mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Make conn.log service field ordered
This changes service set in the connection record, and thus also the conn.log service field to being ordered. Speficically, the order of the entries in the service field will be the same order in which protocols will be confirmed. This means that it now is possible to see which protocols were layered over each other in which order by looking at the respective conn.log entry.
This commit is contained in:
Johanna Amann
parent
c72c1cba6f
commit
ac7bbe6949
33 changed files with 44 additions and 40 deletions
|
|
@ -554,7 +554,7 @@ type connection: record {
|
||||||
## principle it is possible that more than one protocol analyzer is able
|
## principle it is possible that more than one protocol analyzer is able
|
||||||
## to parse the same data. If so, all will be recorded. Also note that
|
## to parse the same data. If so, all will be recorded. Also note that
|
||||||
## the recorded services are independent of any transport-level protocols.
|
## the recorded services are independent of any transport-level protocols.
|
||||||
service: set[string];
|
service: set[string] &ordered;
|
||||||
history: string; ##< State history of connections. See *history* in :zeek:see:`Conn::Info`.
|
history: string; ##< State history of connections. See *history* in :zeek:see:`Conn::Info`.
|
||||||
## A globally unique connection identifier. For each connection, Zeek
|
## A globally unique connection identifier. For each connection, Zeek
|
||||||
## creates an ID that is very likely unique across independent Zeek runs.
|
## creates an ID that is very likely unique across independent Zeek runs.
|
||||||
|
|
|
||||||
|
|
@ -27,8 +27,10 @@ export {
|
||||||
id: conn_id &log;
|
id: conn_id &log;
|
||||||
## The transport layer protocol of the connection.
|
## The transport layer protocol of the connection.
|
||||||
proto: transport_proto &log;
|
proto: transport_proto &log;
|
||||||
## An identification of an application protocol being sent over
|
## The identification of the application protocol(s) being sent over
|
||||||
## the connection.
|
## the connection. Can list more than one protocol separated with
|
||||||
|
## colons. Protocols listed are in the order in which they are
|
||||||
|
## confirmed.
|
||||||
service: string &log &optional;
|
service: string &log &optional;
|
||||||
## How long the connection lasted.
|
## How long the connection lasted.
|
||||||
##
|
##
|
||||||
|
|
|
||||||
|
|
@ -224,8 +224,10 @@ const RecordValPtr& Connection::GetVal() {
|
||||||
conn_val->Assign(1, std::move(orig_endp));
|
conn_val->Assign(1, std::move(orig_endp));
|
||||||
conn_val->Assign(2, std::move(resp_endp));
|
conn_val->Assign(2, std::move(resp_endp));
|
||||||
// 3 and 4 are set below.
|
// 3 and 4 are set below.
|
||||||
conn_val->Assign(5, make_intrusive<TableVal>(id::string_set)); // service
|
// Do not assign to 5 (service). It is a non-optional set, which will be default-initialized
|
||||||
conn_val->Assign(6, val_mgr->EmptyString()); // history
|
// using the script-level settings; this easily applies the &ordered attribute to it.
|
||||||
|
// conn_val->Assign(5, make_intrusive<TableVal>(id::ordered_string_set)); // service
|
||||||
|
conn_val->Assign(6, val_mgr->EmptyString()); // history
|
||||||
|
|
||||||
if ( ! uid )
|
if ( ! uid )
|
||||||
uid.Set(zeek::detail::bits_per_uid);
|
uid.Set(zeek::detail::bits_per_uid);
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
|
||||||
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
|
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
|
||||||
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
|
[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
|
||||||
[conn] XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|T|F|0|S|5|320|0|0|-|6
|
[conn] XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|T|F|0|S|5|320|0|0|-|6
|
||||||
[conn] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|T|F|0|ShADadfF|23|5080|20|3986|-|6
|
[conn] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|T|F|0|ShADadfF|23|5080|20|3986|-|6
|
||||||
[conn] XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
[conn] XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
||||||
[conn] XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
[conn] XXXXXXXXXX.XXXXXX|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
||||||
[conn] XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
[conn] XXXXXXXXXX.XXXXXX|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|T|F|0|F|1|52|0|0|-|6
|
||||||
|
|
|
||||||
|
|
@ -8,5 +8,5 @@
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,ssl,gridftp 0.294743 4491 6659 SF T T 0 ShAdDaFf 22 5643 21 7759 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,ssl,gridftp 0.294743 4491 6659 SF T T 0 ShAdDaFf 22 5643 21 7759 - 6
|
||||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp gridftp-data,ssl 0.010760 2109 3196 S1 T T 0 ShADad 7 2481 6 3516 - 6
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.010760 2109 3196 S1 T T 0 ShADad 7 2481 6 3516 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 T T 0 ShAaDd 29 5744 29 57599 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 52522 ::1 80 tcp http,ssl 0.691241 3644 55499 S1 T T 0 ShAaDd 29 5744 29 57599 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp smtp,http 6.722274 1685 223 SF F T 0 ShADadtTfF 14 2257 16 944 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF F T 0 ShADadtTfF 14 2257 16 944 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 58132 79.107.90.25 3306 tcp ssl,mysql 2.043921 724 3255 SF F F 0 ShAdDaFf 14 1460 11 3835 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 58132 79.107.90.25 3306 tcp mysql,ssl 2.043921 724 3255 SF F F 0 ShAdDaFf 14 1460 11 3835 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 57902 79.107.90.25 3306 tcp ssl,mysql 6.756360 1076 3776 SF F F 0 ShAdDaFf 19 2072 14 4512 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.87.25 57902 79.107.90.25 3306 tcp mysql,ssl 6.756360 1076 3776 SF F F 0 ShAdDaFf 19 2072 14 4512 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59272 127.0.0.1 3306 tcp ssl,mysql 0.021783 713 1959 SF T T 0 ShAdDaFf 10 1241 8 2383 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59272 127.0.0.1 3306 tcp mysql,ssl 0.021783 713 1959 SF T T 0 ShAdDaFf 10 1241 8 2383 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp ssl,pop3 2.489002 851 2590 SF T T 0 ShAadDfFr 16 1695 17 3462 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.4.149 54775 192.168.4.149 110 tcp pop3,ssl 2.489002 851 2590 SF T T 0 ShAadDfFr 16 1695 17 3462 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid id.orig_h id.orig_p id.resp_h id.resp_p service
|
ts uid id.orig_h id.orig_p id.resp_h id.resp_p service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.123.132 36934 52.200.36.167 15432 ssl,postgresql
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.123.132 36934 52.200.36.167 15432 postgresql,ssl
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid id.orig_h id.orig_p id.resp_h id.resp_p service
|
ts uid id.orig_h id.orig_p id.resp_h id.resp_p service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.123.132 36934 52.200.36.167 5432 ssl,postgresql
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.123.132 36934 52.200.36.167 5432 postgresql,ssl
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,4 @@
|
||||||
ts uid history service
|
ts uid history service
|
||||||
0.015059 ClEkJM2Vm5giqnMf4h - -
|
0.015059 ClEkJM2Vm5giqnMf4h - -
|
||||||
0.001000 CHhAvVGS1DHFjwGM9 - -
|
0.001000 CHhAvVGS1DHFjwGM9 - -
|
||||||
0.648580 C4J4Th3PJpwUYZZ6gc Dd quic,ssl
|
0.648580 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,4 @@
|
||||||
ts uid history service
|
ts uid history service
|
||||||
0.000000 CHhAvVGS1DHFjwGM9 - -
|
0.000000 CHhAvVGS1DHFjwGM9 - -
|
||||||
0.016059 ClEkJM2Vm5giqnMf4h - -
|
0.016059 ClEkJM2Vm5giqnMf4h - -
|
||||||
0.669020 C4J4Th3PJpwUYZZ6gc Dd quic,ssl
|
0.669020 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,5 @@
|
||||||
ts uid history service
|
ts uid history service
|
||||||
0.015059 ClEkJM2Vm5giqnMf4h - -
|
0.015059 ClEkJM2Vm5giqnMf4h - -
|
||||||
0.001000 CHhAvVGS1DHFjwGM9 - -
|
0.001000 CHhAvVGS1DHFjwGM9 - -
|
||||||
0.790739 CtPZjS20MLrsMUOJi2 Dd quic,ssl
|
0.790739 CtPZjS20MLrsMUOJi2 Dd ssl,quic
|
||||||
0.718160 C4J4Th3PJpwUYZZ6gc Dd quic,ssl
|
0.718160 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadfF websocket,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadfF http,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadfF websocket,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadfF http,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadFR websocket,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadFR http,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadFR websocket,ssl,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadFR http,ssl,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR websocket,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR http,websocket
|
||||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR websocket,http
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR http,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR websocket,ssh,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR http,websocket,ssh
|
||||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR websocket,ssh,http
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR http,websocket,ssh
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR ssh,websocket,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR http,ssh,websocket
|
||||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR ssh,websocket,http
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR http,ssh,websocket
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
ts uid history service
|
ts uid history service
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR websocket,ssh,http
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ShADadR http,websocket,ssh
|
||||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR websocket,ssh,http
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ShADadR http,websocket,ssh
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,5 @@
|
||||||
#open XXXX-XX-XX-XX-XX-XX
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
||||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 tcp ssl,xmpp 2.213218 676 4678 SF F F 0 ShADadfFr 19 1676 15 5442 - 6
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 198.128.203.95 56048 146.255.57.229 5222 tcp xmpp,ssl 2.213218 676 4678 SF F F 0 ShADadfFr 19 1676 15 5442 - 6
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue