mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Make tunnel_parents in conn.log optional.
This makes conn.logs a bit prettier (and smaller) because all lines that do not use a tunnel will now have a "-" instead of the "(empty)" for tunnel_parents.
This commit is contained in:
Johanna Amann
parent
bdb7f62335
commit
6f9524e082
60 changed files with 1881 additions and 1877 deletions
|
|
@ -116,7 +116,7 @@ export {
|
|||
## If this connection was over a tunnel, indicate the
|
||||
## *uid* values for any encapsulating parent connections
|
||||
## used over the lifetime of this inner connection.
|
||||
tunnel_parents: set[string] &log;
|
||||
tunnel_parents: set[string] &log &optional;
|
||||
};
|
||||
|
||||
## Event that can be handled to access the :bro:type:`Conn::Info`
|
||||
|
|
@ -207,7 +207,11 @@ function set_conn(c: connection, eoc: bool)
|
|||
c$conn$uid=c$uid;
|
||||
c$conn$id=c$id;
|
||||
if ( c?$tunnel && |c$tunnel| > 0 )
|
||||
{
|
||||
if ( ! c$conn?$tunnel_parents )
|
||||
c$conn$tunnel_parents = set();
|
||||
add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
|
||||
}
|
||||
c$conn$proto=get_port_transport_proto(c$id$resp_p);
|
||||
if( |Site::local_nets| > 0 )
|
||||
{
|
||||
|
|
@ -253,7 +257,11 @@ event tunnel_changed(c: connection, e: EncapsulatingConnVector) &priority=5
|
|||
{
|
||||
set_conn(c, F);
|
||||
if ( |e| > 0 )
|
||||
{
|
||||
if ( ! c$conn?$tunnel_parents )
|
||||
c$conn$tunnel_parents = set();
|
||||
add c$conn$tunnel_parents[e[|e|-1]$uid];
|
||||
}
|
||||
c$tunnel = e;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2017-01-30-23-13-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
|
||||
1128727435.633408 CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 (empty) 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
|
||||
1128727435.633408 CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 - 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
|
||||
#close 2017-01-30-23-13-15
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#open 2016-07-13-16-12-55
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1371685686.536606 CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 (empty)
|
||||
1371686961.479321 C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 (empty)
|
||||
1371686961.156859 ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 (empty)
|
||||
1371685686.536606 CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 -
|
||||
1371686961.479321 C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 -
|
||||
1371686961.156859 ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 -
|
||||
#close 2016-07-13-16-12-55
|
||||
|
|
|
|||
|
|
@ -6,20 +6,20 @@
|
|||
#open 2016-07-13-16-12-55
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475168.853899 C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.858306 CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.858713 C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.891644 C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.892037 CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.892414 C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.893988 CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.894422 C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.894787 Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.901749 C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475168.652003 ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 (empty)
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475168.853899 C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.854378 CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.854837 CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.857956 CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.858306 CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.858713 C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.891644 C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.892037 CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.892414 C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.893988 CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.894422 C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.894787 Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.901749 C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475168.652003 ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 -
|
||||
#close 2016-07-13-16-12-55
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-12-56
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475168.892936 CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.892936 CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
#close 2016-07-13-16-12-56
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@
|
|||
#open 2016-07-13-16-12-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1284385417.962560 CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 (empty)
|
||||
1284385418.014560 CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 (empty)
|
||||
1284385411.035560 CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 (empty)
|
||||
1284385451.658560 CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 (empty)
|
||||
1284385412.963560 C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 (empty)
|
||||
1284385413.027560 CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
||||
1284385411.091560 ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
||||
1284385417.962560 CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 -
|
||||
1284385418.014560 CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 -
|
||||
1284385411.035560 CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 -
|
||||
1284385451.658560 CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 -
|
||||
1284385412.963560 C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 -
|
||||
1284385413.027560 CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 -
|
||||
1284385411.091560 ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 -
|
||||
#close 2016-07-13-16-12-57
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-12-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1278600802.069419 CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
||||
1278600802.069419 CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 -
|
||||
#close 2016-07-13-16-12-59
|
||||
|
|
|
|||
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-13-00
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1363900699.548138 CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty)
|
||||
1363900699.549647 ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty)
|
||||
1363900699.548138 CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 -
|
||||
1363900699.549647 ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 -
|
||||
#close 2016-07-13-16-13-00
|
||||
|
|
|
|||
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-13-00
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF - - 0 Dd 1 63 1 156 (empty)
|
||||
1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 (empty)
|
||||
1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF - - 0 Dd 1 63 1 156 -
|
||||
1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 -
|
||||
#close 2016-07-13-16-13-00
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#open 2016-07-13-16-13-01
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1395939406.175845 ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 (empty)
|
||||
1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 (empty)
|
||||
1395939399.984671 CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 (empty)
|
||||
1395939406.175845 ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 -
|
||||
1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 -
|
||||
1395939399.984671 CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 -
|
||||
#close 2016-07-13-16-13-01
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-13-02
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1331764471.664131 CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 (empty)
|
||||
1331764471.664131 CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 -
|
||||
#close 2016-07-13-16-13-02
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-17-58-31
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1128727435.633408 CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 (empty)
|
||||
1128727435.633408 CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 -
|
||||
#close 2016-07-13-17-58-31
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2016-07-13-16-13-02
|
||||
#open 2018-01-12-21-43-34
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADadtR 17 1250 22 28961 (empty)
|
||||
#close 2016-07-13-16-13-03
|
||||
1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADadtR 17 1250 22 28961 -
|
||||
#close 2018-01-12-21-43-34
|
||||
|
|
|
|||
|
|
@ -3,41 +3,41 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2016-07-13-16-13-03
|
||||
#open 2018-01-12-21-43-35
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.858306 CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.858713 C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.891644 C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.892037 CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.892414 C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.893988 CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.894422 C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.894787 CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.901749 CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475169.899438 Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475171.675372 CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475171.677081 CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.117362 CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475169.780331 CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 (empty)
|
||||
1300475168.892913 CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475168.724007 CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475168.855305 C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.652003 CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.902635 CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.859163 Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.892936 CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.895267 CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
#close 2016-07-13-16-13-03
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.858306 CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.858713 C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.891644 C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.892037 CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.892414 C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.893988 CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.894422 C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.894787 CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.901749 CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475169.899438 Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475170.862384 CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475171.675372 CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475171.677081 CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.116749 C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.117362 CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.153679 CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475169.780331 CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 -
|
||||
1300475168.892913 CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475168.724007 CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475168.855330 CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475168.855305 C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475168.652003 CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475168.902635 CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475168.859163 Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475168.892936 CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475168.895267 CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
#close 2018-01-12-21-43-35
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1257655301.595604 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
|
||||
1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 (empty)
|
||||
1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 (empty)
|
||||
1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 -
|
||||
1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 -
|
||||
1257655296.585333 CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
1257655296.585151 CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
1257655296.585034 CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458850.321642 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
|
||||
1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty)
|
||||
1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty)
|
||||
1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 -
|
||||
1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 -
|
||||
#close 2016-07-13-16-13-06
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-13-07
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458871.219794 CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 (empty)
|
||||
1333458871.219794 CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 -
|
||||
#close 2016-07-13-16-13-07
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458851.770000 ClEkJM2Vm5giqnMf4h fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CHhAvVGS1DHFjwGM9
|
||||
1333458851.770000 CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 (empty)
|
||||
1333458851.770000 CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 -
|
||||
1333458851.969236 C4J4Th3PJpwUYZZ6gc fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CHhAvVGS1DHFjwGM9
|
||||
#close 2016-07-13-16-13-08
|
||||
|
|
|
|||
|
|
@ -10,17 +10,17 @@
|
|||
1333458850.035456 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
|
||||
1333458850.029783 C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
|
||||
1333458850.040098 C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3
|
||||
1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 (empty)
|
||||
1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 -
|
||||
1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
|
||||
1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
||||
1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 (empty)
|
||||
1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 -
|
||||
1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 -
|
||||
1333458850.029781 CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
|
||||
1333458850.032887 C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc
|
||||
1333458850.037956 C9mvWx3ezztgzcexV7 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 Ck51lg1bScffFj34Ri
|
||||
1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 (empty)
|
||||
1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 (empty)
|
||||
1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 -
|
||||
1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 -
|
||||
1333458850.016620 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
||||
1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 -
|
||||
1333458850.016620 CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2
|
||||
1333458850.035456 CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
|
||||
#close 2016-07-13-16-13-08
|
||||
|
|
|
|||
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-13-09
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458850.867091 ClEkJM2Vm5giqnMf4h 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 (empty)
|
||||
1333458850.532814 CHhAvVGS1DHFjwGM9 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 (empty)
|
||||
1333458850.867091 ClEkJM2Vm5giqnMf4h 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 -
|
||||
1333458850.532814 CHhAvVGS1DHFjwGM9 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 -
|
||||
#close 2016-07-13-16-13-09
|
||||
|
|
|
|||
|
|
@ -7,5 +7,5 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458852.011535 ClEkJM2Vm5giqnMf4h 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CHhAvVGS1DHFjwGM9
|
||||
1333458852.011535 CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 (empty)
|
||||
1333458852.011535 CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 -
|
||||
#close 2016-07-13-16-13-10
|
||||
|
|
|
|||
|
|
@ -7,5 +7,5 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1333458850.364667 ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CHhAvVGS1DHFjwGM9
|
||||
1333458850.364667 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty)
|
||||
1333458850.364667 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 -
|
||||
#close 2016-07-13-16-13-10
|
||||
|
|
|
|||
|
|
@ -6,24 +6,24 @@
|
|||
#open 2016-07-13-16-13-14
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1210953047.736921 ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
||||
1210953050.867067 C4J4Th3PJpwUYZZ6gc 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
||||
1210953057.833364 C37jN32gN3y3AZzyf6 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 (empty)
|
||||
1210953058.007081 CwjjYJ2WqgTbAqiHl6 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 (empty)
|
||||
1210953057.834454 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 (empty)
|
||||
1210953058.350065 C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 (empty)
|
||||
1210953058.577231 CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 (empty)
|
||||
1210953074.264819 CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 (empty)
|
||||
1210953074.570439 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 (empty)
|
||||
1210953074.057124 CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||
1210953047.736921 ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 -
|
||||
1210953050.867067 C4J4Th3PJpwUYZZ6gc 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 ^fA 1 40 1 40 -
|
||||
1210953057.833364 C37jN32gN3y3AZzyf6 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 -
|
||||
1210953058.007081 CwjjYJ2WqgTbAqiHl6 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 -
|
||||
1210953057.834454 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 -
|
||||
1210953058.350065 C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 -
|
||||
1210953058.577231 CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 -
|
||||
1210953074.264819 CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 -
|
||||
1210953074.570439 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 -
|
||||
1210953074.057124 CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
1210953061.312379 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
|
||||
1210953076.058333 C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||
1210953074.055744 C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||
1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
||||
1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 (empty)
|
||||
1210953058.933954 C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 (empty)
|
||||
1210953060.829233 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 (empty)
|
||||
1210953046.591933 CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 (empty)
|
||||
1210953076.058333 C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
1210953074.055744 C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
|
||||
1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 -
|
||||
1210953058.933954 C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 -
|
||||
1210953060.829233 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 -
|
||||
1210953046.591933 CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 -
|
||||
1210953052.324629 CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN
|
||||
1210953060.829303 C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
|
||||
1210953052.202579 CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1340127577.354166 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
|
||||
1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
||||
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 (empty)
|
||||
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 (empty)
|
||||
1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
|
||||
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 -
|
||||
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 -
|
||||
1340127577.339015 CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
1340127577.343969 CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
|
||||
1340127577.336558 ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#open 2016-07-13-16-13-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
952109346.874907 CHhAvVGS1DHFjwGM9 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 (empty)
|
||||
1128727435.450898 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 (empty)
|
||||
1278600802.069419 C4J4Th3PJpwUYZZ6gc 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
||||
952109346.874907 CHhAvVGS1DHFjwGM9 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 -
|
||||
1128727435.450898 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 -
|
||||
1278600802.069419 C4J4Th3PJpwUYZZ6gc 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 -
|
||||
#close 2016-07-13-16-13-15
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2013-05-05-20-51-24
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 (empty)
|
||||
1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - 0 D 7 546 0 0 (empty)
|
||||
1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - 0 D 2 162 0 0 (empty)
|
||||
1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - 0 D 2 162 0 0 (empty)
|
||||
1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - 0 D 1 78 0 0 (empty)
|
||||
1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - 0 h 0 0 1 48 (empty)
|
||||
1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 -
|
||||
1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 -
|
||||
1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 -
|
||||
1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 -
|
||||
1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 -
|
||||
1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 -
|
||||
1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 -
|
||||
1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 -
|
||||
1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 -
|
||||
1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 -
|
||||
1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 -
|
||||
1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 -
|
||||
1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 -
|
||||
1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 -
|
||||
1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 -
|
||||
1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 -
|
||||
1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 85 0 0 -
|
||||
1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - 0 D 7 546 0 0 -
|
||||
1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - 0 D 2 162 0 0 -
|
||||
1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - 0 D 2 122 0 0 -
|
||||
1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - 0 D 2 162 0 0 -
|
||||
1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - 0 D 2 122 0 0 -
|
||||
1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - 0 D 1 78 0 0 -
|
||||
1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - 0 ShADad 6 1450 4 950 -
|
||||
1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - 0 DdA 2 567 1 402 -
|
||||
1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - 0 ShADad 6 1498 4 950 -
|
||||
1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - 0 ShADad 4 750 3 576 -
|
||||
1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 -
|
||||
1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - 0 ShADad 6 1491 4 949 -
|
||||
1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - 0 ShADad 6 1457 4 949 -
|
||||
1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - 0 h 0 0 1 48 -
|
||||
1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - 0 ShADad 4 741 3 396 -
|
||||
1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - 0 ShADad 6 1445 4 950 -
|
||||
#close 2013-05-05-20-51-24
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@
|
|||
#open 2013-05-07-14-38-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1320329757.771503 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 tcp http 15.161537 2899 1127 S2 - 0 ShADadF 20 3719 19 1891 (empty)
|
||||
1320329757.771262 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 tcp http 15.161772 889 377 S2 - 0 ShADadF 8 1229 8 701 (empty)
|
||||
1320329757.761327 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 tcp http 15.168898 459 189 S2 - 0 ShADadF 5 679 4 353 (empty)
|
||||
1320329757.458867 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 tcp http 15.471378 1824 751 S2 - 0 ShADadF 12 2324 13 1275 (empty)
|
||||
1320329757.761638 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 tcp http 15.168613 898 376 S2 - 0 ShADadF 8 1238 8 700 (empty)
|
||||
1320329757.771755 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 tcp http 15.161267 900 376 S2 - 0 ShADadF 8 1240 8 700 (empty)
|
||||
1320329757.771503 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 tcp http 15.161537 2899 1127 S2 - 0 ShADadF 20 3719 19 1891 -
|
||||
1320329757.771262 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 tcp http 15.161772 889 377 S2 - 0 ShADadF 8 1229 8 701 -
|
||||
1320329757.761327 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 tcp http 15.168898 459 189 S2 - 0 ShADadF 5 679 4 353 -
|
||||
1320329757.458867 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 tcp http 15.471378 1824 751 S2 - 0 ShADadF 12 2324 13 1275 -
|
||||
1320329757.761638 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 tcp http 15.168613 898 376 S2 - 0 ShADadF 8 1238 8 700 -
|
||||
1320329757.771755 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 tcp http 15.161267 900 376 S2 - 0 ShADadF 8 1240 8 700 -
|
||||
#close 2013-05-07-14-38-27
|
||||
|
|
|
|||
|
|
@ -7,7 +7,5 @@
|
|||
# bro -b -r http/get.trace connection_record_01.bro
|
||||
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
||||
|
||||
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
|
||||
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
|
||||
|
||||
|
|
|
|||
|
|
@ -7,9 +7,7 @@
|
|||
# bro -b -r http/get.trace connection_record_02.bro
|
||||
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
||||
|
||||
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
|
||||
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
|
||||
|
||||
}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={
|
||||
|
||||
|
|
|
|||
|
|
@ -16,15 +16,15 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2016-07-13-16-13-24
|
||||
#open 2018-01-12-21-43-52
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
[...]
|
||||
|
||||
|
|
|
|||
|
|
@ -256,7 +256,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
|
||||
|
|
@ -386,7 +386,7 @@
|
|||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
||||
|
|
@ -991,7 +991,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
|
||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
|
||||
|
|
@ -1121,7 +1121,7 @@
|
|||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
||||
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
||||
|
|
@ -1725,7 +1725,7 @@
|
|||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
|
||||
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
|
||||
|
|
@ -1855,7 +1855,7 @@
|
|||
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T])
|
||||
0.000000 | HookCallFunction NetControl::check_plugins()
|
||||
0.000000 | HookCallFunction NetControl::init()
|
||||
0.000000 | HookCallFunction Notice::want_pp()
|
||||
|
|
@ -2198,7 +2198,7 @@
|
|||
0.000000 | HookLoadFile base<...>/x509
|
||||
0.000000 | HookLoadFile base<...>/xmpp
|
||||
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
||||
0.000000 | HookLogWrite packet_filter [ts=1510863910.246703, node=bro, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookLogWrite packet_filter [ts=1515793448.944163, node=bro, filter=ip or not ip, init=T, success=T]
|
||||
0.000000 | HookQueueEvent NetControl::init()
|
||||
0.000000 | HookQueueEvent bro_init()
|
||||
0.000000 | HookQueueEvent filter_change_tracking()
|
||||
|
|
@ -2654,8 +2654,8 @@
|
|||
1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(bro_done, <null>, ()) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
|
||||
1362692527.080972 MetaHookPost CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
|
||||
|
|
@ -2687,8 +2687,8 @@
|
|||
1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
|
||||
1362692527.080972 MetaHookPre CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
|
||||
1362692527.080972 MetaHookPre CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
|
||||
1362692527.080972 MetaHookPre CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
|
||||
1362692527.080972 MetaHookPre CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
|
||||
1362692527.080972 MetaHookPre CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
|
||||
1362692527.080972 MetaHookPre CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
|
||||
1362692527.080972 MetaHookPre CallFunction(bro_done, <null>, ())
|
||||
1362692527.080972 MetaHookPre CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
|
||||
1362692527.080972 MetaHookPre CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
|
||||
|
|
@ -2721,8 +2721,8 @@
|
|||
1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
|
||||
1362692527.080972 | HookCallFunction KRB::do_log([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
|
||||
1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
|
||||
1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
|
||||
1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
|
||||
1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
|
||||
1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
|
||||
1362692527.080972 | HookCallFunction bro_done()
|
||||
1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
|
||||
1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
|
||||
|
|
@ -2740,7 +2740,7 @@
|
|||
1362692527.080972 | HookCallFunction to_lower(HTTP)
|
||||
1362692527.080972 | HookDrainEvents
|
||||
1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}
|
||||
1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]
|
||||
1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]
|
||||
1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
|
||||
1362692527.080972 | HookQueueEvent bro_done()
|
||||
1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-14-11
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1409193037.000000 CHhAvVGS1DHFjwGM9 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - - 0 S 1 64 0 0 (empty)
|
||||
1409193037.000000 CHhAvVGS1DHFjwGM9 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - - 0 S 1 64 0 0 -
|
||||
#close 2016-07-13-16-14-11
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
|
|||
[Writer] Foo (Log::WRITER_FOO)
|
||||
|
||||
===
|
||||
[conn] 1340213005.165293|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|
|
||||
[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|
|
||||
[conn] 1340213048.780152|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
|
||||
[conn] 1340213097.272764|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
|
||||
[conn] 1340213162.160367|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
|
||||
[conn] 1340213226.561757|CmES5u32sYpV7JYN|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
|
||||
[conn] 1340213290.981995|CP5puj4I8PtEU4qzYg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
|
||||
[conn] 1340213005.165293|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
|
||||
[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
|
||||
[conn] 1340213048.780152|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
|
||||
[conn] 1340213097.272764|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
|
||||
[conn] 1340213162.160367|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
|
||||
[conn] 1340213226.561757|CmES5u32sYpV7JYN|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
|
||||
[conn] 1340213290.981995|CP5puj4I8PtEU4qzYg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
|
||||
[files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|ClEkJM2Vm5giqnMf4h|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|-|-|-
|
||||
[http] 1340213019.013158|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||
[http] 1340213019.013426|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||
|
|
@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
|
|||
[http] 1340213020.732963|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||
[http] 1340213021.300269|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||
[http] 1340213021.861584|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
|
||||
[packet_filter] 1485327742.161604|bro|ip or not ip|T|T
|
||||
[packet_filter] 1515793460.485950|bro|ip or not ip|T|T
|
||||
[socks] 1340213015.276495|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
|
||||
[tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-20-36-59
|
||||
#fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-20-36-59
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-08-10-20-26-22
|
||||
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
- - - 1362692526.869344 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp - 0.211484 136 5007 SF - - 0 ShADadFf 7 512 7 5379 (empty)
|
||||
- - - 1362692526.869344 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 tcp - 0.211484 136 5007 SF - - 0 ShADadFf 7 512 7 5379 -
|
||||
#close 2016-08-10-20-26-22
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-20-27-56
|
||||
#fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475173.475401 bro - 1300475173.475401 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 bro - 1300475173.475401 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475173.475401 bro - 1300475173.475401 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475173.475401 bro - 1300475173.475401 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475173.475401 bro - 1300475173.475401 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475173.475401 bro - 1300475173.475401 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475173.475401 bro - 1300475173.475401 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475173.475401 bro - 1300475173.475401 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475173.475401 bro - 1300475173.475401 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475173.475401 bro - 1300475173.475401 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475173.475401 bro - 1300475173.475401 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 bro - 1300475173.475401 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475173.475401 bro - 1300475173.475401 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475173.475401 bro - 1300475173.475401 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 bro - 1300475173.475401 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 bro - 1300475173.475401 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 bro - 1300475173.475401 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 bro - 1300475173.475401 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 bro - 1300475173.475401 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 bro - 1300475173.475401 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 bro - 1300475173.475401 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 bro - 1300475173.475401 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 bro - 1300475173.475401 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 bro - 1300475173.475401 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 bro - 1300475173.475401 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-20-27-56
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-17-45-11
|
||||
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475173.475401 conn bro 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475173.475401 conn bro 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475173.475401 conn bro 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475173.475401 conn bro 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475173.475401 conn bro 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475173.475401 conn bro 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475173.475401 conn bro 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475173.475401 conn bro 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475173.475401 conn bro 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475173.475401 conn bro 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn bro 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475173.475401 conn bro 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475173.475401 conn bro 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn bro 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn bro 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn bro 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn bro 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475173.475401 conn bro 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn bro 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn bro 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475173.475401 conn bro 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475173.475401 conn bro 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn bro 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn bro 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475173.475401 conn bro 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475173.475401 conn bro 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475173.475401 conn bro 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475173.475401 conn bro 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475173.475401 conn bro 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475173.475401 conn bro 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475173.475401 conn bro 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475173.475401 conn bro 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475173.475401 conn bro 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475173.475401 conn bro 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn bro 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475173.475401 conn bro 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475173.475401 conn bro 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn bro 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn bro 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn bro 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn bro 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475173.475401 conn bro 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475173.475401 conn bro 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn bro 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.475401 conn bro 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 conn bro 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn bro 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 conn bro 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475173.475401 conn bro 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.475401 conn bro 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475173.475401 conn bro 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn bro 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475173.475401 conn bro 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-17-45-11
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-16-51-09
|
||||
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-16-51-09
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-16-53-04
|
||||
#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-16-53-04
|
||||
|
|
|
|||
|
|
@ -6,38 +6,38 @@
|
|||
#open 2016-08-10-16-53-37
|
||||
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty)
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
#close 2016-08-10-16-53-37
|
||||
|
|
|
|||
|
|
@ -1,34 +1,34 @@
|
|||
1300475167.09653|CHhAvVGS1DHFjwGM9|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|73|0|0|(empty)
|
||||
1300475167.09701|ClEkJM2Vm5giqnMf4h|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|||0|D|1|199|0|0|(empty)
|
||||
1300475167.09982|C4J4Th3PJpwUYZZ6gc|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|179|0|0|(empty)
|
||||
1300475168.652|CtPZjS20MLrsMUOJi2|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|||0|DdA|2|567|1|402|(empty)
|
||||
1300475168.72401|CUM0KZ3MLUfNB0cl11|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|||0|ShADad|4|741|3|396|(empty)
|
||||
1300475168.8539|CmES5u32sYpV7JYN|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|||0|Dd|1|66|1|117|(empty)
|
||||
1300475168.85438|CP5puj4I8PtEU4qzYg|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|||0|Dd|1|80|1|127|(empty)
|
||||
1300475168.85484|C37jN32gN3y3AZzyf6|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|||0|Dd|1|66|1|211|(empty)
|
||||
1300475168.8553|C3eiCBGOLw3VtHfOj|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|||0|ShADad|6|1491|4|949|(empty)
|
||||
1300475168.85533|CwjjYJ2WqgTbAqiHl6|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|||0|ShADad|6|1445|4|950|(empty)
|
||||
1300475168.85796|C0LAHyvtKSQHyJxIl|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|||0|Dd|1|66|1|117|(empty)
|
||||
1300475168.85831|CFLRIC3zaTU1loLGxh|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|||0|Dd|1|80|1|127|(empty)
|
||||
1300475168.85871|C9rXSW3KSpTYvPrlI1|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|||0|Dd|1|66|1|211|(empty)
|
||||
1300475168.85916|Ck51lg1bScffFj34Ri|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|||0|ShADad|6|1450|4|950|(empty)
|
||||
1300475168.89164|C9mvWx3ezztgzcexV7|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|||0|Dd|1|66|1|117|(empty)
|
||||
1300475168.89204|CNnMIj2QSd84NKf7U3|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|||0|Dd|1|80|1|127|(empty)
|
||||
1300475168.89241|C7fIlMZDuRiqjpYbb|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|||0|Dd|1|66|1|211|(empty)
|
||||
1300475168.89291|CykQaM33ztNt0csB9a|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|||0|ShADad|6|1457|4|949|(empty)
|
||||
1300475168.89294|CtxTCR2Yer0FR1tIBg|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|||0|ShADad|6|1468|4|950|(empty)
|
||||
1300475168.89399|CpmdRlaUoJLN3uIRa|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|||0|Dd|1|66|1|117|(empty)
|
||||
1300475168.89442|C1Xkzz2MaGtLrc1Tla|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|||0|Dd|1|80|1|127|(empty)
|
||||
1300475168.89479|CqlVyW1YwZ15RhTBc4|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|||0|Dd|1|66|1|211|(empty)
|
||||
1300475168.89527|CLNN1k2QMum1aexUK7|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|||0|ShADad|6|1498|4|950|(empty)
|
||||
1300475168.90175|CBA8792iHmnhPLksKa|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|||0|Dd|1|64|1|159|(empty)
|
||||
1300475168.90219|CGLPPc35OzDQij1XX8|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|||0|Dd|1|64|1|226|(empty)
|
||||
1300475168.90264|CiyBAq1bBLNaTiTAc|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|||0|ShADad|4|750|3|576|(empty)
|
||||
1300475169.78033|CFSwNi4CNGxcuffo49|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|||0|^h|0|0|1|48|(empty)
|
||||
1300475169.89944|Cipfzj1BEnhejw8cGf|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|85|0|0|(empty)
|
||||
1300475170.86238|CV5WJ42jPYbNW9JNWf|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|||0|D|7|546|0|0|(empty)
|
||||
1300475171.67537|CPhDKt12KQPUVbQz06|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|||0|D|2|162|0|0|(empty)
|
||||
1300475171.67708|CAnFrb2Cvxr5T7quOc|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|||0|D|2|122|0|0|(empty)
|
||||
1300475173.11675|C8rquZ3DjgNW06JGLl|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|||0|D|2|162|0|0|(empty)
|
||||
1300475173.11736|CzrZOtXqhwwndQva3|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|||0|D|2|122|0|0|(empty)
|
||||
1300475173.15368|CaGCc13FffXe6RkQl9|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|||0|D|1|78|0|0|(empty)
|
||||
1300475167.09653|CHhAvVGS1DHFjwGM9|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|73|0|0|
|
||||
1300475167.09701|ClEkJM2Vm5giqnMf4h|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|||0|D|1|199|0|0|
|
||||
1300475167.09982|C4J4Th3PJpwUYZZ6gc|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|179|0|0|
|
||||
1300475168.652|CtPZjS20MLrsMUOJi2|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|||0|DdA|2|567|1|402|
|
||||
1300475168.72401|CUM0KZ3MLUfNB0cl11|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|||0|ShADad|4|741|3|396|
|
||||
1300475168.8539|CmES5u32sYpV7JYN|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|||0|Dd|1|66|1|117|
|
||||
1300475168.85438|CP5puj4I8PtEU4qzYg|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|||0|Dd|1|80|1|127|
|
||||
1300475168.85484|C37jN32gN3y3AZzyf6|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|||0|Dd|1|66|1|211|
|
||||
1300475168.8553|C3eiCBGOLw3VtHfOj|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|||0|ShADad|6|1491|4|949|
|
||||
1300475168.85533|CwjjYJ2WqgTbAqiHl6|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|||0|ShADad|6|1445|4|950|
|
||||
1300475168.85796|C0LAHyvtKSQHyJxIl|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|||0|Dd|1|66|1|117|
|
||||
1300475168.85831|CFLRIC3zaTU1loLGxh|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|||0|Dd|1|80|1|127|
|
||||
1300475168.85871|C9rXSW3KSpTYvPrlI1|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|||0|Dd|1|66|1|211|
|
||||
1300475168.85916|Ck51lg1bScffFj34Ri|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|||0|ShADad|6|1450|4|950|
|
||||
1300475168.89164|C9mvWx3ezztgzcexV7|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|||0|Dd|1|66|1|117|
|
||||
1300475168.89204|CNnMIj2QSd84NKf7U3|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|||0|Dd|1|80|1|127|
|
||||
1300475168.89241|C7fIlMZDuRiqjpYbb|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|||0|Dd|1|66|1|211|
|
||||
1300475168.89291|CykQaM33ztNt0csB9a|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|||0|ShADad|6|1457|4|949|
|
||||
1300475168.89294|CtxTCR2Yer0FR1tIBg|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|||0|ShADad|6|1468|4|950|
|
||||
1300475168.89399|CpmdRlaUoJLN3uIRa|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|||0|Dd|1|66|1|117|
|
||||
1300475168.89442|C1Xkzz2MaGtLrc1Tla|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|||0|Dd|1|80|1|127|
|
||||
1300475168.89479|CqlVyW1YwZ15RhTBc4|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|||0|Dd|1|66|1|211|
|
||||
1300475168.89527|CLNN1k2QMum1aexUK7|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|||0|ShADad|6|1498|4|950|
|
||||
1300475168.90175|CBA8792iHmnhPLksKa|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|||0|Dd|1|64|1|159|
|
||||
1300475168.90219|CGLPPc35OzDQij1XX8|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|||0|Dd|1|64|1|226|
|
||||
1300475168.90264|CiyBAq1bBLNaTiTAc|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|||0|ShADad|4|750|3|576|
|
||||
1300475169.78033|CFSwNi4CNGxcuffo49|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|||0|^h|0|0|1|48|
|
||||
1300475169.89944|Cipfzj1BEnhejw8cGf|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|85|0|0|
|
||||
1300475170.86238|CV5WJ42jPYbNW9JNWf|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|||0|D|7|546|0|0|
|
||||
1300475171.67537|CPhDKt12KQPUVbQz06|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|||0|D|2|162|0|0|
|
||||
1300475171.67708|CAnFrb2Cvxr5T7quOc|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|||0|D|2|122|0|0|
|
||||
1300475173.11675|C8rquZ3DjgNW06JGLl|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|||0|D|2|162|0|0|
|
||||
1300475173.11736|CzrZOtXqhwwndQva3|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|||0|D|2|122|0|0|
|
||||
1300475173.15368|CaGCc13FffXe6RkQl9|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|||0|D|1|78|0|0|
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@
|
|||
#open 2016-07-13-16-15-38
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1254722767.492060 CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 (empty)
|
||||
1254722776.690444 C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 (empty)
|
||||
1254722767.529046 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 (empty)
|
||||
1437831776.764391 CtPZjS20MLrsMUOJi2 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 (empty)
|
||||
1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDA 3 192 1 60 (empty)
|
||||
1437831798.533765 CmES5u32sYpV7JYN 192.168.133.100 49336 74.125.71.189 443 tcp - - - - OTH - - 0 A 1 52 0 0 (empty)
|
||||
1254722767.492060 CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 -
|
||||
1254722776.690444 C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 -
|
||||
1254722767.529046 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 -
|
||||
1437831776.764391 CtPZjS20MLrsMUOJi2 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 -
|
||||
1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDA 3 192 1 60 -
|
||||
1437831798.533765 CmES5u32sYpV7JYN 192.168.133.100 49336 74.125.71.189 443 tcp - - - - OTH - - 0 A 1 52 0 0 -
|
||||
#close 2016-07-13-16-15-38
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1464385864.999633 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 - - 233 ShAdDa 4139 206914 4178 326799 (empty)
|
||||
1464385864.999633 CHhAvVGS1DHFjwGM9 10.3.22.91 58218 10.167.25.101 21 tcp ftp 600.931043 41420 159830 S1 - - 233 ShAdDa 4139 206914 4178 326799 -
|
||||
#close 2016-07-13-16-16-15
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
#open 2016-07-13-16-16-17
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1329843175.736107 ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
|
||||
1329843179.871641 C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
|
||||
1329843194.151526 CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
|
||||
1329843197.783443 CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
|
||||
1329843161.968492 CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
|
||||
1329843175.736107 ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 -
|
||||
1329843179.871641 C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 -
|
||||
1329843194.151526 CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 -
|
||||
1329843197.783443 CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 -
|
||||
1329843161.968492 CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 -
|
||||
#close 2016-07-13-16-16-17
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@
|
|||
#open 2016-07-13-16-16-18
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1329327783.316897 ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - - 0 ShAdfFa 5 372 4 642 (empty)
|
||||
1329327786.524332 C4J4Th3PJpwUYZZ6gc 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - - 0 ShAdfFa 5 372 4 343 (empty)
|
||||
1329327787.289095 CtPZjS20MLrsMUOJi2 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - - 0 ShAdfFa 5 372 4 377 (empty)
|
||||
1329327795.571921 CUM0KZ3MLUfNB0cl11 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - - 0 ShADFaf 5 449 4 300 (empty)
|
||||
1329327777.822004 CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - - 0 ShAdDfFa 57 4426 34 5908 (empty)
|
||||
1329327800.017649 CmES5u32sYpV7JYN 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - - 0 ShADFaf 5 714 4 300 (empty)
|
||||
1329327783.316897 ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - - 0 ShAdfFa 5 372 4 642 -
|
||||
1329327786.524332 C4J4Th3PJpwUYZZ6gc 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - - 0 ShAdfFa 5 372 4 343 -
|
||||
1329327787.289095 CtPZjS20MLrsMUOJi2 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - - 0 ShAdfFa 5 372 4 377 -
|
||||
1329327795.571921 CUM0KZ3MLUfNB0cl11 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - - 0 ShADFaf 5 449 4 300 -
|
||||
1329327777.822004 CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - - 0 ShAdDfFa 57 4426 34 5908 -
|
||||
1329327800.017649 CmES5u32sYpV7JYN 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - - 0 ShADFaf 5 714 4 300 -
|
||||
#close 2016-07-13-16-16-18
|
||||
|
|
|
|||
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-16-18
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1348168976.546371 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.010760 2109 3196 S1 - - 0 ShADad 7 2481 6 3516 (empty)
|
||||
1348168976.274919 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,gridftp,ssl 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 (empty)
|
||||
1348168976.546371 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.010760 2109 3196 S1 - - 0 ShADad 7 2481 6 3516 -
|
||||
1348168976.274919 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,gridftp,ssl 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 -
|
||||
#close 2016-07-13-16-16-18
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1443732977.727740 CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 (empty)
|
||||
1443732977.727740 CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 -
|
||||
#close 2016-07-13-16-16-21
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1078232251.833846 CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp smtp,http 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 (empty)
|
||||
1078232251.833846 CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp smtp,http 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 -
|
||||
#close 2016-07-13-16-16-21
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1437584567.812552 CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 tcp ssl,imap 2.827002 540 5653 SF - - 0 ShAdDafFr 18 1284 14 6225 (empty)
|
||||
1437584567.812552 CHhAvVGS1DHFjwGM9 192.168.17.53 49640 212.227.17.186 143 tcp ssl,imap 2.827002 540 5653 SF - - 0 ShAdDafFr 18 1284 14 6225 -
|
||||
#close 2016-07-13-16-16-27
|
||||
|
|
|
|||
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-16-28
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1311189318.898709 ClEkJM2Vm5giqnMf4h 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - - 0 ShAdDaFf 28 1592 43 44452 (empty)
|
||||
1311189164.064603 CHhAvVGS1DHFjwGM9 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - - 0 ShADdaf 63 3761 52 28194 (empty)
|
||||
1311189318.898709 ClEkJM2Vm5giqnMf4h 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - - 0 ShAdDaFf 28 1592 43 44452 -
|
||||
1311189164.064603 CHhAvVGS1DHFjwGM9 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - - 0 ShADdaf 63 3761 52 28194 -
|
||||
#close 2016-07-13-16-16-28
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-28
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1438145937.325196 CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 tcp ssl,irc 4.923144 913 1903 SF - - 0 ShADadFRf 11 1469 9 2379 (empty)
|
||||
1438145937.325196 CHhAvVGS1DHFjwGM9 203.143.168.47 55123 185.18.76.170 6667 tcp ssl,irc 4.923144 913 1903 SF - - 0 ShADadFRf 11 1469 9 2379 -
|
||||
#close 2016-07-13-16-16-28
|
||||
|
|
|
|||
|
|
@ -6,13 +6,13 @@
|
|||
#open 2016-07-13-16-16-30
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1093521678.945447 CHhAvVGS1DHFjwGM9 10.0.0.57 2387 10.0.0.3 502 tcp - 0.000493 0 0 SF - - 0 FafA 2 80 2 80 (empty)
|
||||
1093521953.490353 C4J4Th3PJpwUYZZ6gc 10.0.0.57 2579 10.0.0.8 502 tcp modbus 23.256631 24 0 SF - - 0 ShADaFf 6 272 5 208 (empty)
|
||||
1093521681.696827 ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 tcp modbus 385.694948 112 138 S3 - - 0 ShADdf 20 920 12 626 (empty)
|
||||
1093522326.102435 CtPZjS20MLrsMUOJi2 10.0.0.9 3082 10.0.0.3 502 tcp modbus 177.095534 72 69 SF - - 0 ShADdFaf 16 720 9 437 (empty)
|
||||
1093522946.554059 CUM0KZ3MLUfNB0cl11 10.0.0.57 2585 10.0.0.8 502 tcp - 76.561880 926 0 SF - - 0 ShADafF 8 1254 7 288 (empty)
|
||||
1093523065.562221 CmES5u32sYpV7JYN 10.0.0.8 502 10.0.0.57 4446 tcp - 155.114237 128 0 SF - - 0 ShADaFf 16 776 15 608 (empty)
|
||||
1153491879.610371 CP5puj4I8PtEU4qzYg 192.168.66.235 2582 166.161.16.230 502 tcp - 2.905078 0 0 S0 - - 0 S 2 96 0 0 (empty)
|
||||
1153491888.530306 C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp modbus 85.560847 1692 1278 S1 - - 0 ShADad 167 8380 181 8522 (empty)
|
||||
1342774499.588269 C3eiCBGOLw3VtHfOj 10.1.1.234 51411 10.10.5.85 502 tcp modbus 2100.811351 237936 4121200 S2 - - 0 ShADdaF 39659 2300216 20100 5166412 (empty)
|
||||
1093521678.945447 CHhAvVGS1DHFjwGM9 10.0.0.57 2387 10.0.0.3 502 tcp - 0.000493 0 0 SF - - 0 FafA 2 80 2 80 -
|
||||
1093521953.490353 C4J4Th3PJpwUYZZ6gc 10.0.0.57 2579 10.0.0.8 502 tcp modbus 23.256631 24 0 SF - - 0 ShADaFf 6 272 5 208 -
|
||||
1093521681.696827 ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 tcp modbus 385.694948 112 138 S3 - - 0 ShADdf 20 920 12 626 -
|
||||
1093522326.102435 CtPZjS20MLrsMUOJi2 10.0.0.9 3082 10.0.0.3 502 tcp modbus 177.095534 72 69 SF - - 0 ShADdFaf 16 720 9 437 -
|
||||
1093522946.554059 CUM0KZ3MLUfNB0cl11 10.0.0.57 2585 10.0.0.8 502 tcp - 76.561880 926 0 SF - - 0 ShADafF 8 1254 7 288 -
|
||||
1093523065.562221 CmES5u32sYpV7JYN 10.0.0.8 502 10.0.0.57 4446 tcp - 155.114237 128 0 SF - - 0 ShADaFf 16 776 15 608 -
|
||||
1153491879.610371 CP5puj4I8PtEU4qzYg 192.168.66.235 2582 166.161.16.230 502 tcp - 2.905078 0 0 S0 - - 0 S 2 96 0 0 -
|
||||
1153491888.530306 C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 tcp modbus 85.560847 1692 1278 S1 - - 0 ShADad 167 8380 181 8522 -
|
||||
1342774499.588269 C3eiCBGOLw3VtHfOj 10.1.1.234 51411 10.10.5.85 502 tcp modbus 2100.811351 237936 4121200 S2 - - 0 ShADdaF 39659 2300216 20100 5166412 -
|
||||
#close 2016-07-13-16-16-33
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-16-46
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1400173552.423915 CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp pop3,ssl 2.489002 851 2590 SF - - 0 ShAadDfFr 16 1695 17 3462 (empty)
|
||||
1400173552.423915 CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp pop3,ssl 2.489002 851 2590 SF - - 0 ShAadDfFr 16 1695 17 3462 -
|
||||
#close 2016-07-13-16-16-46
|
||||
|
|
|
|||
|
|
@ -6,29 +6,29 @@
|
|||
#open 2016-07-13-16-16-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1324071333.493287 CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp ssh 6.159326 2669 2501 SF - - 0 ShAdDaFf 25 3981 20 3549 (empty)
|
||||
1409516196.337184 ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 tcp ssh 2.079071 3813 3633 SF - - 0 ShADadFf 22 4965 26 5017 (empty)
|
||||
1419870189.485611 C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 tcp ssh 6.641754 5253 3489 SF - - 0 ShADadFf 38 7241 29 5005 (empty)
|
||||
1419870206.101883 CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 tcp ssh 3.862198 576 813 SF - - 0 ShAdDaFf 23 1784 16 1653 (empty)
|
||||
1419996264.318569 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 tcp ssh 2.557930 2757 1721 RSTR - - 0 ShADadFr 37 4693 29 3225 (empty)
|
||||
1420588548.721272 CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 tcp ssh 8.841749 480 537 SF - - 0 ShAdDaFf 17 1376 14 1273 (empty)
|
||||
1420590124.879760 CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 tcp ssh 1.106250 820 1125 SF - - 0 ShAdDaFf 26 2184 20 2173 (empty)
|
||||
1420590308.775525 C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 tcp ssh 1.080767 692 997 SF - - 0 ShAdDaFf 25 2004 19 1993 (empty)
|
||||
1420590322.673363 C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 tcp ssh 1.302395 660 965 SF - - 0 ShAdDaFf 26 2024 20 2013 (empty)
|
||||
1420590636.473213 CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 tcp ssh 12.013506 588 549 SF - - 0 ShAdDaFf 19 1588 16 1389 (empty)
|
||||
1420590659.422161 C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 tcp ssh 3.628964 684 825 SF - - 0 ShAdDaFf 25 1996 19 1821 (empty)
|
||||
1420591379.650462 CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 tcp ssh 0.104978 500 609 SF - - 0 ShAdDaFf 14 1240 10 1137 (empty)
|
||||
1420599430.822385 C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 tcp ssh 2.758790 576 813 SF - - 0 ShAdDaFf 23 1784 18 1757 (empty)
|
||||
1420851448.309629 Ck51lg1bScffFj34Ri 192.168.2.1 59246 192.168.2.158 22 tcp ssh 3.076752 3049 4165 SF - - 0 ShADadFf 32 4725 23 5369 (empty)
|
||||
1420860283.029061 C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 tcp ssh 8.485357 6087 3015 SF - - 0 ShADadFf 32 7759 33 4763 (empty)
|
||||
1420860616.400297 CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 tcp ssh 1.910959 6471 6037 SF - - 0 ShADadFf 33 8195 29 7565 (empty)
|
||||
1420868281.639103 C7fIlMZDuRiqjpYbb 192.168.1.32 41268 128.2.10.238 22 tcp ssh 2.710778 5613 2487 SF - - 0 ShADadFf 24 6869 20 3535 (empty)
|
||||
1420917487.220407 CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 tcp ssh 3.658968 3729 2229 SF - - 0 ShADadFf 36 5613 24 3497 (empty)
|
||||
1420917487.213378 CykQaM33ztNt0csB9a 192.168.1.31 57621 192.168.1.255 57621 udp - - - - S0 - - 0 D 1 72 0 0 (empty)
|
||||
1420917487.213468 CtxTCR2Yer0FR1tIBg 192.168.1.32 57621 192.168.1.31 57621 udp - - - - S0 - - 0 D 1 72 0 0 (empty)
|
||||
1421006072.431795 CqlVyW1YwZ15RhTBc4 192.168.1.31 51476 192.168.1.32 8118 tcp - 0.000539 76 0 SF - - 0 DaFfA 6 388 5 284 (empty)
|
||||
1421006072.001012 C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 tcp ssh 4.926958 4029 2497 SF - - 0 ShAdDaFf 42 6249 27 3937 (empty)
|
||||
1421041176.944687 CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 tcp ssh 0.587601 2885 2309 SF - - 0 ShADdaFf 16 3725 13 2993 (empty)
|
||||
1421041299.738916 CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 tcp ssh 2.236727 4477 535101 SF - - 0 ShADadFf 179 13793 226 546861 (empty)
|
||||
1421041526.312919 CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 tcp ssh 2.066433 4477 534861 SF - - 0 ShADadFf 183 14001 236 547141 (empty)
|
||||
1324071333.493287 CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp ssh 6.159326 2669 2501 SF - - 0 ShAdDaFf 25 3981 20 3549 -
|
||||
1409516196.337184 ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 tcp ssh 2.079071 3813 3633 SF - - 0 ShADadFf 22 4965 26 5017 -
|
||||
1419870189.485611 C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 tcp ssh 6.641754 5253 3489 SF - - 0 ShADadFf 38 7241 29 5005 -
|
||||
1419870206.101883 CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 tcp ssh 3.862198 576 813 SF - - 0 ShAdDaFf 23 1784 16 1653 -
|
||||
1419996264.318569 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 tcp ssh 2.557930 2757 1721 RSTR - - 0 ShADadFr 37 4693 29 3225 -
|
||||
1420588548.721272 CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 tcp ssh 8.841749 480 537 SF - - 0 ShAdDaFf 17 1376 14 1273 -
|
||||
1420590124.879760 CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 tcp ssh 1.106250 820 1125 SF - - 0 ShAdDaFf 26 2184 20 2173 -
|
||||
1420590308.775525 C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 tcp ssh 1.080767 692 997 SF - - 0 ShAdDaFf 25 2004 19 1993 -
|
||||
1420590322.673363 C3eiCBGOLw3VtHfOj 192.168.2.1 56845 192.168.2.158 22 tcp ssh 1.302395 660 965 SF - - 0 ShAdDaFf 26 2024 20 2013 -
|
||||
1420590636.473213 CwjjYJ2WqgTbAqiHl6 192.168.2.1 56875 192.168.2.158 22 tcp ssh 12.013506 588 549 SF - - 0 ShAdDaFf 19 1588 16 1389 -
|
||||
1420590659.422161 C0LAHyvtKSQHyJxIl 192.168.2.1 56878 192.168.2.158 22 tcp ssh 3.628964 684 825 SF - - 0 ShAdDaFf 25 1996 19 1821 -
|
||||
1420591379.650462 CFLRIC3zaTU1loLGxh 192.168.2.1 56940 192.168.2.158 22 tcp ssh 0.104978 500 609 SF - - 0 ShAdDaFf 14 1240 10 1137 -
|
||||
1420599430.822385 C9rXSW3KSpTYvPrlI1 192.168.2.1 57831 192.168.2.158 22 tcp ssh 2.758790 576 813 SF - - 0 ShAdDaFf 23 1784 18 1757 -
|
||||
1420851448.309629 Ck51lg1bScffFj34Ri 192.168.2.1 59246 192.168.2.158 22 tcp ssh 3.076752 3049 4165 SF - - 0 ShADadFf 32 4725 23 5369 -
|
||||
1420860283.029061 C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 tcp ssh 8.485357 6087 3015 SF - - 0 ShADadFf 32 7759 33 4763 -
|
||||
1420860616.400297 CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 tcp ssh 1.910959 6471 6037 SF - - 0 ShADadFf 33 8195 29 7565 -
|
||||
1420868281.639103 C7fIlMZDuRiqjpYbb 192.168.1.32 41268 128.2.10.238 22 tcp ssh 2.710778 5613 2487 SF - - 0 ShADadFf 24 6869 20 3535 -
|
||||
1420917487.220407 CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 tcp ssh 3.658968 3729 2229 SF - - 0 ShADadFf 36 5613 24 3497 -
|
||||
1420917487.213378 CykQaM33ztNt0csB9a 192.168.1.31 57621 192.168.1.255 57621 udp - - - - S0 - - 0 D 1 72 0 0 -
|
||||
1420917487.213468 CtxTCR2Yer0FR1tIBg 192.168.1.32 57621 192.168.1.31 57621 udp - - - - S0 - - 0 D 1 72 0 0 -
|
||||
1421006072.431795 CqlVyW1YwZ15RhTBc4 192.168.1.31 51476 192.168.1.32 8118 tcp - 0.000539 76 0 SF - - 0 DaFfA 6 388 5 284 -
|
||||
1421006072.001012 C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 tcp ssh 4.926958 4029 2497 SF - - 0 ShAdDaFf 42 6249 27 3937 -
|
||||
1421041176.944687 CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 tcp ssh 0.587601 2885 2309 SF - - 0 ShADdaFf 16 3725 13 2993 -
|
||||
1421041299.738916 CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 tcp ssh 2.236727 4477 535101 SF - - 0 ShADadFf 179 13793 226 546861 -
|
||||
1421041526.312919 CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 tcp ssh 2.066433 4477 534861 SF - - 0 ShADadFf 183 14001 236 547141 -
|
||||
#close 2016-07-13-16-16-57
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
#open 2016-07-13-16-17-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1437091701.732171 CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 tcp ssl,xmpp 2.213218 676 4678 SF - - 0 ShADadfFr 19 1676 15 5442 (empty)
|
||||
1437091701.732171 CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 tcp ssl,xmpp 2.213218 676 4678 SF - - 0 ShADadfFr 19 1676 15 5442 -
|
||||
#close 2016-07-13-16-17-08
|
||||
|
|
|
|||
|
|
@ -3,41 +3,41 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2016-07-13-16-17-25
|
||||
#open 2018-01-12-21-44-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) 00:17:f2:d7:cf:65 01:00:5e:00:00:fb
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) 00:16:76:23:d9:e3 01:00:5e:00:00:fb
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) 00:17:f2:d7:cf:65 33:33:00:00:00:fb
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) f0:4d:a2:47:ba:25 33:33:00:01:00:03
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) 00:30:48:bd:3e:c4 01:00:5e:00:00:fb
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) f0:4d:a2:47:ba:25 33:33:00:01:00:03
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
#close 2016-07-13-16-17-25
|
||||
1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b
|
||||
1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb
|
||||
1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb
|
||||
1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff
|
||||
1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - 00:17:f2:d7:cf:65 33:33:00:00:00:fb
|
||||
1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
|
||||
1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff
|
||||
1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03
|
||||
1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb
|
||||
1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
|
||||
1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03
|
||||
1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
#close 2018-01-12-21-44-59
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2016-07-13-16-17-25
|
||||
#open 2018-01-12-21-45-00
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
|
||||
1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp - 0.041654 35 128 SF - - 0 Dd 1 63 1 156 (empty) 90:72:40:97:b6:f5 44:2b:03:aa:ab:8d
|
||||
1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 328 0 0 (empty) a4:67:06:f7:ec:54 33:33:00:00:00:fb
|
||||
#close 2016-07-13-16-17-25
|
||||
1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp - 0.041654 35 128 SF - - 0 Dd 1 63 1 156 - 90:72:40:97:b6:f5 44:2b:03:aa:ab:8d
|
||||
1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 328 0 0 - a4:67:06:f7:ec:54 33:33:00:00:00:fb
|
||||
#close 2018-01-12-21-45-00
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -6,6 +6,6 @@
|
|||
#open 2016-07-13-16-17-26
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents vlan inner_vlan
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] int int
|
||||
1363900699.548138 CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty) 13 10
|
||||
1363900699.549647 ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty) 13 10
|
||||
1363900699.548138 CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 - 13 10
|
||||
1363900699.549647 ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 - 13 10
|
||||
#close 2016-07-13-16-17-26
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
#open 2016-07-13-16-17-38
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
1329843175.736107 ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
|
||||
1329843179.871641 C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
|
||||
1329843194.151526 CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
|
||||
1329843197.783443 CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
|
||||
1329843161.968492 CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
|
||||
1329843175.736107 ClEkJM2Vm5giqnMf4h 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 -
|
||||
1329843179.871641 C4J4Th3PJpwUYZZ6gc 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 -
|
||||
1329843194.151526 CtPZjS20MLrsMUOJi2 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 -
|
||||
1329843197.783443 CUM0KZ3MLUfNB0cl11 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 -
|
||||
1329843161.968492 CHhAvVGS1DHFjwGM9 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 -
|
||||
#close 2016-07-13-16-17-38
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue