0 msecs 764.526367 usecs, root_disp=1.0 msec 525.878906 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=185.19.184.35, ref_time=1559245638.390748, org_time=1559246627.027459, rec_time=1559246627.050401, xmt_time=1559246627.050438, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]

4
testing/btest/Baseline/scripts.base.protocols.ntp.ntp/ntp.log
View file

@ -3,7 +3,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path ntp #path ntp
#open 2019-06-16-00-50-01 #open 2020-06-03-01-02-15
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version mode stratum poll precision root_delay root_disp ref_id ref_time org_time rec_time xmt_time num_exts #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version mode stratum poll precision root_delay root_disp ref_id ref_time org_time rec_time xmt_time num_exts
#types time string addr port addr port count count count interval interval interval interval string time time time time count #types time string addr port addr port count count count interval interval interval interval string time time time time count
1559246614.027454 CHhAvVGS1DHFjwGM9 192.168.43.118 123 80.211.52.109 123 4 3 2 64.000000 0.000000 0.046280 0.024170 85.199.214.99 1559246556.073681 1559246548.048352 1559246548.076756 1559246614.027421 0 1559246614.027454 CHhAvVGS1DHFjwGM9 192.168.43.118 123 80.211.52.109 123 4 3 2 64.000000 0.000000 0.046280 0.024170 85.199.214.99 1559246556.073681 1559246548.048352 1559246548.076756 1559246614.027421 0
@ -38,4 +38,4 @@
1559246626.075079 Ck51lg1bScffFj34Ri 192.168.43.118 123 147.135.207.213 123 4 4 2 64.000000 0.000008 0.042236 0.037491 212.7.1.132 1559245356.576177 1559246626.027432 1559246626.058084 1559246626.058151 0 1559246626.075079 Ck51lg1bScffFj34Ri 192.168.43.118 123 147.135.207.213 123 4 4 2 64.000000 0.000008 0.042236 0.037491 212.7.1.132 1559245356.576177 1559246626.027432 1559246626.058084 1559246626.058151 0
1559246627.027502 CNnMIj2QSd84NKf7U3 192.168.43.118 123 80.211.88.132 123 3 3 2 64.000000 0.000000 0.046280 0.024368 85.199.214.99 1559246556.073681 1559246560.040576 1559246560.064668 1559246627.027459 0 1559246627.027502 CNnMIj2QSd84NKf7U3 192.168.43.118 123 80.211.88.132 123 3 3 2 64.000000 0.000000 0.046280 0.024368 85.199.214.99 1559246556.073681 1559246560.040576 1559246560.064668 1559246627.027459 0
1559246627.073485 CNnMIj2QSd84NKf7U3 192.168.43.118 123 80.211.88.132 123 3 4 3 64.000000 0.000001 0.011765 0.001526 185.19.184.35 1559245638.390748 1559246627.027459 1559246627.050401 1559246627.050438 0 1559246627.073485 CNnMIj2QSd84NKf7U3 192.168.43.118 123 80.211.88.132 123 3 4 3 64.000000 0.000001 0.011765 0.001526 185.19.184.35 1559245638.390748 1559246627.027459 1559246627.050401 1559246627.050438 0
#close 2019-06-16-00-50-01 #close 2020-06-03-01-02-15

68
testing/btest/Baseline/scripts.base.protocols.ntp.ntp2/.stdout
View file

@ -1,35 +1,35 @@
ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028229, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246818.058351, rec_time=1559246818.079217, xmt_time=1559246885.027449, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 228.759766 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246818.058351, rec_time=1559246818.079217, xmt_time=1559246885.027449, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=4, std_msg=[stratum=4, poll=64.0, precision=0, root_delay=0.048843, root_disp=0.075409, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=105.237.207.28, ref_time=1559245852.721794, org_time=1559246885.027449, rec_time=1559246885.069212, xmt_time=1559246885.069247, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.52.109:123 [version=4, mode=4, std_msg=[stratum=4, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=48.0 msecs 843.383789 usecs, root_disp=75.0 msecs 408.935547 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=105.237.207.28, ref_time=1559245852.721794, org_time=1559246885.027449, rec_time=1559246885.069212, xmt_time=1559246885.069247, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028259, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246820.060608, rec_time=1559246820.081498, xmt_time=1559246887.027425, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 259.277344 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246820.060608, rec_time=1559246820.081498, xmt_time=1559246887.027425, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.003799, root_disp=0.037018, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245541.537424, org_time=1559246887.027425, rec_time=1559246887.050758, xmt_time=1559246887.050774, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.88:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.119209 usecs, root_delay=3.0 msecs 799.438477 usecs, root_disp=37.0 msecs 17.822266 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245541.537424, org_time=1559246887.027425, rec_time=1559246887.050758, xmt_time=1559246887.050774, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028275, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246819.064014, rec_time=1559246819.079147, xmt_time=1559246888.027454, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 274.536133 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246819.064014, rec_time=1559246819.079147, xmt_time=1559246888.027454, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028275, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.050275, rec_time=1559246822.064562, xmt_time=1559246888.030021, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 274.536133 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.050275, rec_time=1559246822.064562, xmt_time=1559246888.030021, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.003235, root_disp=0.000565, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246481.481997, org_time=1559246888.030021, rec_time=1559246888.22033, xmt_time=1559246888.220401, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 185.19.184.35:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=3.0 msecs 234.863281 usecs, root_disp=564.575195 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246481.481997, org_time=1559246888.030021, rec_time=1559246888.22033, xmt_time=1559246888.220401, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.040375, root_disp=0.001236, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=195.113.144.238, ref_time=1559246882.967102, org_time=1559246888.027454, rec_time=1559246888.234035, xmt_time=1559246888.234061, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.131.188:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=40.0 msecs 374.755859 usecs, root_disp=1.0 msec 235.961914 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=195.113.144.238, ref_time=1559246882.967102, org_time=1559246888.027454, rec_time=1559246888.234035, xmt_time=1559246888.234061, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.02829, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.05809, rec_time=1559246822.069097, xmt_time=1559246889.027449, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 289.794922 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.05809, rec_time=1559246822.069097, xmt_time=1559246889.027449, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000001, root_delay=0.00351, root_disp=0.040573, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245278.44239, org_time=1559246889.027449, rec_time=1559246889.061203, xmt_time=1559246889.06122, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.3:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.953674 usecs, root_delay=3.0 msecs 509.521484 usecs, root_disp=40.0 msecs 573.120117 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245278.44239, org_time=1559246889.027449, rec_time=1559246889.061203, xmt_time=1559246889.06122, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028305, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246824.073855, rec_time=1559246824.095227, xmt_time=1559246890.027469, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 305.053711 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246824.073855, rec_time=1559246824.095227, xmt_time=1559246890.027469, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028305, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246821.052836, rec_time=1559246821.069165, xmt_time=1559246890.027512, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 305.053711 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246821.052836, rec_time=1559246821.069165, xmt_time=1559246890.027512, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028305, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246823.12395, rec_time=1559246823.295751, xmt_time=1559246890.027523, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 305.053711 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246823.12395, rec_time=1559246823.295751, xmt_time=1559246890.027523, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013596, root_disp=0.025208, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246828.086879, org_time=1559246890.027523, rec_time=1559246890.060644, xmt_time=1559246890.060687, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 188.213.165.209:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=13.0 msecs 595.581055 usecs, root_disp=25.0 msecs 207.519531 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246828.086879, org_time=1559246890.027523, rec_time=1559246890.060644, xmt_time=1559246890.060687, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.01091, root_disp=0.037491, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245577.265702, org_time=1559246890.027512, rec_time=1559246890.069012, xmt_time=1559246890.069048, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 31.14.133.122:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=10.0 msecs 910.03418 usecs, root_disp=37.0 msecs 490.844727 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559245577.265702, org_time=1559246890.027512, rec_time=1559246890.069012, xmt_time=1559246890.069048, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0, precision=0, root_delay=0.0, root_disp=0.0, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1559246890.0, org_time=1559246890.027469, rec_time=1559246890.070262, xmt_time=1559246890.070268, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 85.199.214.99:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0 secs, precision=0.029802 usecs, root_delay=0 secs, root_disp=0 secs, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1559246890.0, org_time=1559246890.027469, rec_time=1559246890.070262, xmt_time=1559246890.070268, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.02832, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.05173, rec_time=1559246822.067161, xmt_time=1559246891.027395, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 320.3125 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246822.05173, rec_time=1559246822.067161, xmt_time=1559246891.027395, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.02832, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246825.052045, rec_time=1559246825.066358, xmt_time=1559246891.029953, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 320.3125 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246825.052045, rec_time=1559246825.066358, xmt_time=1559246891.029953, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.025391, root_disp=0.015671, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246412.455332, org_time=1559246891.027395, rec_time=1559246891.051818, xmt_time=1559246891.051827, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 93.41.196.243:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=25.0 msecs 390.625 usecs, root_disp=15.0 msecs 670.776367 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246412.455332, org_time=1559246891.027395, rec_time=1559246891.051818, xmt_time=1559246891.051827, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013657, root_disp=0.025818, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246788.670839, org_time=1559246891.029953, rec_time=1559246891.061992, xmt_time=1559246891.062023, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 94.177.187.22:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.119209 usecs, root_delay=13.0 msecs 656.616211 usecs, root_disp=25.0 msecs 817.871094 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.233, ref_time=1559246788.670839, org_time=1559246891.029953, rec_time=1559246891.061992, xmt_time=1559246891.062023, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028336, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246824.061335, rec_time=1559246824.08282, xmt_time=1559246892.027401, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 335.571289 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246824.061335, rec_time=1559246824.08282, xmt_time=1559246892.027401, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000002, root_delay=0.00351, root_disp=0.042603, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245178.020777, org_time=1559246892.027401, rec_time=1559246892.05139, xmt_time=1559246892.051436, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 212.45.144.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=1.907349 usecs, root_delay=3.0 msecs 509.521484 usecs, root_disp=42.0 msecs 602.539062 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559245178.020777, org_time=1559246892.027401, rec_time=1559246892.05139, xmt_time=1559246892.051436, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028366, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246825.064608, rec_time=1559246825.074985, xmt_time=1559246894.027491, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 366.088867 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246825.064608, rec_time=1559246825.074985, xmt_time=1559246894.027491, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.042236, root_disp=0.041504, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246894.027491, rec_time=1559246894.059304, xmt_time=1559246894.05938, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.214:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=42.0 msecs 236.328125 usecs, root_disp=41.0 msecs 503.90625 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246894.027491, rec_time=1559246894.059304, xmt_time=1559246894.05938, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028427, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246829.060691, rec_time=1559246829.079018, xmt_time=1559246898.027403, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 427.124023 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246829.060691, rec_time=1559246829.079018, xmt_time=1559246898.027403, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028427, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246830.0714, rec_time=1559246830.08971, xmt_time=1559246898.029953, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 427.124023 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246830.0714, rec_time=1559246830.08971, xmt_time=1559246898.029953, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=4, std_msg=[stratum=3, poll=64.0, precision=0.000001, root_delay=0.011917, root_disp=0.000565, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=185.19.184.35, ref_time=1559246667.219303, org_time=1559246898.027403, rec_time=1559246898.077958, xmt_time=1559246898.078029, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.88.132:123 [version=3, mode=4, std_msg=[stratum=3, poll=1.0 min 4.0 secs, precision=0.953674 usecs, root_delay=11.0 msecs 917.114258 usecs, root_disp=564.575195 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=185.19.184.35, ref_time=1559246667.219303, org_time=1559246898.027403, rec_time=1559246898.077958, xmt_time=1559246898.078029, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=4, std_msg=[stratum=4, poll=64.0, precision=0, root_delay=0.036819, root_disp=0.050842, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=73.98.4.223, ref_time=1559246822.40751, org_time=1559246898.029953, rec_time=1559246898.078347, xmt_time=1559246898.07843, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.171.177:123 [version=4, mode=4, std_msg=[stratum=4, poll=1.0 min 4.0 secs, precision=0.059605 usecs, root_delay=36.0 msecs 819.458008 usecs, root_disp=50.0 msecs 842.285156 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=73.98.4.223, ref_time=1559246822.40751, org_time=1559246898.029953, rec_time=1559246898.078347, xmt_time=1559246898.07843, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028458, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246833.067975, rec_time=1559246833.07965, xmt_time=1559246900.027439, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 457.641602 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246833.067975, rec_time=1559246833.07965, xmt_time=1559246900.027439, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.04628, root_disp=0.028458, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246831.053954, rec_time=1559246831.069547, xmt_time=1559246900.030036, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=3, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.238419 usecs, root_delay=46.0 msecs 279.907227 usecs, root_disp=28.0 msecs 457.641602 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=85.199.214.99, ref_time=1559246556.073681, org_time=1559246831.053954, rec_time=1559246831.069547, xmt_time=1559246900.030036, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0, root_delay=0.013535, root_disp=0.029602, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246283.180069, org_time=1559246900.030036, rec_time=1559246900.08881, xmt_time=1559246900.088844, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 80.211.155.206:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=0.476837 usecs, root_delay=13.0 msecs 534.545898 usecs, root_disp=29.0 msecs 602.050781 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=193.204.114.232, ref_time=1559246283.180069, org_time=1559246900.030036, rec_time=1559246900.08881, xmt_time=1559246900.088844, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=4, std_msg=[stratum=2, poll=64.0, precision=0.000008, root_delay=0.042236, root_disp=0.041595, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246900.027439, rec_time=1559246900.103765, xmt_time=1559246900.103887, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 147.135.207.213:123 [version=4, mode=4, std_msg=[stratum=2, poll=1.0 min 4.0 secs, precision=7.629395 usecs, root_delay=42.0 msecs 236.328125 usecs, root_disp=41.0 msecs 595.458984 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=212.7.1.132, ref_time=1559245356.576177, org_time=1559246900.027439, rec_time=1559246900.103765, xmt_time=1559246900.103887, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=4, mode=3, std_msg=[stratum=0, poll=16.0, precision=0.015625, root_delay=1.0, root_disp=1.0, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1101309131.444112, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=4, mode=3, std_msg=[stratum=0, poll=16.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=1.0 sec, root_disp=1.0 sec, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1101309131.444112, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0, precision=0, root_delay=0.0, root_disp=0.000122, kiss_code=<uninitialized>, ref_id=CTD\x00, ref_addr=<uninitialized>, ref_time=1559246910.937978, org_time=1101309131.444112, rec_time=1559246940.281161, xmt_time=1559246940.281191, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=4, mode=4, std_msg=[stratum=1, poll=16.0 secs, precision=0.119209 usecs, root_delay=0 secs, root_disp=122.070312 usecs, kiss_code=<uninitialized>, ref_id=CTD\x00, ref_addr=<uninitialized>, ref_time=1559246910.937978, org_time=1101309131.444112, rec_time=1559246940.281161, xmt_time=1559246940.281191, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=2, mode=7, std_msg=<uninitialized>, control_msg=<uninitialized>, mode7_msg=[req_code=42, auth_bit=F, sequence=0, implementation=3, err=0, data=<uninitialized>]] ntp_message 192.168.43.118 -> 193.204.114.232:123 [version=2, mode=7, std_msg=<uninitialized>, control_msg=<uninitialized>, mode7_msg=[req_code=42, auth_bit=F, sequence=0, implementation=3, err=0, data=<uninitialized>]]

60
testing/btest/Baseline/scripts.base.protocols.ntp.ntp3/.stdout
View file

@ -1,30 +1,30 @@
ntp_message 192.168.50.50 -> 67.129.68.9:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 67.129.68.9:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 69.44.57.60:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 69.44.57.60:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 207.234.209.181:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 207.234.209.181:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 209.132.176.4:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 209.132.176.4:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 216.27.185.42:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 216.27.185.42:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 24.34.79.42:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 24.34.79.42:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 24.123.202.230:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 24.123.202.230:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 63.164.62.249:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 63.164.62.249:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 64.112.189.11:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 64.112.189.11:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 65.125.233.206:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 65.125.233.206:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.922896, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.33.206.5:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.33.206.5:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.33.216.11:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.33.216.11:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.92.68.246:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.92.68.246:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.111.46.200:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.111.46.200:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.115.136.4:123 [version=3, mode=1, std_msg=[stratum=0, poll=1024.0, precision=0.015625, root_delay=0.0, root_disp=1.01001, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.115.136.4:123 [version=3, mode=1, std_msg=[stratum=0, poll=17.0 mins 4.0 secs, precision=15.0 msecs 625.0 usecs, root_delay=0 secs, root_disp=1.0 sec 10.0 msecs 9.765625 usecs, kiss_code=\x00\x00\x00\x00, ref_id=<uninitialized>, ref_addr=<uninitialized>, ref_time=0.0, org_time=0.0, rec_time=0.0, xmt_time=1096255084.932911, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 69.44.57.60:123 [version=3, mode=2, std_msg=[stratum=3, poll=1024.0, precision=0.000004, root_delay=0.109238, root_disp=0.081726, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=81.174.128.183, ref_time=1096254668.551001, org_time=1096255084.922896, rec_time=1096255083.809713, xmt_time=1096255083.80976, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 69.44.57.60:123 [version=3, mode=2, std_msg=[stratum=3, poll=17.0 mins 4.0 secs, precision=3.814697 usecs, root_delay=109.0 msecs 237.670898 usecs, root_disp=81.0 msecs 726.074219 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=81.174.128.183, ref_time=1096254668.551001, org_time=1096255084.922896, rec_time=1096255083.809713, xmt_time=1096255083.80976, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 24.123.202.230:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000001, root_delay=0.030319, root_disp=0.185547, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.30.92.2, ref_time=1096252181.259041, org_time=1096255084.922896, rec_time=1096255083.821124, xmt_time=1096255083.821134, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 24.123.202.230:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=0.953674 usecs, root_delay=30.0 msecs 319.213867 usecs, root_disp=185.0 msecs 546.875 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.30.92.2, ref_time=1096252181.259041, org_time=1096255084.922896, rec_time=1096255083.821124, xmt_time=1096255083.821134, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 67.129.68.9:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000008, root_delay=0.060455, root_disp=7.46431, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=17.254.0.49, ref_time=1095788645.064548, org_time=1096255084.922896, rec_time=1096255083.848508, xmt_time=1096255083.848601, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 67.129.68.9:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=7.629395 usecs, root_delay=60.0 msecs 455.322266 usecs, root_disp=7.0 secs 464.0 msecs 309.692383 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=17.254.0.49, ref_time=1095788645.064548, org_time=1096255084.922896, rec_time=1096255083.848508, xmt_time=1096255083.848601, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 65.125.233.206:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000031, root_delay=0.023254, root_disp=0.012848, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=130.207.244.240, ref_time=1096254901.858123, org_time=1096255084.922896, rec_time=1096255083.828025, xmt_time=1096255083.828189, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 65.125.233.206:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=30.517578 usecs, root_delay=23.0 msecs 254.394531 usecs, root_disp=12.0 msecs 847.900391 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=130.207.244.240, ref_time=1096254901.858123, org_time=1096255084.922896, rec_time=1096255083.828025, xmt_time=1096255083.828189, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 63.164.62.249:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000001, root_delay=0.015015, root_disp=0.037491, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=18.145.0.30, ref_time=1096254668.213801, org_time=1096255084.922896, rec_time=1096255083.829249, xmt_time=1096255083.829301, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 63.164.62.249:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=0.953674 usecs, root_delay=15.0 msecs 10.0 usecs, root_disp=37.0 msecs 490.0 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=18.145.0.30, ref_time=1096254668.213801, org_time=1096255084.922896, rec_time=1096255083.829249, xmt_time=1096255083.829301, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 207.234.209.181:123 [version=3, mode=2, std_msg=[stratum=3, poll=1024.0, precision=0.000008, root_delay=0.072678, root_disp=0.035049, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.82.1.203, ref_time=1096254326.1896, org_time=1096255084.922896, rec_time=1096255083.824154, xmt_time=1096255083.824174, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 207.234.209.181:123 [version=3, mode=2, std_msg=[stratum=3, poll=17.0 mins 4.0 secs, precision=7.629395 usecs, root_delay=72.0 msecs 677.612305 usecs, root_disp=35.0 msecs 49.438477 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.82.1.203, ref_time=1096254326.1896, org_time=1096255084.922896, rec_time=1096255083.824154, xmt_time=1096255083.824174, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.92.68.246:123 [version=3, mode=2, std_msg=[stratum=1, poll=1024.0, precision=0.000015, root_delay=0.0, root_disp=0.00032, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1096255078.223498, org_time=1096255084.932911, rec_time=1096255083.836845, xmt_time=1096255083.83687, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.92.68.246:123 [version=3, mode=2, std_msg=[stratum=1, poll=17.0 mins 4.0 secs, precision=15.258789 usecs, root_delay=0 secs, root_disp=320.43457 usecs, kiss_code=<uninitialized>, ref_id=GPS\x00, ref_addr=<uninitialized>, ref_time=1096255078.223498, org_time=1096255084.932911, rec_time=1096255083.836845, xmt_time=1096255083.83687, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 24.34.79.42:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000031, root_delay=0.123322, root_disp=0.039917, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=131.107.1.10, ref_time=1096254970.010788, org_time=1096255084.922896, rec_time=1096255083.825662, xmt_time=1096255083.825692, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 24.34.79.42:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=30.517578 usecs, root_delay=123.0 msecs 320.0 usecs, root_disp=39.0 msecs 910.0 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=131.107.1.10, ref_time=1096254970.010788, org_time=1096255084.922896, rec_time=1096255083.825662, xmt_time=1096255083.825692, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.115.136.4:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000008, root_delay=0.016632, root_disp=0.028641, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=130.207.244.240, ref_time=1096254406.517429, org_time=1096255084.932911, rec_time=1096255083.853291, xmt_time=1096255083.853336, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.115.136.4:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=7.629395 usecs, root_delay=16.0 msecs 632.080078 usecs, root_disp=28.0 msecs 640.74707 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=130.207.244.240, ref_time=1096254406.517429, org_time=1096255084.932911, rec_time=1096255083.853291, xmt_time=1096255083.853336, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.33.206.5:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000004, root_delay=0.01236, root_disp=0.022202, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=192.12.19.20, ref_time=1096255027.694744, org_time=1096255084.932911, rec_time=1096255083.850895, xmt_time=1096255083.850907, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.33.206.5:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=3.814697 usecs, root_delay=12.0 msecs 359.619141 usecs, root_disp=22.0 msecs 201.538086 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=192.12.19.20, ref_time=1096255027.694744, org_time=1096255084.932911, rec_time=1096255083.850895, xmt_time=1096255083.850907, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.33.216.11:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000001, root_delay=0.009857, root_disp=0.043747, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=204.123.2.72, ref_time=1096254508.255586, org_time=1096255084.932911, rec_time=1096255083.850965, xmt_time=1096255083.851024, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.33.216.11:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=0.953674 usecs, root_delay=9.0 msecs 857.177734 usecs, root_disp=43.0 msecs 746.948242 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=204.123.2.72, ref_time=1096254508.255586, org_time=1096255084.932911, rec_time=1096255083.850965, xmt_time=1096255083.851024, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 66.111.46.200:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000001, root_delay=0.056396, root_disp=0.062164, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.30.92.2, ref_time=1096253376.841474, org_time=1096255084.932911, rec_time=1096255083.847619, xmt_time=1096255083.847644, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 66.111.46.200:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=0.953674 usecs, root_delay=56.0 msecs 396.484375 usecs, root_disp=62.0 msecs 164.306641 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=198.30.92.2, ref_time=1096253376.841474, org_time=1096255084.932911, rec_time=1096255083.847619, xmt_time=1096255083.847644, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 64.112.189.11:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000015, root_delay=0.081268, root_disp=0.029877, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=128.10.252.6, ref_time=1096254706.14029, org_time=1096255084.922896, rec_time=1096255083.850451, xmt_time=1096255083.850465, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 64.112.189.11:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=15.258789 usecs, root_delay=81.0 msecs 268.310547 usecs, root_disp=29.0 msecs 876.708984 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=128.10.252.6, ref_time=1096254706.14029, org_time=1096255084.922896, rec_time=1096255083.850451, xmt_time=1096255083.850465, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 216.27.185.42:123 [version=3, mode=2, std_msg=[stratum=2, poll=1024.0, precision=0.000004, root_delay=0.029846, root_disp=0.045456, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=164.67.62.194, ref_time=1096254209.896379, org_time=1096255084.922896, rec_time=1096255083.849099, xmt_time=1096255083.849269, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 216.27.185.42:123 [version=3, mode=2, std_msg=[stratum=2, poll=17.0 mins 4.0 secs, precision=3.814697 usecs, root_delay=29.0 msecs 846.191406 usecs, root_disp=45.0 msecs 455.932617 usecs, kiss_code=<uninitialized>, ref_id=<uninitialized>, ref_addr=164.67.62.194, ref_time=1096254209.896379, org_time=1096255084.922896, rec_time=1096255083.849099, xmt_time=1096255083.849269, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]
ntp_message 192.168.50.50 -> 209.132.176.4:123 [version=3, mode=2, std_msg=[stratum=1, poll=1024.0, precision=0.000015, root_delay=0.0, root_disp=0.000504, kiss_code=<uninitialized>, ref_id=CDMA, ref_addr=<uninitialized>, ref_time=1096255068.944018, org_time=1096255084.922896, rec_time=1096255083.827772, xmt_time=1096255083.828313, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>] ntp_message 192.168.50.50 -> 209.132.176.4:123 [version=3, mode=2, std_msg=[stratum=1, poll=17.0 mins 4.0 secs, precision=15.258789 usecs, root_delay=0 secs, root_disp=503.540039 usecs, kiss_code=<uninitialized>, ref_id=CDMA, ref_addr=<uninitialized>, ref_time=1096255068.944018, org_time=1096255084.922896, rec_time=1096255083.827772, xmt_time=1096255083.828313, key_id=<uninitialized>, digest=<uninitialized>, num_exts=0], control_msg=<uninitialized>, mode7_msg=<uninitialized>]

456
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
View file

File diff suppressed because one or more lines are too long

88
testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
View file

@ -1,5 +1,5 @@
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
@ -7,7 +7,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
@ -15,7 +15,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=0.690617, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
@ -23,13 +23,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.224809 smtp_request 1254722768.224809 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=0.695763, service={\x0aSMTP\x0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = EHLO [2] command: string = EHLO
[3] arg: string = GP [3] arg: string = GP
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -37,7 +37,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -45,7 +45,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -53,7 +53,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -61,7 +61,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -69,7 +69,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.037137, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -77,13 +77,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.568729 smtp_request 1254722768.568729 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.039683, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = AUTH [2] command: string = AUTH
[3] arg: string = LOGIN [3] arg: string = LOGIN
1254722768.911081 smtp_reply 1254722768.911081 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.382035, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 334 [2] code: count = 334
[3] cmd: string = AUTH [3] cmd: string = AUTH
@ -91,13 +91,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.911655 smtp_request 1254722768.911655 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.382609, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = ** [2] command: string = **
[3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu
1254722769.253544 smtp_reply 1254722769.253544 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.724498, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 334 [2] code: count = 334
[3] cmd: string = AUTH_ANSWER [3] cmd: string = AUTH_ANSWER
@ -105,13 +105,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.254118 smtp_request 1254722769.254118 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.725072, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = ** [2] command: string = **
[3] arg: string = cHVuamFiQDEyMw== [3] arg: string = cHVuamFiQDEyMw==
1254722769.613798 smtp_reply 1254722769.613798 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.084752, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 235 [2] code: count = 235
[3] cmd: string = AUTH_ANSWER [3] cmd: string = AUTH_ANSWER
@ -119,13 +119,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.614414 smtp_request 1254722769.614414 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.085368, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = MAIL [2] command: string = MAIL
[3] arg: string = FROM: <gurpartap@patriots.in> [3] arg: string = FROM: <gurpartap@patriots.in>
1254722769.956765 smtp_reply 1254722769.956765 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.427719, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = MAIL [3] cmd: string = MAIL
@ -133,13 +133,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.957250 smtp_request 1254722769.957250 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.428204, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO: <raj_deol2002in@yahoo.co.in> [3] arg: string = TO: <raj_deol2002in@yahoo.co.in>
1254722770.319708 smtp_reply 1254722770.319708 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.790662, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
@ -147,13 +147,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722770.320203 smtp_request 1254722770.320203 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.791157, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = DATA [2] command: string = DATA
[3] arg: string = [3] arg: string =
1254722770.661679 smtp_reply 1254722770.661679 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=3.132633, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 354 [2] code: count = 354
[3] cmd: string = DATA [3] cmd: string = DATA
@ -161,13 +161,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722771.858334 smtp_request 1254722771.858334 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=4.329288, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = . [2] command: string = .
[3] arg: string = . [3] arg: string = .
1254722772.248789 smtp_reply 1254722772.248789 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=4.719743, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = . [3] cmd: string = .
@ -175,13 +175,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722774.763825 smtp_request 1254722774.763825 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=7.234779, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = QUIT [2] command: string = QUIT
[3] arg: string = [3] arg: string =
1254722775.105467 smtp_reply 1254722775.105467 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=7.576421, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 221 [2] code: count = 221
[3] cmd: string = QUIT [3] cmd: string = QUIT
@ -189,7 +189,7 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.867142 smtp_reply 1437831787.867142 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.010247, service={\x0a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
@ -197,13 +197,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.883306 smtp_request 1437831787.883306 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.026411, service={\x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = EHLO [2] command: string = EHLO
[3] arg: string = [192.168.133.100] [3] arg: string = [192.168.133.100]
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.029386, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -211,7 +211,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.029386, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -219,7 +219,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.029386, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -227,7 +227,7 @@
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.029386, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
@ -235,13 +235,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.887031 smtp_request 1437831787.887031 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.030136, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = MAIL [2] command: string = MAIL
[3] arg: string = FROM:<albert@example.com> [3] arg: string = FROM:<albert@example.com>
1437831787.889785 smtp_reply 1437831787.889785 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.03289, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = MAIL [3] cmd: string = MAIL
@ -249,13 +249,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.890232 smtp_request 1437831787.890232 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.033337, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<ericlim220@yahoo.com> [3] arg: string = TO:<ericlim220@yahoo.com>
1437831787.892986 smtp_reply 1437831787.892986 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.036091, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
@ -263,13 +263,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.893587 smtp_request 1437831787.893587 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.036692, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<felica4uu@hotmail.com> [3] arg: string = TO:<felica4uu@hotmail.com>
1437831787.897624 smtp_reply 1437831787.897624 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.040729, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
@ -277,13 +277,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.898413 smtp_request 1437831787.898413 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.041518, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<davis_mark1@outlook.com> [3] arg: string = TO:<davis_mark1@outlook.com>
1437831787.901069 smtp_reply 1437831787.901069 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.044174, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
@ -291,13 +291,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.901697 smtp_request 1437831787.901697 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.044802, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = DATA [2] command: string = DATA
[3] arg: string = [3] arg: string =
1437831787.904758 smtp_reply 1437831787.904758 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.047863, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 354 [2] code: count = 354
[3] cmd: string = DATA [3] cmd: string = DATA
@ -305,13 +305,13 @@
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.905375 smtp_request 1437831787.905375 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.04848, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = . [2] command: string = .
[3] arg: string = . [3] arg: string = .
1437831787.914113 smtp_reply 1437831787.914113 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.057218, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = . [3] cmd: string = .

12
testing/btest/scripts/base/protocols/ntp/ntp-digest.test
View file

@ -4,8 +4,20 @@
@load base/protocols/ntp @load base/protocols/ntp
global msg_count = 0;
event ntp_message(c: connection, is_orig: bool, msg: NTP::Message) event ntp_message(c: connection, is_orig: bool, msg: NTP::Message)
{ {
++msg_count;
if ( msg_count == 9 || msg_count == 10 )
{
# Hack around some unstable floating point output on 32-bit
local d = interval_to_double(msg$std_msg$root_disp);
local s = cat(d)[0:-1];
msg$std_msg$root_disp = double_to_interval(to_double(s));
}
print fmt("ntp_message %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, msg); print fmt("ntp_message %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, msg);
} }

16
testing/btest/scripts/base/protocols/ntp/ntp3.test
View file

@ -4,8 +4,24 @@
@load base/protocols/ntp @load base/protocols/ntp
global msg_count = 0;
event ntp_message(c: connection, is_orig: bool, msg: NTP::Message) event ntp_message(c: connection, is_orig: bool, msg: NTP::Message)
{ {
++msg_count;
if ( msg_count == 20 || msg_count == 23 )
{
# Hack around some unstable floating point output on 32-bit
local d = interval_to_double(msg$std_msg$root_disp);
local s = cat(d)[0:-1];
msg$std_msg$root_disp = double_to_interval(to_double(s));
d = interval_to_double(msg$std_msg$root_delay);
s = cat(d)[0:-1];
msg$std_msg$root_delay = double_to_interval(to_double(s));
}
print fmt("ntp_message %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, msg); print fmt("ntp_message %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, msg);
} }