mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Baseline updates after hash function change.
This commit is contained in:
Johanna Amann
parent
f1bae871e9
commit
cdb6a1b6e6
323 changed files with 25772 additions and 25772 deletions
|
|
@ -197,7 +197,7 @@ file:
|
||||||
|
|
||||||
Often times log files from multiple sources are stored in UTC time to
|
Often times log files from multiple sources are stored in UTC time to
|
||||||
allow easy correlation. Converting the timestamp from a log file to
|
allow easy correlation. Converting the timestamp from a log file to
|
||||||
UTC can be accomplished with the ``-u`` option:
|
UTC can be accomplished with the ``-u`` option:
|
||||||
|
|
||||||
.. btest:: using_bro
|
.. btest:: using_bro
|
||||||
|
|
||||||
|
|
@ -227,7 +227,7 @@ trip. A common progression of review includes correlating a session
|
||||||
across multiple log files. As a connection is processed by Bro, a
|
across multiple log files. As a connection is processed by Bro, a
|
||||||
unique identifier is assigned to each session. This unique identifier
|
unique identifier is assigned to each session. This unique identifier
|
||||||
is generally included in any log file entry associated with that
|
is generally included in any log file entry associated with that
|
||||||
connection and can be used to cross-reference different log files.
|
connection and can be used to cross-reference different log files.
|
||||||
|
|
||||||
A simple example would be to cross-reference a UID seen in a
|
A simple example would be to cross-reference a UID seen in a
|
||||||
``conn.log`` file. Here, we're looking for the connection with the
|
``conn.log`` file. Here, we're looking for the connection with the
|
||||||
|
|
@ -244,7 +244,7 @@ crossreference that with the UIDs in the ``http.log`` file.
|
||||||
|
|
||||||
.. btest:: using_bro
|
.. btest:: using_bro
|
||||||
|
|
||||||
@TEST-EXEC: btest-rst-cmd "cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a"
|
@TEST-EXEC: btest-rst-cmd "cat http.log | bro-cut uid id.resp_h method status_code host uri | grep UM0KZ3MLUfNB0cl11"
|
||||||
|
|
||||||
As you can see there are two HTTP ``GET`` requests within the
|
As you can see there are two HTTP ``GET`` requests within the
|
||||||
session that Bro identified and logged. Given that HTTP is a stream
|
session that Bro identified and logged. Given that HTTP is a stream
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
bf1, global_seed, 11979365913534242684
|
bf1, global_seed, 4955302038280957656
|
||||||
bf2, global_seed, 12550100962110750449
|
bf2, global_seed, 11260532077783130352
|
||||||
bf3, my_seed, 12550100962110750449
|
bf3, my_seed, 4955302038280957656
|
||||||
bf4, my_seed, 945716460325754659
|
bf4, my_seed, 11260532077783130352
|
||||||
bf1, global_seed, 12550100962110750449
|
bf1, global_seed, 4955302038280957656
|
||||||
bf2, global_seed, 945716460325754659
|
bf2, global_seed, 11260532077783130352
|
||||||
bf3, my_seed, 12550100962110750449
|
bf3, my_seed, 4955302038280957656
|
||||||
bf4, my_seed, 945716460325754659
|
bf4, my_seed, 11260532077783130352
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2015-08-31-03-09-20
|
#open 2016-07-13-16-12-36
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1254722767.875996 CjhGID4nQcgTWjvg4c 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
1254722767.875996 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
||||||
1437831787.861602 CPbrpk1qSsw6ESzHV4 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
1437831787.861602 CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
||||||
1437831799.610433 C7XEbhP654jzLoe3a 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
1437831799.610433 C3eiCBGOLw3VtHfOj 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F bro
|
||||||
#close 2015-08-31-03-09-20
|
#close 2016-07-13-16-12-36
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
{
|
{
|
||||||
10.0.0.0/8,
|
10.0.0.0/8,
|
||||||
10.2.0.2/31,
|
10.2.0.0/16,
|
||||||
10.2.0.0/16
|
10.2.0.2/31
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[10.0.0.0/8] = a,
|
[10.0.0.0/8] = a,
|
||||||
[10.2.0.2/31] = c,
|
[10.2.0.0/16] = b,
|
||||||
[10.2.0.0/16] = b
|
[10.2.0.2/31] = c
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[10.0.0.0/8] = a,
|
[10.3.0.0/16] = e,
|
||||||
[10.3.0.0/16] = e
|
[10.0.0.0/8] = a
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
{
|
{
|
||||||
10.0.0.0/8,
|
|
||||||
10.3.0.0/16,
|
|
||||||
10.2.0.2/31,
|
|
||||||
2607:f8b0:4007:807::/64,
|
|
||||||
10.2.0.0/16,
|
|
||||||
5.2.0.0/32,
|
|
||||||
5.5.0.0/25,
|
|
||||||
10.1.0.0/16,
|
|
||||||
5.0.0.0/8,
|
5.0.0.0/8,
|
||||||
2607:f8b0:4007:807::200e/128,
|
|
||||||
7.2.0.0/32,
|
7.2.0.0/32,
|
||||||
2607:f8b0:4008:807::/64
|
10.3.0.0/16,
|
||||||
|
2607:f8b0:4007:807::200e/128,
|
||||||
|
10.0.0.0/8,
|
||||||
|
2607:f8b0:4007:807::/64,
|
||||||
|
10.1.0.0/16,
|
||||||
|
5.2.0.0/32,
|
||||||
|
10.2.0.0/16,
|
||||||
|
2607:f8b0:4008:807::/64,
|
||||||
|
10.2.0.2/31,
|
||||||
|
5.5.0.0/25
|
||||||
}
|
}
|
||||||
[10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
|
[10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
|
||||||
[2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]
|
[2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
MARTIN
|
|
||||||
3
|
|
||||||
WORKGROUP
|
|
||||||
27
|
|
||||||
ISATAP
|
|
||||||
0
|
|
||||||
\x01\x02__MSBROWSE__\x02
|
\x01\x02__MSBROWSE__\x02
|
||||||
1
|
1
|
||||||
|
WORKGROUP
|
||||||
|
27
|
||||||
|
MARTIN
|
||||||
|
3
|
||||||
|
ISATAP
|
||||||
|
0
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
985
|
20
|
||||||
474
|
484
|
||||||
738
|
137
|
||||||
4
|
4
|
||||||
634
|
634
|
||||||
473
|
473
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
985
|
20
|
||||||
474
|
484
|
||||||
738
|
137
|
||||||
974
|
263
|
||||||
371
|
217
|
||||||
638
|
243
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
[a=42, b=Foo, c=<uninitialized>, d=Bar]
|
[a=42, b=Foo, c=<uninitialized>, d=Bar]
|
||||||
{
|
{
|
||||||
[b] = [type_name=record, log=F, value=Foo, default_val=Foo],
|
[b] = [type_name=record, log=F, value=Foo, default_val=Foo],
|
||||||
[d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>],
|
|
||||||
[c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
|
[c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
|
||||||
[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>]
|
[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>],
|
||||||
|
[d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>]
|
||||||
}
|
}
|
||||||
F
|
F
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
A-56gKBmhBBB6
|
A-rFj3eGxkRR5
|
||||||
B-PjbroujOxH4
|
B-q3FkxySjt2a
|
||||||
C-N4zgPFAv3J
|
C-Chd8EgFWk2j
|
||||||
D-R8BqVlcp23e
|
D-NHNewIpRB26
|
||||||
E-duYdXg7bTa3
|
E-V26Y5PaLbW3
|
||||||
F-FSX5JvMaA88
|
F-xUIu5RK8w0f
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
CUWkUyAuUGXfarKYeMETxOg
|
C2NNAAAHZBl4GS1DHFjwGM9
|
||||||
Ck6kgXLOoSKlnQcgTWjvg4c
|
CecCbjYTWM3dVm5giqnMf4h
|
||||||
Fj3nTWNjezo6G6xBmyo58Tf
|
Fj3nTWNjezo6G6xBmyo58Tf
|
||||||
Cj4u32Pc5bifTEfuqmmG4bh
|
C6CWH0ZufRpfPJpwUYZZ6gc
|
||||||
F4VAnSiNGSQhKEoCPd4zuQd
|
F4VAnSiNGSQhKEoCPd4zuQd
|
||||||
CFrJExwHcSal5OKnoww6xl4
|
CIdXDQc8a0ud0MLrsMUOJi2
|
||||||
FaJg8mtdsS86cWjSe4spPPl
|
FaJg8mtdsS86cWjSe4spPPl
|
||||||
C3PKsZ2Uye21VW0XPVINV8a
|
Cae9B2GP1sJiMLUfNB0cl11
|
||||||
FvBr89nD30GgGAp3wgtm6qf
|
FvBr89nD30GgGAp3wgtm6qf
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
CUWkUyAuUGXfarKYeMETxOg
|
C2NNAAAHZBl4GS1DHFjwGM9
|
||||||
Ck6kgXLOoSKlnQcgTWjvg4c
|
CecCbjYTWM3dVm5giqnMf4h
|
||||||
Fj3nTWNjezo6G6xBmyo58Tf
|
Fj3nTWNjezo6G6xBmyo58Tf
|
||||||
Cj4u32Pc5bifTEfuqmmG4bh
|
C6CWH0ZufRpfPJpwUYZZ6gc
|
||||||
F4VAnSiNGSQhKEoCPd4zuQd
|
F4VAnSiNGSQhKEoCPd4zuQd
|
||||||
CFrJExwHcSal5OKnoww6xl4
|
CIdXDQc8a0ud0MLrsMUOJi2
|
||||||
FaJg8mtdsS86cWjSe4spPPl
|
FaJg8mtdsS86cWjSe4spPPl
|
||||||
C3PKsZ2Uye21VW0XPVINV8a
|
Cae9B2GP1sJiMLUfNB0cl11
|
||||||
FvBr89nD30GgGAp3wgtm6qf
|
FvBr89nD30GgGAp3wgtm6qf
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
CXWv6p30
|
CHhAvV0
|
||||||
CCyvnA30
|
CRQjp520
|
||||||
F75yAm10
|
F75yAm10
|
||||||
CjhGID40
|
ClEkJM20
|
||||||
FmGk6O30
|
FmGk6O30
|
||||||
CdfHBz20
|
CHZeJD30
|
||||||
Fuh3fj10
|
Fuh3fj10
|
||||||
CCvvfg30
|
C4J4Th30
|
||||||
Ftwuyy30
|
Ftwuyy30
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
CUWkUyAuUGXf0
|
C2NNAAAHZBl40
|
||||||
CarKYeMETxOg0
|
CGS1DHFjwGM90
|
||||||
Fj3nTWNjezo60
|
Fj3nTWNjezo60
|
||||||
Ck6kgXLOoSKl0
|
CecCbjYTWM3d0
|
||||||
F4VAnSiNGSQh0
|
F4VAnSiNGSQh0
|
||||||
CnQcgTWjvg4c0
|
CVm5giqnMf4h0
|
||||||
FaJg8mtdsS860
|
FaJg8mtdsS860
|
||||||
Cj4u32Pc5bif0
|
C6CWH0ZufRpf0
|
||||||
FvBr89nD30Gg0
|
FvBr89nD30Gg0
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
CXWv6p3arKYeMETxOg
|
CHhAvVGS1DHFjwGM9
|
||||||
CjhGID4nQcgTWjvg4c
|
ClEkJM2Vm5giqnMf4h
|
||||||
F75yAm1G6xBmyo58Tf
|
F75yAm1G6xBmyo58Tf
|
||||||
CCvvfg3TEfuqmmG4bh
|
C4J4Th3PJpwUYZZ6gc
|
||||||
FmGk6O3KEoCPd4zuQd
|
FmGk6O3KEoCPd4zuQd
|
||||||
CsRx2w45OKnoww6xl4
|
CtPZjS20MLrsMUOJi2
|
||||||
Fuh3fj1cWjSe4spPPl
|
Fuh3fj1cWjSe4spPPl
|
||||||
CRJuHdVW0XPVINV8a
|
CUM0KZ3MLUfNB0cl11
|
||||||
Ftwuyy3GAp3wgtm6qf
|
Ftwuyy3GAp3wgtm6qf
|
||||||
|
|
|
||||||
|
|
@ -3,101 +3,101 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-04
|
#open 2016-07-13-16-12-42
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332784981.078396 - - - - - bad_IP_checksum - F bro
|
1332784981.078396 - - - - - bad_IP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-04
|
#close 2016-07-13-16-12-42
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-06
|
#open 2016-07-13-16-12-42
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332784885.686428 CXWv6p3arKYeMETxOg 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro
|
1332784885.686428 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-06
|
#close 2016-07-13-16-12-42
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-08
|
#open 2016-07-13-16-12-43
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332784933.501023 CXWv6p3arKYeMETxOg 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro
|
1332784933.501023 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-08
|
#close 2016-07-13-16-12-43
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-10
|
#open 2016-07-13-16-12-43
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075363.536871 CXWv6p3arKYeMETxOg 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro
|
1334075363.536871 CHhAvVGS1DHFjwGM9 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-10
|
#close 2016-07-13-16-12-43
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-11
|
#open 2016-07-13-16-12-44
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332785210.013051 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
1332785210.013051 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
||||||
1332785210.013051 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro
|
1332785210.013051 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-12
|
#close 2016-07-13-16-12-44
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-13
|
#open 2016-07-13-16-12-44
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332782580.798420 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
1332782580.798420 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
||||||
1332782580.798420 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro
|
1332782580.798420 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-13
|
#close 2016-07-13-16-12-44
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-15
|
#open 2016-07-13-16-12-45
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075111.800086 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
1334075111.800086 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
||||||
1334075111.800086 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro
|
1334075111.800086 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-15
|
#close 2016-07-13-16-12-45
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-16
|
#open 2016-07-13-16-12-45
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332785250.469132 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro
|
1332785250.469132 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-17
|
#close 2016-07-13-16-12-45
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-18
|
#open 2016-07-13-16-12-46
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332781342.923813 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro
|
1332781342.923813 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-18
|
#close 2016-07-13-16-12-46
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-20
|
#open 2016-07-13-16-12-46
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334074939.467194 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-20
|
#close 2016-07-13-16-12-47
|
||||||
|
|
|
||||||
|
|
@ -3,68 +3,68 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-20
|
#open 2016-07-13-16-12-46
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334074939.467194 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||||
#close 2016-06-15-20-38-20
|
#close 2016-07-13-16-12-47
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-27
|
#open 2016-07-13-16-12-49
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332785125.596793 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
1332785125.596793 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-27
|
#close 2016-07-13-16-12-49
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-28
|
#open 2016-07-13-16-12-49
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1332782508.592037 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
1332782508.592037 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-29
|
#close 2016-07-13-16-12-49
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-30
|
#open 2016-07-13-16-12-50
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-30
|
#close 2016-07-13-16-12-50
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-30
|
#open 2016-07-13-16-12-50
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-30
|
#close 2016-07-13-16-12-50
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-30
|
#open 2016-07-13-16-12-50
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-30
|
#close 2016-07-13-16-12-50
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-06-15-20-38-30
|
#open 2016-07-13-16-12-50
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F bro
|
||||||
#close 2016-06-15-20-38-30
|
#close 2016-07-13-16-12-50
|
||||||
|
|
|
||||||
|
|
@ -1,43 +1,43 @@
|
||||||
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CXWv6p3arKYeMETxOg
|
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CHhAvVGS1DHFjwGM9
|
||||||
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], CjhGID4nQcgTWjvg4c
|
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], ClEkJM2Vm5giqnMf4h
|
||||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CCvvfg3TEfuqmmG4bh
|
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], C4J4Th3PJpwUYZZ6gc
|
||||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CsRx2w45OKnoww6xl4
|
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CtPZjS20MLrsMUOJi2
|
||||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CRJuHdVW0XPVINV8a
|
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
|
||||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CRJuHdVW0XPVINV8a
|
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
|
||||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], CPbrpk1qSsw6ESzHV4
|
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], CmES5u32sYpV7JYN
|
||||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], C6pKV8GSxOnSLghOa
|
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], CP5puj4I8PtEU4qzYg
|
||||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], CIPOse170MGiRM1Qf4
|
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], C37jN32gN3y3AZzyf6
|
||||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C7XEbhP654jzLoe3a
|
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
|
||||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CJ3xTn1c4Zw9TmAE05
|
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
|
||||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], CMXxB5GvmoxJFXdTa
|
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], C0LAHyvtKSQHyJxIl
|
||||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], Caby8b1slFea8xwSmb
|
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], CFLRIC3zaTU1loLGxh
|
||||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], Che1bq3i2rO3KD1Syg
|
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], C9rXSW3KSpTYvPrlI1
|
||||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3SfNE4BWaU4aSuwkc
|
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
|
||||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], CEle3f3zno26fFZkrh
|
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], C9mvWx3ezztgzcexV7
|
||||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], CwSkQu4eWZCH7OONC1
|
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], CNnMIj2QSd84NKf7U3
|
||||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], CfTOmO0HKorjr8Zp7
|
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], C7fIlMZDuRiqjpYbb
|
||||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CzA03V1VcgagLjnO92
|
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
|
||||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CyAhVIzHqb7t7kv28
|
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
|
||||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Cab0vO1xNYSS2hJkle
|
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], CpmdRlaUoJLN3uIRa
|
||||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], Cx2FqO23omNawSNrxj
|
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], C1Xkzz2MaGtLrc1Tla
|
||||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], Cx3C534wEyF3OvvcQe
|
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], CqlVyW1YwZ15RhTBc4
|
||||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CkDsfG2YIeWJmXWNWj
|
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
|
||||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], CUKS0W3HFYOnBqSE5e
|
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], CBA8792iHmnhPLksKa
|
||||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], CRrfvP2lalMAYOCLhj
|
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], CGLPPc35OzDQij1XX8
|
||||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], Cn78a440HlxuyZKs6f
|
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
|
||||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CJ3xTn1c4Zw9TmAE05
|
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
|
||||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C7XEbhP654jzLoe3a
|
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
|
||||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3SfNE4BWaU4aSuwkc
|
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
|
||||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CyAhVIzHqb7t7kv28
|
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
|
||||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CzA03V1VcgagLjnO92
|
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
|
||||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CkDsfG2YIeWJmXWNWj
|
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
|
||||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], Cn78a440HlxuyZKs6f
|
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
|
||||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CUof3F2yAIid8QS3dk
|
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
|
||||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CUof3F2yAIid8QS3dk
|
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
|
||||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CojBOU3CXcLHl1r6x1
|
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], Cipfzj1BEnhejw8cGf
|
||||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], CJzVQRGJrX6V15ik7
|
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], CV5WJ42jPYbNW9JNWf
|
||||||
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], ClAbxY1nmdjCuo0Le2
|
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], CPhDKt12KQPUVbQz06
|
||||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], CwG0BF1VXE0gWgs78
|
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], CAnFrb2Cvxr5T7quOc
|
||||||
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], CisNaL1Cm73CiNOmcg
|
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], C8rquZ3DjgNW06JGLl
|
||||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], CBQnJn22qN8TOeeZil
|
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], CzrZOtXqhwwndQva3
|
||||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], CbEsuD3dgDDngdlbKf
|
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], CaGCc13FffXe6RkQl9
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
|
1d59:20f4:b44b:27a8:2bd:77c4:f053:6f5a,
|
||||||
50cd:1a9a:1837:5803:9b08:41aa:738c:3f0b,
|
50cd:1a9a:1837:5803:9b08:41aa:738c:3f0b,
|
||||||
477c:8c51:4f4f:61ec:9981:1259:86b8:8987,
|
477c:8c51:4f4f:61ec:9981:1259:86b8:8987
|
||||||
1d59:20f4:b44b:27a8:2bd:77c4:f053:6f5a
|
|
||||||
}
|
}
|
||||||
lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
|
lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
|
||||||
lookup_hostname, {
|
lookup_hostname, {
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-54-45
|
#open 2016-07-13-16-12-53
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1128727435.633408 CXWv6p3arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp - 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 (empty)
|
1128727435.633408 CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp - 1.550793 98 9417 SF - - 0 ^hADdFaf 11 670 10 9945 (empty)
|
||||||
#close 2016-07-08-21-54-45
|
#close 2016-07-13-16-12-54
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path dns
|
#path dns
|
||||||
#open 2016-06-15-03-33-34
|
#open 2016-07-13-16-12-54
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
||||||
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
||||||
1331084278.438444 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 0.079300 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F
|
1331084278.438444 CHhAvVGS1DHFjwGM9 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 0.079300 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F
|
||||||
1331084293.592245 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 5.084025 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F
|
1331084293.592245 ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 5.084025 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.000000 F
|
||||||
1331084298.593081 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 - txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT - - F F T F 0 - - F
|
1331084298.593081 ClEkJM2Vm5giqnMf4h 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 - txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT - - F F T F 0 - - F
|
||||||
#close 2016-06-15-03-33-34
|
#close 2016-07-13-16-12-54
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-46-16
|
#open 2016-07-13-16-12-55
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 (empty)
|
1371685686.536606 CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 (empty)
|
||||||
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 (empty)
|
1371686961.479321 C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 (empty)
|
||||||
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 (empty)
|
1371686961.156859 ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 (empty)
|
||||||
#close 2016-07-08-21-46-16
|
#close 2016-07-13-16-12-55
|
||||||
|
|
|
||||||
|
|
@ -3,23 +3,23 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-32-35
|
#open 2016-07-13-16-12-55
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||||
1300475168.853899 CCvvfg3TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.853899 C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.854378 CsRx2w45OKnoww6xl4 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.854378 CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.854837 CRJuHdVW0XPVINV8a 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.854837 CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.857956 CPbrpk1qSsw6ESzHV4 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.857956 CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.858306 C6pKV8GSxOnSLghOa 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.858306 CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.858713 CIPOse170MGiRM1Qf4 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.858713 C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.891644 C7XEbhP654jzLoe3a 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.891644 C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.892037 CJ3xTn1c4Zw9TmAE05 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.892037 CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.892414 CMXxB5GvmoxJFXdTa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.892414 C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.893988 Caby8b1slFea8xwSmb 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.893988 CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.894422 Che1bq3i2rO3KD1Syg 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.894422 C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.894787 C3SfNE4BWaU4aSuwkc 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.894787 Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.901749 CEle3f3zno26fFZkrh 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
1300475168.901749 C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||||
1300475168.902195 CwSkQu4eWZCH7OONC1 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
1300475168.902195 CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||||
1300475168.652003 CjhGID4nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 (empty)
|
1300475168.652003 ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 (empty)
|
||||||
#close 2015-02-23-21-32-35
|
#close 2016-07-13-16-12-55
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-32-46
|
#open 2016-07-13-16-12-56
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1300475168.892936 CXWv6p3arKYeMETxOg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
1300475168.892936 CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||||
#close 2015-02-23-21-32-46
|
#close 2016-07-13-16-12-56
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open 2014-08-23-18-29-48
|
#open 2016-07-13-16-12-56
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success
|
||||||
#types time string string bool bool
|
#types time string string bool bool
|
||||||
1408818588.510297 bro port 50000 T T
|
1468426376.541368 bro port 50000 T T
|
||||||
#close 2014-08-23-18-29-48
|
#close 2016-07-13-16-12-56
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,14 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-32-47
|
#open 2016-07-13-16-12-57
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 (empty)
|
1284385417.962560 CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 (empty)
|
||||||
1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 (empty)
|
1284385418.014560 CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 (empty)
|
||||||
1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
1284385411.035560 CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 (empty)
|
||||||
1284385411.035560 CXWv6p3arKYeMETxOg fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 (empty)
|
1284385451.658560 CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 (empty)
|
||||||
1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 (empty)
|
1284385412.963560 C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 (empty)
|
||||||
1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
1284385413.027560 CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
||||||
1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 (empty)
|
1284385411.091560 ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
|
||||||
#close 2015-02-23-21-32-47
|
#close 2016-07-13-16-12-57
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-03-30-21-38-30
|
#open 2016-07-13-16-12-58
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
1278600802.069419 CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
||||||
#close 2015-03-30-21-38-30
|
#close 2016-07-13-16-12-59
|
||||||
|
|
|
||||||
|
|
@ -3,28 +3,28 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open 2015-03-30-21-38-29
|
#open 2016-07-13-16-12-57
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success
|
||||||
#types time string string bool bool
|
#types time string string bool bool
|
||||||
1427751509.034738 bro ip or not ip T T
|
1468426377.846975 bro ip or not ip T T
|
||||||
#close 2015-03-30-21-38-29
|
#close 2016-07-13-16-12-57
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open 2015-03-30-21-38-29
|
#open 2016-07-13-16-12-58
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success
|
||||||
#types time string string bool bool
|
#types time string string bool bool
|
||||||
1427751509.711080 bro port 42 T T
|
1468426378.362651 bro port 42 T T
|
||||||
#close 2015-03-30-21-38-29
|
#close 2016-07-13-16-12-58
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path packet_filter
|
#path packet_filter
|
||||||
#open 2015-03-30-21-38-30
|
#open 2016-07-13-16-12-58
|
||||||
#fields ts node filter init success
|
#fields ts node filter init success
|
||||||
#types time string string bool bool
|
#types time string string bool bool
|
||||||
1427751510.380510 bro (vlan) and (ip or not ip) T T
|
1468426378.944945 bro (vlan) and (ip or not ip) T T
|
||||||
#close 2015-03-30-21-38-30
|
#close 2016-07-13-16-12-59
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-32-51
|
#open 2016-07-13-16-13-00
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty)
|
1363900699.548138 CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty)
|
||||||
1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty)
|
1363900699.549647 ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty)
|
||||||
#close 2015-02-23-21-32-51
|
#close 2016-07-13-16-13-00
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-01-19-09-01-31
|
#open 2016-07-13-16-13-00
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1439902891.705224 CXWv6p3arKYeMETxOg 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF - - 0 Dd 1 63 1 156 (empty)
|
1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF - - 0 Dd 1 63 1 156 (empty)
|
||||||
1439903050.580632 CjhGID4nQcgTWjvg4c fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 (empty)
|
1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 (empty)
|
||||||
#close 2016-01-19-09-01-31
|
#close 2016-07-13-16-13-00
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-04-15-23-53-28
|
#open 2016-07-13-16-13-01
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1395939406.175845 CjhGID4nQcgTWjvg4c 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 (empty)
|
1395939406.175845 ClEkJM2Vm5giqnMf4h 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 (empty)
|
||||||
1395939411.361078 CCvvfg3TEfuqmmG4bh 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 (empty)
|
1395939411.361078 C4J4Th3PJpwUYZZ6gc 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 (empty)
|
||||||
1395939399.984671 CXWv6p3arKYeMETxOg 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 (empty)
|
1395939399.984671 CHhAvVGS1DHFjwGM9 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 (empty)
|
||||||
#close 2015-04-15-23-53-28
|
#close 2016-07-13-16-13-01
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path files
|
#path files
|
||||||
#open 2015-04-15-23-53-28
|
#open 2016-07-13-16-13-01
|
||||||
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
|
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
|
||||||
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string
|
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string
|
||||||
1395939406.177079 FAb5m22Dhe2Zi95anf 192.168.56.101 192.168.56.1 CjhGID4nQcgTWjvg4c FTP_DATA 0 DATA_EVENT text/plain - 0.000000 - F 270 - 0 0 F - - - - -
|
1395939406.177079 FAb5m22Dhe2Zi95anf 192.168.56.101 192.168.56.1 ClEkJM2Vm5giqnMf4h FTP_DATA 0 DATA_EVENT text/plain - 0.000000 - F 270 - 0 0 F - - - - -
|
||||||
1395939411.364462 FhI0ao2FNTjabdfSBd 192.168.56.101 192.168.56.1 CCvvfg3TEfuqmmG4bh FTP_DATA 0 DATA_EVENT text/plain - 150.490904 - F 23822 - 5416642848 0 F - - - - -
|
1395939411.364462 FhI0ao2FNTjabdfSBd 192.168.56.101 192.168.56.1 C4J4Th3PJpwUYZZ6gc FTP_DATA 0 DATA_EVENT text/plain - 150.490904 - F 23822 - 5416642848 0 F - - - - -
|
||||||
#close 2015-04-15-23-53-28
|
#close 2016-07-13-16-13-01
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-32-57
|
#open 2016-07-13-16-13-02
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 (empty)
|
1331764471.664131 CHhAvVGS1DHFjwGM9 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 (empty)
|
||||||
#close 2015-02-23-21-32-57
|
#close 2016-07-13-16-13-02
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-06-19-53-51
|
#open 2016-07-13-16-13-02
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1285862902.700271 CXWv6p3arKYeMETxOg 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADadtR 17 1250 22 28961 (empty)
|
1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADadtR 17 1250 22 28961 (empty)
|
||||||
#close 2016-07-06-19-53-51
|
#close 2016-07-13-16-13-03
|
||||||
|
|
|
||||||
|
|
@ -3,41 +3,41 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-09-02-21-54
|
#open 2016-07-13-16-13-03
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||||
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||||
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||||
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.858306 Caby8b1slFea8xwSmb 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.858306 CFLRIC3zaTU1loLGxh 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.858713 Che1bq3i2rO3KD1Syg 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.858713 C9rXSW3KSpTYvPrlI1 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.891644 CEle3f3zno26fFZkrh 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.891644 C9mvWx3ezztgzcexV7 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.892037 CwSkQu4eWZCH7OONC1 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.892037 CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.892414 CfTOmO0HKorjr8Zp7 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.892414 C7fIlMZDuRiqjpYbb 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.893988 Cab0vO1xNYSS2hJkle 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.893988 CpmdRlaUoJLN3uIRa 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.894422 Cx2FqO23omNawSNrxj 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.894422 C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.894787 Cx3C534wEyF3OvvcQe 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.894787 CqlVyW1YwZ15RhTBc4 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.901749 CUKS0W3HFYOnBqSE5e 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
1300475168.901749 CBA8792iHmnhPLksKa 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
|
||||||
1300475168.902195 CRrfvP2lalMAYOCLhj 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
1300475168.902195 CGLPPc35OzDQij1XX8 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
|
||||||
1300475169.899438 CojBOU3CXcLHl1r6x1 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 85 0 0 (empty)
|
1300475169.899438 Cipfzj1BEnhejw8cGf 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 85 0 0 (empty)
|
||||||
1300475170.862384 CJzVQRGJrX6V15ik7 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
1300475170.862384 CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty)
|
||||||
1300475171.675372 ClAbxY1nmdjCuo0Le2 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
1300475171.675372 CPhDKt12KQPUVbQz06 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||||
1300475171.677081 CwG0BF1VXE0gWgs78 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
1300475171.677081 CAnFrb2Cvxr5T7quOc 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||||
1300475173.116749 CisNaL1Cm73CiNOmcg fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
1300475173.116749 C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty)
|
||||||
1300475173.117362 CBQnJn22qN8TOeeZil 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
1300475173.117362 CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty)
|
||||||
1300475173.153679 CbEsuD3dgDDngdlbKf 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 (empty)
|
1300475173.153679 CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 (empty)
|
||||||
1300475168.859163 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
1300475169.780331 CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 (empty)
|
||||||
1300475168.652003 CsRx2w45OKnoww6xl4 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
1300475168.892913 CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
||||||
1300475168.895267 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
1300475168.724007 CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
||||||
1300475168.902635 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
1300475168.855330 CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
||||||
1300475168.892936 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
1300475168.855305 C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
||||||
1300475168.855305 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty)
|
1300475168.652003 CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty)
|
||||||
1300475168.892913 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty)
|
1300475168.902635 CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty)
|
||||||
1300475169.780331 CUof3F2yAIid8QS3dk 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 (empty)
|
1300475168.859163 Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty)
|
||||||
1300475168.724007 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty)
|
1300475168.892936 CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
|
||||||
1300475168.855330 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty)
|
1300475168.895267 CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty)
|
||||||
#close 2016-07-09-02-21-55
|
#close 2016-07-13-16-13-03
|
||||||
|
|
|
||||||
|
|
@ -3,15 +3,15 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-46-30
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh
|
1257655301.595604 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
|
||||||
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 (empty)
|
1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 (empty)
|
||||||
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 (empty)
|
1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 (empty)
|
||||||
1257655296.585333 C6pKV8GSxOnSLghOa :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 CCvvfg3TEfuqmmG4bh
|
1257655296.585333 CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
1257655293.629048 CjhGID4nQcgTWjvg4c 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
|
1257655296.585151 CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
1257655296.585034 CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
1257655293.629048 ClEkJM2Vm5giqnMf4h 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
|
||||||
1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
1257655296.585188 CmES5u32sYpV7JYN fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
#close 2016-07-08-21-46-30
|
#close 2016-07-13-16-13-04
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-05-35-59
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1257655301.652206 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - (empty) - - - - - - FYAtjT24MvCBUs5K5f - text/html
|
1257655301.652206 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - (empty) - - - - - - FYAtjT24MvCBUs5K5f - text/html
|
||||||
1257655302.514424 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - (empty) - - - - - - - - -
|
1257655302.514424 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - (empty) - - - - - - - - -
|
||||||
1257655303.603569 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - (empty) - - - - - - - - -
|
1257655303.603569 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - (empty) - - - - - - - - -
|
||||||
#close 2016-06-15-05-35-59
|
#close 2016-07-13-16-13-04
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,11 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2016-01-15-18-40-13
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
||||||
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
||||||
1257655317.464035 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
1257655317.464035 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
||||||
1257655317.464035 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
1257655317.464035 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
||||||
#close 2016-01-15-18-40-13
|
#close 2016-07-13-16-13-04
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-06
|
#open 2016-07-13-16-13-05
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c
|
1341436424.378840 CtPZjS20MLrsMUOJi2 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - - 0 D 2 224 0 0 ClEkJM2Vm5giqnMf4h
|
||||||
1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c
|
1341436440.002928 CUM0KZ3MLUfNB0cl11 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - - 0 D 2 104 0 0 ClEkJM2Vm5giqnMf4h
|
||||||
1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c
|
1341436424.204043 C4J4Th3PJpwUYZZ6gc 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - - 0 - 312 31200 312 31200 ClEkJM2Vm5giqnMf4h
|
||||||
#close 2015-02-23-21-33-06
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2014-01-16-21-51-36
|
#open 2016-07-13-16-13-05
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::GRE Tunnel::DISCOVER
|
1341436424.204043 CHhAvVGS1DHFjwGM9 72.205.54.70 0 86.106.164.150 0 Tunnel::GRE Tunnel::DISCOVER
|
||||||
1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::GRE Tunnel::DISCOVER
|
1341436424.204043 ClEkJM2Vm5giqnMf4h 10.10.11.2 0 10.10.13.2 0 Tunnel::GRE Tunnel::DISCOVER
|
||||||
#close 2014-01-16-21-51-36
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,14 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-05
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg
|
1055289978.756932 CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CHhAvVGS1DHFjwGM9
|
||||||
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg
|
1055289987.055189 CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CHhAvVGS1DHFjwGM9
|
||||||
1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
|
1055289973.849878 C4J4Th3PJpwUYZZ6gc 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
||||||
1055289973.849878 CCvvfg3TEfuqmmG4bh 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
|
1055289992.849231 CP5puj4I8PtEU4qzYg 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
||||||
1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
|
1055289996.849099 C37jN32gN3y3AZzyf6 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
||||||
1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg
|
1055289968.793044 ClEkJM2Vm5giqnMf4h 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CHhAvVGS1DHFjwGM9
|
||||||
1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg
|
1055289987.106744 CmES5u32sYpV7JYN 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CHhAvVGS1DHFjwGM9
|
||||||
#close 2015-02-23-21-33-05
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path dns
|
#path dns
|
||||||
#open 2016-06-15-03-34-43
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
||||||
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
||||||
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F
|
1055289987.055189 CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F
|
||||||
1055289992.056330 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F
|
1055289992.056330 CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp 48554 - www.gleeble.org 1 C_INTERNET 255 * - - F F T F 0 - - F
|
||||||
#close 2016-06-15-03-34-43
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path ssh
|
#path ssh
|
||||||
#open 2015-03-17-17-42-58
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
|
||||||
#types time string addr port addr port count bool enum string string string string string string string string
|
#types time string addr port addr port count bool enum string string string string string string string string
|
||||||
1055289978.855543 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 2 - - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
|
1055289978.855137 CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 2 - - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
|
||||||
#close 2015-03-17-17-42-59
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2014-01-16-21-51-12
|
#open 2016-07-13-16-13-04
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::GRE Tunnel::DISCOVER
|
1055289968.793044 CHhAvVGS1DHFjwGM9 172.27.1.66 0 66.59.109.137 0 Tunnel::GRE Tunnel::DISCOVER
|
||||||
#close 2014-01-16-21-51-12
|
#close 2016-07-13-16-13-05
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-01-15-18-40-14
|
#open 2016-07-13-16-13-06
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
|
1333458850.321642 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
|
||||||
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty)
|
1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty)
|
||||||
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty)
|
1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty)
|
||||||
#close 2016-01-15-18-40-14
|
#close 2016-07-13-16-13-06
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-05-35-27
|
#open 2016-07-13-16-13-06
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1333458850.340368 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - (empty) - - - - - - FHKKd91EMHBEK0hbdg - application/x-shockwave-flash
|
1333458850.340368 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - (empty) - - - - - - FHKKd91EMHBEK0hbdg - application/x-shockwave-flash
|
||||||
1333458850.399501 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - (empty) - - - - - - Fu64Vqjy6nBop9nRd - application/x-shockwave-flash
|
1333458850.399501 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - (empty) - - - - - - Fu64Vqjy6nBop9nRd - application/x-shockwave-flash
|
||||||
#close 2016-06-15-05-35-27
|
#close 2016-07-13-16-13-06
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,11 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2016-01-15-18-40-14
|
#open 2016-07-13-16-13-06
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.579544 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.579544 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.579544 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.579544 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2016-01-15-18-40-14
|
#close 2016-07-13-16-13-06
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-08
|
#open 2016-07-13-16-13-07
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 (empty)
|
1333458871.219794 CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 (empty)
|
||||||
#close 2015-02-23-21-33-09
|
#close 2016-07-13-16-13-07
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path dns
|
#path dns
|
||||||
#open 2016-06-15-04-11-36
|
#open 2016-07-13-16-13-07
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
|
||||||
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
|
||||||
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp 27595 - abcd.efg.hijklm.nm 1 C_INTERNET 1 A - - F F T F 0 - - F
|
1333458871.219794 CHhAvVGS1DHFjwGM9 10.131.24.6 2152 195.178.38.3 53 udp 27595 - abcd.efg.hijklm.nm 1 C_INTERNET 1 A - - F F T F 0 - - F
|
||||||
#close 2016-06-15-04-11-36
|
#close 2016-07-13-16-13-07
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-09
|
#open 2016-07-13-16-13-08
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg
|
1333458851.770000 ClEkJM2Vm5giqnMf4h fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CHhAvVGS1DHFjwGM9
|
||||||
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 (empty)
|
1333458851.770000 CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 (empty)
|
||||||
1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg
|
1333458851.969236 C4J4Th3PJpwUYZZ6gc fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CHhAvVGS1DHFjwGM9
|
||||||
#close 2015-02-23-21-33-09
|
#close 2016-07-13-16-13-08
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2013-08-26-19-02-17
|
#open 2016-07-13-16-13-08
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458851.770000 CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458851.969236 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458851.969236 CHhAvVGS1DHFjwGM9 118.92.124.41 2152 118.92.124.72 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2013-08-26-19-02-17
|
#close 2016-07-13-16-13-08
|
||||||
|
|
|
||||||
|
|
@ -3,24 +3,24 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-46-35
|
#open 2016-07-13-16-13-08
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C3SfNE4BWaU4aSuwkc
|
1333458850.014199 ClEkJM2Vm5giqnMf4h 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CHhAvVGS1DHFjwGM9
|
||||||
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
1333458850.035456 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
|
||||||
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh
|
1333458850.029783 C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
|
||||||
1333458850.029781 C6pKV8GSxOnSLghOa 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
|
1333458850.040098 C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3
|
||||||
1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 (empty)
|
1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 (empty)
|
||||||
1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 (empty)
|
1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6
|
||||||
1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
||||||
1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
|
1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 (empty)
|
||||||
1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 (empty)
|
1333458850.029781 CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN
|
||||||
1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 (empty)
|
1333458850.032887 C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc
|
||||||
1333458850.040098 CfTOmO0HKorjr8Zp7 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CwSkQu4eWZCH7OONC1
|
1333458850.037956 C9mvWx3ezztgzcexV7 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 Ck51lg1bScffFj34Ri
|
||||||
1333458850.029783 CIPOse170MGiRM1Qf4 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
|
1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 (empty)
|
||||||
1333458850.032887 C7XEbhP654jzLoe3a 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 CCvvfg3TEfuqmmG4bh
|
1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 (empty)
|
||||||
1333458850.014199 CjhGID4nQcgTWjvg4c 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CXWv6p3arKYeMETxOg
|
1333458850.016620 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
|
1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 (empty)
|
||||||
1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4
|
1333458850.016620 CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2
|
||||||
1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
|
1333458850.035456 CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
|
||||||
#close 2016-07-08-21-46-35
|
#close 2016-07-13-16-13-08
|
||||||
|
|
|
||||||
|
|
@ -3,25 +3,25 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2013-08-26-19-02-17
|
#open 2016-07-13-16-13-08
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1333458850.016620 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1333458850.035456 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.043796 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1333458850.043796 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1333458850.043796 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.043796 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1333458850.043796 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.043796 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.043796 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1333458850.043796 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.043796 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
1333458850.043796 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.043796 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1333458850.043796 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1333458850.043796 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2013-08-26-19-02-17
|
#close 2016-07-13-16-13-08
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-12
|
#open 2016-07-13-16-13-09
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 (empty)
|
1333458850.867091 ClEkJM2Vm5giqnMf4h 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 (empty)
|
||||||
1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 (empty)
|
1333458850.532814 CHhAvVGS1DHFjwGM9 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 (empty)
|
||||||
#close 2015-02-23-21-33-12
|
#close 2016-07-13-16-13-09
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-13
|
#open 2016-07-13-16-13-10
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg
|
1333458852.011535 ClEkJM2Vm5giqnMf4h 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CHhAvVGS1DHFjwGM9
|
||||||
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 (empty)
|
1333458852.011535 CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 (empty)
|
||||||
#close 2015-02-23-21-33-13
|
#close 2016-07-13-16-13-10
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2013-08-26-19-02-18
|
#open 2016-07-13-16-13-10
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458852.011535 CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458852.585034 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458852.585034 CHhAvVGS1DHFjwGM9 79.188.154.91 2152 243.149.173.198 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2013-08-26-19-02-18
|
#close 2016-07-13-16-13-10
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-01-15-18-40-15
|
#open 2016-07-13-16-13-10
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg
|
1333458850.364667 ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CHhAvVGS1DHFjwGM9
|
||||||
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty)
|
1333458850.364667 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty)
|
||||||
#close 2016-01-15-18-40-15
|
#close 2016-07-13-16-13-10
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-05-36-15
|
#open 2016-07-13-16-13-10
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1333458850.375568 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 1 GET o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com /videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1 http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf 1.1 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11 0 56320 206 Partial Content - - (empty) - - - - - - FNJkBA1b8FSHt5N8jl - -
|
1333458850.375568 ClEkJM2Vm5giqnMf4h 10.131.47.185 1923 79.101.110.141 80 1 GET o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com /videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1 http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf 1.1 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11 0 56320 206 Partial Content - - (empty) - - - - - - FNJkBA1b8FSHt5N8jl - -
|
||||||
#close 2016-06-15-05-36-15
|
#close 2016-07-13-16-13-10
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2016-01-15-18-40-15
|
#open 2016-07-13-16-13-10
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458850.364667 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458850.434480 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458850.434480 CHhAvVGS1DHFjwGM9 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2016-01-15-18-40-15
|
#close 2016-07-13-16-13-10
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path dpd
|
#path dpd
|
||||||
#open 2015-04-15-23-53-30
|
#open 2016-07-13-16-13-11
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||||
#types time string addr port addr port enum string string
|
#types time string addr port addr port enum string string
|
||||||
1333458853.075889 CXWv6p3arKYeMETxOg 173.86.159.28 2152 213.72.147.186 2152 udp GTPV1 Truncated GTPv1 [0\\xff\\x00\\xac\\x98\\x13\\x01LE\\x00\\x05\\xc8G\\xea@\\x00\\x80\\x06\\xb6\\x83\\x0a\\x83w&\\xd9\\x14\\x9c\\x04\\xd9\\xc2\\x00P\\xddh\\xb4\\x8f41eV...]
|
1333458853.075889 CHhAvVGS1DHFjwGM9 173.86.159.28 2152 213.72.147.186 2152 udp GTPV1 Truncated GTPv1 [0\\xff\\x00\\xac\\x98\\x13\\x01LE\\x00\\x05\\xc8G\\xea@\\x00\\x80\\x06\\xb6\\x83\\x0a\\x83w&\\xd9\\x14\\x9c\\x04\\xd9\\xc2\\x00P\\xddh\\xb4\\x8f41eV...]
|
||||||
#close 2015-04-15-23-53-30
|
#close 2016-07-13-16-13-11
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2015-04-15-23-53-30
|
#open 2016-07-13-16-13-11
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1333458853.034734 CXWv6p3arKYeMETxOg 173.86.159.28 2152 213.72.147.186 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
1333458853.034734 CHhAvVGS1DHFjwGM9 173.86.159.28 2152 213.72.147.186 2152 Tunnel::GTPv1 Tunnel::DISCOVER
|
||||||
1333458853.108391 CXWv6p3arKYeMETxOg 173.86.159.28 2152 213.72.147.186 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
1333458853.108391 CHhAvVGS1DHFjwGM9 173.86.159.28 2152 213.72.147.186 2152 Tunnel::GTPv1 Tunnel::CLOSE
|
||||||
#close 2015-04-15-23-53-30
|
#close 2016-07-13-16-13-11
|
||||||
|
|
|
||||||
|
|
@ -1,22 +1,22 @@
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
||||||
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
||||||
encap: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg], [cid=[orig_h=babe::beef, orig_p=0/unknown, resp_h=dead::babe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CjhGID4nQcgTWjvg4c]]
|
encap: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9], [cid=[orig_h=babe::beef, orig_p=0/unknown, resp_h=dead::babe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=ClEkJM2Vm5giqnMf4h]]
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
||||||
encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=70.55.213.211, orig_p=31337/tcp, resp_h=192.88.99.1, resp_p=80/tcp]
|
conn_id: [orig_h=70.55.213.211, orig_p=31337/tcp, resp_h=192.88.99.1, resp_p=80/tcp]
|
||||||
encap: [[cid=[orig_h=2002:4637:d5d3::4637:d5d3, orig_p=0/unknown, resp_h=2001:4860:0:2001::68, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=2002:4637:d5d3::4637:d5d3, orig_p=0/unknown, resp_h=2001:4860:0:2001::68, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=10.0.0.1, orig_p=30000/udp, resp_h=10.0.0.2, resp_p=13000/udp]
|
conn_id: [orig_h=10.0.0.1, orig_p=30000/udp, resp_h=10.0.0.2, resp_p=13000/udp]
|
||||||
encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
||||||
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
tunnel_changed:
|
tunnel_changed:
|
||||||
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
|
||||||
old: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
old: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
new: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CCvvfg3TEfuqmmG4bh]]
|
new: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=C4J4Th3PJpwUYZZ6gc]]
|
||||||
|
|
|
||||||
|
|
@ -1,33 +1,33 @@
|
||||||
new_connection: tunnel
|
new_connection: tunnel
|
||||||
conn_id: [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
conn_id: [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
encap: [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
encap: [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
NEW_PACKET:
|
NEW_PACKET:
|
||||||
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
[orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
|
||||||
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
|
[[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
|
||||||
|
|
|
||||||
|
|
@ -3,28 +3,28 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-46-39
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
1210953047.736921 ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
||||||
1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
1210953050.867067 C4J4Th3PJpwUYZZ6gc 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 ^fA 1 40 1 40 (empty)
|
||||||
1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 (empty)
|
1210953057.833364 C37jN32gN3y3AZzyf6 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 (empty)
|
||||||
1210953058.007081 CJ3xTn1c4Zw9TmAE05 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 (empty)
|
1210953058.007081 CwjjYJ2WqgTbAqiHl6 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 (empty)
|
||||||
1210953057.834454 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 (empty)
|
1210953057.834454 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 (empty)
|
||||||
1210953058.350065 CMXxB5GvmoxJFXdTa 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 (empty)
|
1210953058.350065 C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 (empty)
|
||||||
1210953058.577231 Caby8b1slFea8xwSmb 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 (empty)
|
1210953058.577231 CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 (empty)
|
||||||
1210953074.264819 CyAhVIzHqb7t7kv28 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 (empty)
|
1210953074.264819 CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 (empty)
|
||||||
1210953061.312379 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 C3SfNE4BWaU4aSuwkc
|
1210953074.570439 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 (empty)
|
||||||
1210953076.058333 Cx2FqO23omNawSNrxj 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
1210953074.057124 CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||||
1210953074.055744 CfTOmO0HKorjr8Zp7 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
1210953061.312379 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
|
||||||
1210953074.057124 CzA03V1VcgagLjnO92 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
1210953076.058333 C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||||
1210953074.570439 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 (empty)
|
1210953074.055744 C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 (empty)
|
||||||
1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 (empty)
|
1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
||||||
1210953060.829233 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 (empty)
|
1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 (empty)
|
||||||
1210953058.933954 Che1bq3i2rO3KD1Syg 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 (empty)
|
1210953058.933954 C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 (empty)
|
||||||
1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
1210953060.829233 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 (empty)
|
||||||
1210953046.591933 CXWv6p3arKYeMETxOg 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 (empty)
|
1210953046.591933 CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 (empty)
|
||||||
1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4
|
1210953052.324629 CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN
|
||||||
1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
|
1210953060.829303 C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
|
||||||
1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4
|
1210953052.202579 CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
|
||||||
#close 2016-07-08-21-46-39
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,11 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-05-36-31
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1210953057.917183 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) 589 0 204 <empty> - - (empty) - - - Fp32SIJztq0Szn5Qc - text/plain - - -
|
1210953057.917183 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) 589 0 204 <empty> - - (empty) - - - Fp32SIJztq0Szn5Qc - text/plain - - -
|
||||||
1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - (empty) - - - - - - FNFYdH11h5iQcoD3a2 - text/html
|
1210953061.585996 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - (empty) - - - - - - FNFYdH11h5iQcoD3a2 - text/html
|
||||||
1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - (empty) - - - - - - FHD5nv1iSVFZVM0aH7 - text/html
|
1210953073.381474 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - (empty) - - - - - - FHD5nv1iSVFZVM0aH7 - text/html
|
||||||
1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - (empty) - - - - - - FS7lUf2cJFAVBCu6w6 - text/html
|
1210953074.674817 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - (empty) - - - - - - FS7lUf2cJFAVBCu6w6 - text/html
|
||||||
#close 2016-06-15-05-36-31
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,13 +3,13 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2016-01-15-18-40-16
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1210953061.292918 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER
|
1210953061.292918 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1210953076.058333 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1210953076.058333 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1210953076.058333 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
1210953076.058333 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1210953076.058333 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1210953076.058333 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
#close 2016-01-15-18-40-16
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,14 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2016-07-08-21-46-55
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a
|
1340127577.354166 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
|
||||||
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 (empty)
|
1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
||||||
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 (empty)
|
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 (empty)
|
||||||
1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 (empty)
|
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 (empty)
|
||||||
1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh
|
1340127577.339015 CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
|
||||||
1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
|
1340127577.343969 CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
|
||||||
1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg
|
1340127577.336558 ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
|
||||||
#close 2016-07-08-21-46-56
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-05-36-42
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - (empty) - - - - - - FWSTWv4EZLVlc2Zywi - text/html
|
1340127577.361683 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - (empty) - - - - - - FWSTWv4EZLVlc2Zywi - text/html
|
||||||
1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - (empty) - - - - - - FGKV3B3jz083xhGO13 - text/html
|
1340127577.379360 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - (empty) - - - - - - FGKV3B3jz083xhGO13 - text/html
|
||||||
#close 2016-06-15-05-36-42
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,13 +3,13 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path tunnel
|
#path tunnel
|
||||||
#open 2016-01-15-18-40-17
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||||
#types time string addr port addr port enum enum
|
#types time string addr port addr port enum enum
|
||||||
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1340127577.351747 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER
|
1340127577.351747 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER
|
||||||
1340127577.406995 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1340127577.406995 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1340127577.406995 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
1340127577.406995 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
1340127577.406995 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
1340127577.406995 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
||||||
#close 2016-01-15-18-40-17
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2016-01-15-18-40-17
|
#open 2016-07-13-16-13-14
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string
|
||||||
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro
|
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro
|
||||||
1340127577.346849 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro
|
1340127577.346849 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro
|
||||||
#close 2016-01-15-18-40-17
|
#close 2016-07-13-16-13-14
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-23-21-33-22
|
#open 2016-07-13-16-13-15
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 (empty)
|
952109346.874907 CHhAvVGS1DHFjwGM9 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 (empty)
|
||||||
1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 (empty)
|
1128727435.450898 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 (empty)
|
||||||
1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
1278600802.069419 C4J4Th3PJpwUYZZ6gc 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
|
||||||
#close 2015-02-23-21-33-22
|
#close 2016-07-13-16-13-15
|
||||||
|
|
|
||||||
|
|
@ -18,9 +18,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path notice
|
#path notice
|
||||||
#open 2015-03-23-18-03-21
|
#open 2016-07-13-16-13-16
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||||
1394745603.293028 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 F1fX1R2cDOzbvg17ye - - tcp SSL::Certificate_Expired Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000 - 192.168.4.149 87.98.220.10 443 - bro Notice::ACTION_EMAIL,Notice::ACTION_LOG 86400.000000 F - - - - -
|
1394745603.293028 CHhAvVGS1DHFjwGM9 192.168.4.149 60539 87.98.220.10 443 F1fX1R2cDOzbvg17ye - - tcp SSL::Certificate_Expired Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000 - 192.168.4.149 87.98.220.10 443 - bro Notice::ACTION_EMAIL,Notice::ACTION_LOG 86400.000000 F - - - - -
|
||||||
#close 2015-03-23-18-03-21
|
#close 2016-07-13-16-13-17
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@
|
||||||
# bro -b -r http/get.trace connection_record_01.bro
|
# bro -b -r http/get.trace connection_record_01.bro
|
||||||
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
||||||
|
|
||||||
}, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
||||||
|
|
||||||
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
|
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@
|
||||||
# bro -b -r http/get.trace connection_record_02.bro
|
# bro -b -r http/get.trace connection_record_02.bro
|
||||||
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
|
||||||
|
|
||||||
}, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
|
||||||
|
|
||||||
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
|
}], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
|
||||||
|
|
||||||
}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={
|
}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@
|
||||||
|
|
||||||
# bro data_struct_record_01.bro
|
# bro data_struct_record_01.bro
|
||||||
Service: dns(RFC1035)
|
Service: dns(RFC1035)
|
||||||
port: 53/tcp
|
|
||||||
port: 53/udp
|
port: 53/udp
|
||||||
|
port: 53/tcp
|
||||||
Service: http(RFC2616)
|
Service: http(RFC2616)
|
||||||
port: 80/tcp
|
|
||||||
port: 8080/tcp
|
port: 8080/tcp
|
||||||
|
port: 80/tcp
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,10 +6,10 @@
|
||||||
|
|
||||||
# bro data_struct_record_02.bro
|
# bro data_struct_record_02.bro
|
||||||
System: morlock
|
System: morlock
|
||||||
Service: dns(RFC1035)
|
|
||||||
port: 53/tcp
|
|
||||||
port: 53/udp
|
|
||||||
Service: http(RFC2616)
|
Service: http(RFC2616)
|
||||||
port: 80/tcp
|
|
||||||
port: 8080/tcp
|
port: 8080/tcp
|
||||||
|
port: 80/tcp
|
||||||
|
Service: dns(RFC1035)
|
||||||
|
port: 53/udp
|
||||||
|
port: 53/tcp
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,12 +5,12 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro data_struct_set_declaration.bro
|
# bro data_struct_set_declaration.bro
|
||||||
SSL Port: 993/tcp
|
|
||||||
SSL Port: 22/tcp
|
SSL Port: 22/tcp
|
||||||
SSL Port: 587/tcp
|
|
||||||
SSL Port: 443/tcp
|
SSL Port: 443/tcp
|
||||||
Non-SSL Port: 143/tcp
|
SSL Port: 587/tcp
|
||||||
Non-SSL Port: 25/tcp
|
SSL Port: 993/tcp
|
||||||
Non-SSL Port: 80/tcp
|
Non-SSL Port: 80/tcp
|
||||||
|
Non-SSL Port: 25/tcp
|
||||||
|
Non-SSL Port: 143/tcp
|
||||||
Non-SSL Port: 23/tcp
|
Non-SSL Port: 23/tcp
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,8 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro -b data_struct_table_complex.bro
|
# bro -b data_struct_table_complex.bro
|
||||||
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
|
||||||
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
|
||||||
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
||||||
|
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
||||||
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
||||||
|
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,8 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro data_struct_table_declaration.bro
|
# bro data_struct_table_declaration.bro
|
||||||
Service Name: IMAPS - Common Port: 993/tcp
|
|
||||||
Service Name: HTTPS - Common Port: 443/tcp
|
|
||||||
Service Name: SSH - Common Port: 22/tcp
|
Service Name: SSH - Common Port: 22/tcp
|
||||||
|
Service Name: HTTPS - Common Port: 443/tcp
|
||||||
Service Name: SMTPS - Common Port: 587/tcp
|
Service Name: SMTPS - Common Port: 587/tcp
|
||||||
|
Service Name: IMAPS - Common Port: 993/tcp
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
# bro -b data_type_const.bro
|
# bro -b data_type_const.bro
|
||||||
{
|
{
|
||||||
[6666/tcp] = IRC,
|
[80/tcp] = WWW,
|
||||||
[80/tcp] = WWW
|
[6666/tcp] = IRC
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,11 +7,11 @@
|
||||||
# bro -r http/get.trace file_analysis_01.bro
|
# bro -r http/get.trace file_analysis_01.bro
|
||||||
file_state_remove
|
file_state_remove
|
||||||
FakNcS1Jfe01uljb3
|
FakNcS1Jfe01uljb3
|
||||||
CXWv6p3arKYeMETxOg
|
CHhAvVGS1DHFjwGM9
|
||||||
[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
|
[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
|
||||||
HTTP
|
HTTP
|
||||||
connection_state_remove
|
connection_state_remove
|
||||||
CXWv6p3arKYeMETxOg
|
CHhAvVGS1DHFjwGM9
|
||||||
[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
|
[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
|
||||||
HTTP
|
HTTP
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,9 +16,9 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path notice
|
#path notice
|
||||||
#open 2014-04-01-22-59-14
|
#open 2016-07-13-16-13-22
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||||
1389654450.449603 CXWv6p3arKYeMETxOg 192.168.56.1 52679 192.168.56.101 80 - - - tcp HTTP::Open_Proxy A local server is acting as an open proxy: 192.168.56.101 - 192.168.56.1 192.168.56.101 80 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
|
1389654450.449603 CHhAvVGS1DHFjwGM9 192.168.56.1 52679 192.168.56.101 80 - - - tcp HTTP::Open_Proxy A local server is acting as an open proxy: 192.168.56.101 - 192.168.56.1 192.168.56.101 80 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
|
||||||
#close 2014-04-01-22-59-15
|
#close 2016-07-13-16-13-22
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,15 +16,15 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path mime_metrics
|
#path mime_metrics
|
||||||
#open 2015-03-14-01-46-11
|
#open 2016-07-13-16-13-23
|
||||||
#fields ts ts_delta mtype uniq_hosts hits bytes
|
#fields ts ts_delta mtype uniq_hosts hits bytes
|
||||||
#types time interval string count count count
|
#types time interval string count count count
|
||||||
|
1389719059.311698 300.000000 image/png 1 9 82176
|
||||||
|
1389719059.311698 300.000000 image/gif 1 1 172
|
||||||
|
1389719059.311698 300.000000 image/x-icon 1 2 2300
|
||||||
1389719059.311698 300.000000 text/html 1 2 42231
|
1389719059.311698 300.000000 text/html 1 2 42231
|
||||||
|
1389719059.311698 300.000000 text/plain 1 15 128001
|
||||||
1389719059.311698 300.000000 image/jpeg 1 1 186859
|
1389719059.311698 300.000000 image/jpeg 1 1 186859
|
||||||
1389719059.311698 300.000000 application/pgp-signature 1 1 836
|
1389719059.311698 300.000000 application/pgp-signature 1 1 836
|
||||||
1389719059.311698 300.000000 text/plain 1 15 128001
|
#close 2016-07-13-16-13-23
|
||||||
1389719059.311698 300.000000 image/gif 1 1 172
|
|
||||||
1389719059.311698 300.000000 image/png 1 9 82176
|
|
||||||
1389719059.311698 300.000000 image/x-icon 1 2 2300
|
|
||||||
#close 2015-03-14-01-46-11
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,15 +16,15 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path conn
|
#path conn
|
||||||
#open 2015-02-24-00-03-50
|
#open 2016-07-13-16-13-24
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
|
||||||
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
1300475167.097012 ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
|
||||||
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
1300475167.099816 C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
|
||||||
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.853899 CmES5u32sYpV7JYN 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
1300475168.854378 CP5puj4I8PtEU4qzYg 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
|
||||||
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
1300475168.854837 C37jN32gN3y3AZzyf6 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
|
||||||
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,10 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro-cut -d ts uid host uri < http.log
|
# bro-cut -d ts uid host uri < http.log
|
||||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
2011-03-18T19:06:08+0000 CUM0KZ3MLUfNB0cl11 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
2011-03-18T19:06:08+0000 CwjjYJ2WqgTbAqiHl6 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
2011-03-18T19:06:08+0000 C3eiCBGOLw3VtHfOj upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
2011-03-18T19:06:08+0000 Ck51lg1bScffFj34Ri upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
2011-03-18T19:06:08+0000 CtxTCR2Yer0FR1tIBg upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,10 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro-cut -u ts uid host uri < http.log
|
# bro-cut -u ts uid host uri < http.log
|
||||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
2011-03-18T19:06:08+0000 CUM0KZ3MLUfNB0cl11 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
2011-03-18T19:06:08+0000 CwjjYJ2WqgTbAqiHl6 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
2011-03-18T19:06:08+0000 C3eiCBGOLw3VtHfOj upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
2011-03-18T19:06:08+0000 Ck51lg1bScffFj34Ri upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
2011-03-18T19:06:08+0000 CtxTCR2Yer0FR1tIBg upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,10 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log
|
# bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log
|
||||||
18-03-2011T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
18-03-2011T19:06:08+0000 CUM0KZ3MLUfNB0cl11 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||||
18-03-2011T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
18-03-2011T19:06:08+0000 CwjjYJ2WqgTbAqiHl6 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||||
18-03-2011T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
18-03-2011T19:06:08+0000 C3eiCBGOLw3VtHfOj upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||||
18-03-2011T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
18-03-2011T19:06:08+0000 Ck51lg1bScffFj34Ri upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||||
18-03-2011T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
18-03-2011T19:06:08+0000 CtxTCR2Yer0FR1tIBg upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,9 @@
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5
|
# cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5
|
||||||
CyAhVIzHqb7t7kv28 734
|
CwjjYJ2WqgTbAqiHl6 734
|
||||||
CkDsfG2YIeWJmXWNWj 734
|
CtxTCR2Yer0FR1tIBg 734
|
||||||
CJ3xTn1c4Zw9TmAE05 734
|
Ck51lg1bScffFj34Ri 734
|
||||||
C3SfNE4BWaU4aSuwkc 734
|
CLNN1k2QMum1aexUK7 734
|
||||||
CzA03V1VcgagLjnO92 733
|
CykQaM33ztNt0csB9a 733
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,6 @@
|
||||||
:linenos:
|
:linenos:
|
||||||
:emphasize-lines: 1,1
|
:emphasize-lines: 1,1
|
||||||
|
|
||||||
# cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a
|
# cat http.log | bro-cut uid id.resp_h method status_code host uri | grep UM0KZ3MLUfNB0cl11
|
||||||
CRJuHdVW0XPVINV8a 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css
|
CUM0KZ3MLUfNB0cl11 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-16-17-47
|
#open 2016-07-13-16-13-42
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1466007465.837581 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
1468426421.247540 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
||||||
#close 2016-06-15-16-17-48
|
#close 2016-07-13-16-13-43
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-16-17-47
|
#open 2016-07-13-16-13-42
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1466007465.837581 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
1468426421.247540 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
||||||
#close 2016-06-15-16-17-48
|
#close 2016-07-13-16-13-43
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-16-17-26
|
#open 2016-07-13-16-13-32
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1466007444.689846 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
1468426411.716196 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
||||||
#close 2016-06-15-16-17-27
|
#close 2016-07-13-16-13-33
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path http
|
#path http
|
||||||
#open 2016-06-15-16-17-25
|
#open 2016-07-13-16-13-32
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
||||||
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
||||||
1466007444.689846 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
1468426411.716196 ClEkJM2Vm5giqnMf4h 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - (empty) - - - - - - - - -
|
||||||
#close 2016-06-15-16-17-27
|
#close 2016-07-13-16-13-33
|
||||||
|
|
|
||||||
|
|
@ -19,13 +19,13 @@ file "test" of string
|
||||||
3
|
3
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[2, DEF] = 102,
|
[1, ABC] = 101,
|
||||||
[3, GHI] = 103,
|
[3, GHI] = 103,
|
||||||
[1, ABC] = 101
|
[2, DEF] = 102
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[12346] = /^?(12345)$?/,
|
[12345] = /^?(12345)$?/,
|
||||||
[12345] = /^?(12345)$?/
|
[12346] = /^?(12345)$?/
|
||||||
}
|
}
|
||||||
42/udp
|
42/udp
|
||||||
[1, 2, 3]
|
[1, 2, 3]
|
||||||
|
|
|
||||||
|
|
@ -19,13 +19,13 @@ file "test" of string
|
||||||
3
|
3
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[2, DEF] = 102,
|
[1, ABC] = 101,
|
||||||
[3, GHI] = 103,
|
[3, GHI] = 103,
|
||||||
[1, ABC] = 101
|
[2, DEF] = 102
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[12346] = /^?(12345)$?/,
|
[12345] = /^?(12345)$?/,
|
||||||
[12345] = /^?(12345)$?/
|
[12346] = /^?(12345)$?/
|
||||||
}
|
}
|
||||||
42/udp
|
42/udp
|
||||||
[1, 2, 3]
|
[1, 2, 3]
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
==== atomic
|
==== atomic
|
||||||
-10
|
-10
|
||||||
2
|
2
|
||||||
1342749196.619505
|
1468426429.288464
|
||||||
2.0 mins
|
2.0 mins
|
||||||
F
|
F
|
||||||
1.5
|
1.5
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
==== atomic a 1 ====
|
==== atomic a 1 ====
|
||||||
-4L -4
|
-4L -4
|
||||||
42 42
|
42 42
|
||||||
1342749196.6624
|
1468426429.2942
|
||||||
60.0
|
60.0
|
||||||
True True
|
True True
|
||||||
3.14
|
3.14
|
||||||
|
|
@ -14,7 +14,7 @@ True True
|
||||||
==== atomic a 2 ====
|
==== atomic a 2 ====
|
||||||
-10L -10
|
-10L -10
|
||||||
2 2
|
2 2
|
||||||
1342749196.6195
|
1468426429.2885
|
||||||
120.0
|
120.0
|
||||||
False False
|
False False
|
||||||
1.5
|
1.5
|
||||||
|
|
@ -27,7 +27,7 @@ False False
|
||||||
==== atomic b 2 ====
|
==== atomic b 2 ====
|
||||||
-10L -10
|
-10L -10
|
||||||
<broccoli.count instance at > 2
|
<broccoli.count instance at > 2
|
||||||
<broccoli.time instance at > 1342749196.6195
|
<broccoli.time instance at > 1468426429.2885
|
||||||
<broccoli.interval instance at > 120.0
|
<broccoli.interval instance at > 120.0
|
||||||
False False
|
False False
|
||||||
1.5
|
1.5
|
||||||
|
|
|
||||||
|
|
@ -13,20 +13,20 @@ file "test2" of string
|
||||||
/^?(abbcdefgh)$?/
|
/^?(abbcdefgh)$?/
|
||||||
{
|
{
|
||||||
2,
|
2,
|
||||||
4,
|
|
||||||
6,
|
6,
|
||||||
|
4,
|
||||||
5,
|
5,
|
||||||
3
|
3
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[2, DEF] = 103,
|
|
||||||
[3, GHI] = 103,
|
[3, GHI] = 103,
|
||||||
|
[2, DEF] = 103,
|
||||||
[4, JKL] = 104
|
[4, JKL] = 104
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[12346] = /^?(12345)$?/,
|
|
||||||
[6767] = /^?(QWERTZ)$?/,
|
[6767] = /^?(QWERTZ)$?/,
|
||||||
[12345] = /^?(12345)$?/
|
[12345] = /^?(12345)$?/,
|
||||||
|
[12346] = /^?(12345)$?/
|
||||||
}
|
}
|
||||||
6667/tcp
|
6667/tcp
|
||||||
[2, 20, 3, 4]
|
[2, 20, 3, 4]
|
||||||
|
|
|
||||||
|
|
@ -13,20 +13,20 @@ file "test2" of string
|
||||||
/^?(abbcdefgh)$?/
|
/^?(abbcdefgh)$?/
|
||||||
{
|
{
|
||||||
2,
|
2,
|
||||||
4,
|
|
||||||
6,
|
6,
|
||||||
|
4,
|
||||||
5,
|
5,
|
||||||
3
|
3
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[2, DEF] = 103,
|
|
||||||
[3, GHI] = 103,
|
[3, GHI] = 103,
|
||||||
|
[2, DEF] = 103,
|
||||||
[4, JKL] = 104
|
[4, JKL] = 104
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
[12346] = /^?(12345)$?/,
|
|
||||||
[6767] = /^?(QWERTZ)$?/,
|
[6767] = /^?(QWERTZ)$?/,
|
||||||
[12345] = /^?(12345)$?/
|
[12345] = /^?(12345)$?/,
|
||||||
|
[12346] = /^?(12345)$?/
|
||||||
}
|
}
|
||||||
6667/tcp
|
6667/tcp
|
||||||
[2, 20, 3, 4]
|
[2, 20, 3, 4]
|
||||||
|
|
|
||||||
|
|
@ -1,44 +1,44 @@
|
||||||
{
|
{
|
||||||
|
[3/tcp] = 3,
|
||||||
[2/tcp] = 2,
|
[2/tcp] = 2,
|
||||||
[1/tcp] = 1,
|
[1/tcp] = 1
|
||||||
[3/tcp] = 3
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
[3/tcp] = 3,
|
||||||
[2/tcp] = 2,
|
[2/tcp] = 2,
|
||||||
[1/tcp] = 1,
|
[1/tcp] = 1
|
||||||
[3/tcp] = 3
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
3/tcp,
|
||||||
2/tcp,
|
2/tcp,
|
||||||
1/tcp,
|
1/tcp
|
||||||
3/tcp
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
3/tcp,
|
||||||
2/tcp,
|
2/tcp,
|
||||||
1/tcp,
|
1/tcp
|
||||||
3/tcp
|
|
||||||
}
|
}
|
||||||
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
||||||
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
||||||
{
|
{
|
||||||
|
[3/tcp] = 3,
|
||||||
[2/tcp] = 2,
|
[2/tcp] = 2,
|
||||||
[1/tcp] = 1,
|
[1/tcp] = 1
|
||||||
[3/tcp] = 3
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
[3/tcp] = 3,
|
||||||
[2/tcp] = 2,
|
[2/tcp] = 2,
|
||||||
[1/tcp] = 1,
|
[1/tcp] = 1
|
||||||
[3/tcp] = 3
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
3/tcp,
|
||||||
2/tcp,
|
2/tcp,
|
||||||
1/tcp,
|
1/tcp
|
||||||
3/tcp
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
3/tcp,
|
||||||
2/tcp,
|
2/tcp,
|
||||||
1/tcp,
|
1/tcp
|
||||||
3/tcp
|
|
||||||
}
|
}
|
||||||
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
||||||
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue