mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
GH-1184: Add 'source' field to weird log denoting where the weird was reported
This commit is contained in:
Tim Wojtulewicz
parent
eccbbb4476
commit
e27008ef26
72 changed files with 964 additions and 890 deletions
2
doc
2
doc
|
|
@ -1 +1 @@
|
||||||
Subproject commit cf54d5ce4131eb1e41ce108dc297116275ff02f7
|
Subproject commit 53208a715f76067e56d7897ac3bbf67aefab72fe
|
||||||
|
|
@ -54,6 +54,10 @@ export {
|
||||||
## trouble to help identify which node is having trouble.
|
## trouble to help identify which node is having trouble.
|
||||||
peer: string &log &optional &default=peer_description;
|
peer: string &log &optional &default=peer_description;
|
||||||
|
|
||||||
|
## The source of the weird. When reported by an analyzer, this
|
||||||
|
## should be the name of the analyzer.
|
||||||
|
source: string &log &optional;
|
||||||
|
|
||||||
## This field is to be provided when a weird is generated for
|
## This field is to be provided when a weird is generated for
|
||||||
## the purpose of deduplicating weirds. The identifier string
|
## the purpose of deduplicating weirds. The identifier string
|
||||||
## should be unique for a single instance of the weird. This field
|
## should be unique for a single instance of the weird. This field
|
||||||
|
|
@ -400,16 +404,19 @@ function weird(w: Weird::Info)
|
||||||
}
|
}
|
||||||
|
|
||||||
# The following events come from core generated weirds typically.
|
# The following events come from core generated weirds typically.
|
||||||
event conn_weird(name: string, c: connection, addl: string)
|
event conn_weird(name: string, c: connection, addl: string, source: string)
|
||||||
{
|
{
|
||||||
local i = Info($ts=network_time(), $name=name, $conn=c, $identifier=id_string(c$id));
|
local i = Info($ts=network_time(), $name=name, $conn=c, $identifier=id_string(c$id));
|
||||||
if ( addl != "" )
|
if ( addl != "" )
|
||||||
i$addl = addl;
|
i$addl = addl;
|
||||||
|
|
||||||
|
if ( source != "" )
|
||||||
|
i$source = source;
|
||||||
|
|
||||||
weird(i);
|
weird(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
|
event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string, source: string)
|
||||||
{
|
{
|
||||||
local i = Info($ts=network_time(), $name=name, $uid=uid, $id=id,
|
local i = Info($ts=network_time(), $name=name, $uid=uid, $id=id,
|
||||||
$identifier=id_string(id));
|
$identifier=id_string(id));
|
||||||
|
|
@ -417,10 +424,13 @@ event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
|
||||||
if ( addl != "" )
|
if ( addl != "" )
|
||||||
i$addl = addl;
|
i$addl = addl;
|
||||||
|
|
||||||
|
if ( source != "" )
|
||||||
|
i$source = source;
|
||||||
|
|
||||||
weird(i);
|
weird(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
event flow_weird(name: string, src: addr, dst: addr, addl: string)
|
event flow_weird(name: string, src: addr, dst: addr, addl: string, source: string)
|
||||||
{
|
{
|
||||||
# We add the source and destination as port 0/unknown because that is
|
# We add the source and destination as port 0/unknown because that is
|
||||||
# what fits best here.
|
# what fits best here.
|
||||||
|
|
@ -432,25 +442,34 @@ event flow_weird(name: string, src: addr, dst: addr, addl: string)
|
||||||
if ( addl != "" )
|
if ( addl != "" )
|
||||||
i$addl = addl;
|
i$addl = addl;
|
||||||
|
|
||||||
|
if ( source != "" )
|
||||||
|
i$source = source;
|
||||||
|
|
||||||
weird(i);
|
weird(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
event net_weird(name: string, addl: string)
|
event net_weird(name: string, addl: string, source: string)
|
||||||
{
|
{
|
||||||
local i = Info($ts=network_time(), $name=name);
|
local i = Info($ts=network_time(), $name=name);
|
||||||
|
|
||||||
if ( addl != "" )
|
if ( addl != "" )
|
||||||
i$addl = addl;
|
i$addl = addl;
|
||||||
|
|
||||||
|
if ( source != "" )
|
||||||
|
i$source = source;
|
||||||
|
|
||||||
weird(i);
|
weird(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
event file_weird(name: string, f: fa_file, addl: string)
|
event file_weird(name: string, f: fa_file, addl: string, source: string)
|
||||||
{
|
{
|
||||||
local i = Info($ts=network_time(), $name=name, $addl=f$id);
|
local i = Info($ts=network_time(), $name=name, $addl=f$id);
|
||||||
|
|
||||||
if ( addl != "" )
|
if ( addl != "" )
|
||||||
i$addl += fmt(": %s", addl);
|
i$addl += fmt(": %s", addl);
|
||||||
|
|
||||||
|
if ( source != "" )
|
||||||
|
i$source = source;
|
||||||
|
|
||||||
weird(i);
|
weird(i);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -530,10 +530,10 @@ void Connection::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a,
|
||||||
event_mgr.Enqueue(f, std::move(args), util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this);
|
event_mgr.Enqueue(f, std::move(args), util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Connection::Weird(const char* name, const char* addl)
|
void Connection::Weird(const char* name, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
weird = 1;
|
weird = 1;
|
||||||
reporter->Weird(this, name, addl ? addl : "");
|
reporter->Weird(this, name, addl ? addl : "", source ? source : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
void Connection::AddTimer(timer_func timer, double t, bool do_expire,
|
void Connection::AddTimer(timer_func timer, double t, bool do_expire,
|
||||||
|
|
|
||||||
|
|
@ -238,7 +238,7 @@ public:
|
||||||
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
|
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
|
||||||
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
|
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
|
||||||
|
|
||||||
void Weird(const char* name, const char* addl = "");
|
void Weird(const char* name, const char* addl = "", const char* source = "");
|
||||||
bool DidWeird() const { return weird != 0; }
|
bool DidWeird() const { return weird != 0; }
|
||||||
|
|
||||||
// Cancel all associated timers.
|
// Cancel all associated timers.
|
||||||
|
|
|
||||||
|
|
@ -396,7 +396,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Reporter::Weird(const char* name, const char* addl)
|
void Reporter::Weird(const char* name, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
UpdateWeirdStats(name);
|
UpdateWeirdStats(name);
|
||||||
|
|
||||||
|
|
@ -406,10 +406,10 @@ void Reporter::Weird(const char* name, const char* addl)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
WeirdHelper(net_weird, {new StringVal(addl)}, "%s", name);
|
WeirdHelper(net_weird, {new StringVal(addl), new StringVal(source)}, "%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
|
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
UpdateWeirdStats(name);
|
UpdateWeirdStats(name);
|
||||||
|
|
||||||
|
|
@ -424,11 +424,11 @@ void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl)},
|
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl), new StringVal(source)},
|
||||||
"%s", name);
|
"%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Reporter::Weird(Connection* conn, const char* name, const char* addl)
|
void Reporter::Weird(Connection* conn, const char* name, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
UpdateWeirdStats(name);
|
UpdateWeirdStats(name);
|
||||||
|
|
||||||
|
|
@ -443,12 +443,12 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)},
|
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl), new StringVal(source)},
|
||||||
"%s", name);
|
"%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
|
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid, const char* name,
|
||||||
const char* name, const char* addl)
|
const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
UpdateWeirdStats(name);
|
UpdateWeirdStats(name);
|
||||||
|
|
||||||
|
|
@ -463,11 +463,11 @@ void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
|
||||||
}
|
}
|
||||||
|
|
||||||
WeirdHelper(expired_conn_weird,
|
WeirdHelper(expired_conn_weird,
|
||||||
{conn_id.release(), uid.release(), new StringVal(addl)},
|
{conn_id.release(), uid.release(), new StringVal(addl), new StringVal(source)},
|
||||||
"%s", name);
|
"%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl)
|
void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
UpdateWeirdStats(name);
|
UpdateWeirdStats(name);
|
||||||
|
|
||||||
|
|
@ -482,7 +482,7 @@ void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, c
|
||||||
}
|
}
|
||||||
|
|
||||||
WeirdHelper(flow_weird,
|
WeirdHelper(flow_weird,
|
||||||
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl)},
|
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl), new StringVal(source)},
|
||||||
"%s", name);
|
"%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -95,12 +95,15 @@ public:
|
||||||
|
|
||||||
// Report a traffic weirdness, i.e., an unexpected protocol situation
|
// Report a traffic weirdness, i.e., an unexpected protocol situation
|
||||||
// that may lead to incorrectly processing a connnection.
|
// that may lead to incorrectly processing a connnection.
|
||||||
void Weird(const char* name, const char* addl = ""); // Raises net_weird().
|
void Weird(const char* name, const char* addl = "", const char* source = ""); // Raises net_weird().
|
||||||
void Weird(file_analysis::File* f, const char* name, const char* addl = ""); // Raises file_weird().
|
void Weird(file_analysis::File* f, const char* name,
|
||||||
void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird().
|
const char* addl = "", const char* source = ""); // Raises file_weird().
|
||||||
|
void Weird(Connection* conn, const char* name,
|
||||||
|
const char* addl = "", const char* source = ""); // Raises conn_weird().
|
||||||
void Weird(RecordValPtr conn_id, StringValPtr uid,
|
void Weird(RecordValPtr conn_id, StringValPtr uid,
|
||||||
const char* name, const char* addl = ""); // Raises expired_conn_weird().
|
const char* name, const char* addl = "", const char* source = ""); // Raises expired_conn_weird().
|
||||||
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
|
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name,
|
||||||
|
const char* addl = "", const char* source = ""); // Raises flow_weird().
|
||||||
|
|
||||||
// Syslog a message. This methods does nothing if we're running
|
// Syslog a message. This methods does nothing if we're running
|
||||||
// offline from a trace.
|
// offline from a trace.
|
||||||
|
|
|
||||||
|
|
@ -681,7 +681,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
|
void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl, const char* source)
|
||||||
{
|
{
|
||||||
const char* weird_name = name;
|
const char* weird_name = name;
|
||||||
|
|
||||||
|
|
@ -694,12 +694,12 @@ void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
|
||||||
|
|
||||||
if ( pkt->ip_hdr )
|
if ( pkt->ip_hdr )
|
||||||
{
|
{
|
||||||
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl);
|
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl, source);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
reporter->Weird(weird_name, addl);
|
reporter->Weird(weird_name, addl, source);
|
||||||
}
|
}
|
||||||
|
|
||||||
void NetSessions::Weird(const char* name, const IP_Hdr* ip, const char* addl)
|
void NetSessions::Weird(const char* name, const IP_Hdr* ip, const char* addl)
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,7 @@ public:
|
||||||
void GetStats(SessionStats& s) const;
|
void GetStats(SessionStats& s) const;
|
||||||
|
|
||||||
void Weird(const char* name, const Packet* pkt,
|
void Weird(const char* name, const Packet* pkt,
|
||||||
const char* addl = "");
|
const char* addl = "", const char* source = "");
|
||||||
void Weird(const char* name, const IP_Hdr* ip,
|
void Weird(const char* name, const IP_Hdr* ip,
|
||||||
const char* addl = "");
|
const char* addl = "");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -838,7 +838,7 @@ void Analyzer::EnqueueConnEvent(EventHandlerPtr f, Args args)
|
||||||
|
|
||||||
void Analyzer::Weird(const char* name, const char* addl)
|
void Analyzer::Weird(const char* name, const char* addl)
|
||||||
{
|
{
|
||||||
conn->Weird(name, addl);
|
conn->Weird(name, addl, GetAnalyzerName());
|
||||||
}
|
}
|
||||||
|
|
||||||
SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const
|
SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ flow AYIYA_Flow
|
||||||
|
|
||||||
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(c, "tunnel_depth");
|
connection()->zeek_analyzer()->Weird("tunnel_depth");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -34,7 +34,7 @@ flow AYIYA_Flow
|
||||||
if ( ${pdu.next_header} != IPPROTO_IPV6 &&
|
if ( ${pdu.next_header} != IPPROTO_IPV6 &&
|
||||||
${pdu.next_header} != IPPROTO_IPV4 )
|
${pdu.next_header} != IPPROTO_IPV4 )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(c, "ayiya_tunnel_non_ip");
|
connection()->zeek_analyzer()->Weird("ayiya_tunnel_non_ip");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,8 @@ void BitTorrent_Analyzer::EndpointEOF(bool is_orig)
|
||||||
void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
|
void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
|
||||||
{
|
{
|
||||||
if ( bittorrent_peer_weird )
|
if ( bittorrent_peer_weird )
|
||||||
|
|
||||||
|
// TODO: why does bittorrent have a different set of weirds?
|
||||||
EnqueueConnEvent(bittorrent_peer_weird,
|
EnqueueConnEvent(bittorrent_peer_weird,
|
||||||
ConnVal(),
|
ConnVal(),
|
||||||
val_mgr->Bool(orig),
|
val_mgr->Bool(orig),
|
||||||
|
|
|
||||||
|
|
@ -190,8 +190,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
||||||
if ( it != fb.end() )
|
if ( it != fb.end() )
|
||||||
{
|
{
|
||||||
// We already had a first frag earlier.
|
// We already had a first frag earlier.
|
||||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
connection()->zeek_analyzer()->Weird("multiple_first_fragments_in_dce_rpc_reassembly");
|
||||||
"multiple_first_fragments_in_dce_rpc_reassembly");
|
|
||||||
connection()->zeek_analyzer()->SetSkip(true);
|
connection()->zeek_analyzer()->SetSkip(true);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -212,15 +211,13 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
||||||
|
|
||||||
if ( fb.size() > zeek::BifConst::DCE_RPC::max_cmd_reassembly )
|
if ( fb.size() > zeek::BifConst::DCE_RPC::max_cmd_reassembly )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
connection()->zeek_analyzer()->Weird("too_many_dce_rpc_msgs_in_reassembly");
|
||||||
"too_many_dce_rpc_msgs_in_reassembly");
|
|
||||||
connection()->zeek_analyzer()->SetSkip(true);
|
connection()->zeek_analyzer()->SetSkip(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
|
||||||
"too_much_dce_rpc_fragment_data");
|
|
||||||
connection()->zeek_analyzer()->SetSkip(true);
|
connection()->zeek_analyzer()->SetSkip(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -235,8 +232,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
||||||
|
|
||||||
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
|
||||||
"too_much_dce_rpc_fragment_data");
|
|
||||||
connection()->zeek_analyzer()->SetSkip(true);
|
connection()->zeek_analyzer()->SetSkip(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -655,7 +655,7 @@ flow GTPv1_Flow(is_orig: bool)
|
||||||
|
|
||||||
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(c, "tunnel_depth");
|
a->Weird("tunnel_depth");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1262,11 +1262,11 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
bad_http_request_with_version:
|
bad_http_request_with_version:
|
||||||
reporter->Weird(Conn(), "bad_HTTP_request_with_version");
|
Weird("bad_HTTP_request_with_version");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
reporter->Weird(Conn(), "bad_HTTP_request");
|
Weird("bad_HTTP_request");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ refine connection IMAP_Conn += {
|
||||||
if ( is_orig && commands == "starttls" )
|
if ( is_orig && commands == "starttls" )
|
||||||
{
|
{
|
||||||
if ( !client_starttls_id.empty() )
|
if ( !client_starttls_id.empty() )
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: client sent duplicate StartTLS");
|
zeek_analyzer()->Weird("IMAP: client sent duplicate StartTLS");
|
||||||
|
|
||||||
client_starttls_id = tags;
|
client_starttls_id = tags;
|
||||||
}
|
}
|
||||||
|
|
@ -48,7 +48,7 @@ refine connection IMAP_Conn += {
|
||||||
zeek::BifEvent::enqueue_imap_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
zeek::BifEvent::enqueue_imap_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: server refused StartTLS");
|
zeek_analyzer()->Weird("IMAP: server refused StartTLS");
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -539,7 +539,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ( Conn()->FlagEvent(SINGULAR_LF) )
|
if ( Conn()->FlagEvent(SINGULAR_LF) )
|
||||||
Conn()->Weird("line_terminated_with_single_LF");
|
Weird("line_terminated_with_single_LF");
|
||||||
buf[offset++] = c;
|
buf[offset++] = c;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -96,7 +96,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
|
||||||
case RSH_PRESUMED_REJECTED:
|
case RSH_PRESUMED_REJECTED:
|
||||||
if ( state == RSH_PRESUMED_REJECTED )
|
if ( state == RSH_PRESUMED_REJECTED )
|
||||||
{
|
{
|
||||||
Conn()->Weird("rsh_text_after_rejected");
|
Weird("rsh_text_after_rejected");
|
||||||
state = RSH_UNKNOWN;
|
state = RSH_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -140,7 +140,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
|
||||||
|
|
||||||
void Contents_Rsh_Analyzer::BadProlog()
|
void Contents_Rsh_Analyzer::BadProlog()
|
||||||
{
|
{
|
||||||
Conn()->Weird("bad_rsh_prolog");
|
Weird("bad_rsh_prolog");
|
||||||
state = RSH_UNKNOWN;
|
state = RSH_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -161,7 +161,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
|
||||||
if ( state == RLOGIN_LINE_MODE &&
|
if ( state == RLOGIN_LINE_MODE &&
|
||||||
peer->state == RLOGIN_PRESUMED_REJECTED )
|
peer->state == RLOGIN_PRESUMED_REJECTED )
|
||||||
{
|
{
|
||||||
Conn()->Weird("rlogin_text_after_rejected");
|
Weird("rlogin_text_after_rejected");
|
||||||
state = RLOGIN_UNKNOWN;
|
state = RLOGIN_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -203,7 +203,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
|
||||||
|
|
||||||
void Contents_Rlogin_Analyzer::BadProlog()
|
void Contents_Rlogin_Analyzer::BadProlog()
|
||||||
{
|
{
|
||||||
Conn()->Weird("bad_rlogin_prolog");
|
Weird("bad_rlogin_prolog");
|
||||||
state = RLOGIN_UNKNOWN;
|
state = RLOGIN_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -175,13 +175,13 @@ refine connection SOCKS_Conn += {
|
||||||
|
|
||||||
function socks5_unsupported_authentication_method(auth_method: uint8): bool
|
function socks5_unsupported_authentication_method(auth_method: uint8): bool
|
||||||
%{
|
%{
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
|
zeek_analyzer()->Weird("socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
|
||||||
return true;
|
return true;
|
||||||
%}
|
%}
|
||||||
|
|
||||||
function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool
|
function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool
|
||||||
%{
|
%{
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
|
zeek_analyzer()->Weird("socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
|
||||||
return true;
|
return true;
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,8 @@
|
||||||
|
|
||||||
if ( cert.length() <= 0 )
|
if ( cert.length() <= 0 )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate");
|
zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate", "",
|
||||||
|
zeek_analyzer()->GetAnalyzerName());
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -322,7 +322,7 @@ refine connection Handshake_Conn += {
|
||||||
}
|
}
|
||||||
else if ( response.length() == 0 )
|
else if ( response.length() == 0 )
|
||||||
{
|
{
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "SSL_zero_length_stapled_OCSP_message");
|
zeek_analyzer()->Weird("SSL_zero_length_stapled_OCSP_message");
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -263,7 +263,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_LF) )
|
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_LF) )
|
||||||
Conn()->Weird("line_terminated_with_single_LF");
|
Weird("line_terminated_with_single_LF");
|
||||||
buf[offset++] = c;
|
buf[offset++] = c;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -282,7 +282,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
|
||||||
|
|
||||||
if ( last_char == '\r' )
|
if ( last_char == '\r' )
|
||||||
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_CR) )
|
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_CR) )
|
||||||
Conn()->Weird("line_terminated_with_single_CR");
|
Weird("line_terminated_with_single_CR");
|
||||||
|
|
||||||
last_char = c;
|
last_char = c;
|
||||||
}
|
}
|
||||||
|
|
@ -312,7 +312,7 @@ void ContentLine_Analyzer::CheckNUL()
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ( ! suppress_weirds && Conn()->FlagEvent(NUL_IN_LINE) )
|
if ( ! suppress_weirds && Conn()->FlagEvent(NUL_IN_LINE) )
|
||||||
Conn()->Weird("NUL_in_line");
|
Weird("NUL_in_line");
|
||||||
flag_NULs = false;
|
flag_NULs = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -461,20 +461,20 @@ static void update_window(TCP_Endpoint* endpoint, unsigned int window,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void syn_weirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len)
|
void TCP_Analyzer::SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const
|
||||||
{
|
{
|
||||||
if ( flags.RST() )
|
if ( flags.RST() )
|
||||||
endpoint->Conn()->Weird("TCP_christmas");
|
endpoint->Conn()->Weird("TCP_christmas", "", GetAnalyzerName());
|
||||||
|
|
||||||
if ( flags.URG() )
|
if ( flags.URG() )
|
||||||
endpoint->Conn()->Weird("baroque_SYN");
|
endpoint->Conn()->Weird("baroque_SYN", "", GetAnalyzerName());
|
||||||
|
|
||||||
if ( data_len > 0 )
|
if ( data_len > 0 )
|
||||||
// Not technically wrong according to RFC 793, but the other side
|
// Not technically wrong according to RFC 793, but the other side
|
||||||
// would be forced to buffer data until the handshake succeeds, and
|
// would be forced to buffer data until the handshake succeeds, and
|
||||||
// that could be bad in some cases, e.g. SYN floods.
|
// that could be bad in some cases, e.g. SYN floods.
|
||||||
// T/TCP definitely complicates this.
|
// T/TCP definitely complicates this.
|
||||||
endpoint->Conn()->Weird("SYN_with_data");
|
endpoint->Conn()->Weird("SYN_with_data", "", GetAnalyzerName());
|
||||||
}
|
}
|
||||||
|
|
||||||
void TCP_Analyzer::UpdateInactiveState(double t,
|
void TCP_Analyzer::UpdateInactiveState(double t,
|
||||||
|
|
@ -1097,7 +1097,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
||||||
|
|
||||||
if ( flags.SYN() )
|
if ( flags.SYN() )
|
||||||
{
|
{
|
||||||
syn_weirds(flags, endpoint, len);
|
SynWeirds(flags, endpoint, len);
|
||||||
RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp);
|
RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp);
|
||||||
init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(),
|
init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(),
|
||||||
base_seq, ack_seq);
|
base_seq, ack_seq);
|
||||||
|
|
|
||||||
|
|
@ -167,6 +167,9 @@ protected:
|
||||||
static int get_segment_len(int payload_len, TCP_Flags flags);
|
static int get_segment_len(int payload_len, TCP_Flags flags);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
|
void SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const;
|
||||||
|
|
||||||
TCP_Endpoint* orig;
|
TCP_Endpoint* orig;
|
||||||
TCP_Endpoint* resp;
|
TCP_Endpoint* resp;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ public:
|
||||||
void Weird(const char* name, bool force = false) const
|
void Weird(const char* name, bool force = false) const
|
||||||
{
|
{
|
||||||
if ( ProtocolConfirmed() || force )
|
if ( ProtocolConfirmed() || force )
|
||||||
reporter->Weird(Conn(), name);
|
reporter->Weird(Conn(), name, "", GetAnalyzerName());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
|
||||||
|
|
||||||
if ( outer && outer->Depth() >= BifConst::Tunnel::max_depth )
|
if ( outer && outer->Depth() >= BifConst::Tunnel::max_depth )
|
||||||
{
|
{
|
||||||
reporter->Weird(Conn(), "tunnel_depth");
|
Weird("tunnel_depth");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ refine connection XMPP_Conn += {
|
||||||
zeek::BifEvent::enqueue_xmpp_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
zeek::BifEvent::enqueue_xmpp_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
||||||
}
|
}
|
||||||
else if ( !is_orig && token == "proceed" )
|
else if ( !is_orig && token == "proceed" )
|
||||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "XMPP: proceed without starttls");
|
zeek_analyzer()->Weird("XMPP: proceed without starttls");
|
||||||
|
|
||||||
// printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
|
// printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -453,12 +453,16 @@ event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%);
|
||||||
##
|
##
|
||||||
## addl: Optional additional context further describing the situation.
|
## addl: Optional additional context further describing the situation.
|
||||||
##
|
##
|
||||||
|
## source: Optional source for the weird. When called by analyzers, this should
|
||||||
|
## be filled in with the name of the analyzer.
|
||||||
|
##
|
||||||
## .. zeek:see:: flow_weird net_weird file_weird expired_conn_weird
|
## .. zeek:see:: flow_weird net_weird file_weird expired_conn_weird
|
||||||
##
|
##
|
||||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||||
## than one would intuitively expect. While in principle, any protocol
|
## than one would intuitively expect. While in principle, any protocol
|
||||||
## violation could be an attack attempt, it's much more likely that an
|
## violation could be an attack attempt, it's much more likely that an
|
||||||
## endpoint's implementation interprets an RFC quite liberally.
|
## endpoint's implementation interprets an RFC quite liberally.
|
||||||
|
event conn_weird%(name: string, c: connection, addl: string, source: string%);
|
||||||
event conn_weird%(name: string, c: connection, addl: string%);
|
event conn_weird%(name: string, c: connection, addl: string%);
|
||||||
|
|
||||||
## Generated for unexpected activity related to a specific connection whose
|
## Generated for unexpected activity related to a specific connection whose
|
||||||
|
|
@ -482,12 +486,16 @@ event conn_weird%(name: string, c: connection, addl: string%);
|
||||||
##
|
##
|
||||||
## addl: Optional additional context further describing the situation.
|
## addl: Optional additional context further describing the situation.
|
||||||
##
|
##
|
||||||
|
## source: Optional source for the weird. When called by analyzers, this should
|
||||||
|
## be filled in with the name of the analyzer.
|
||||||
|
##
|
||||||
## .. zeek:see:: flow_weird net_weird file_weird conn_weird
|
## .. zeek:see:: flow_weird net_weird file_weird conn_weird
|
||||||
##
|
##
|
||||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||||
## than one would intuitively expect. While in principle, any protocol
|
## than one would intuitively expect. While in principle, any protocol
|
||||||
## violation could be an attack attempt, it's much more likely that an
|
## violation could be an attack attempt, it's much more likely that an
|
||||||
## endpoint's implementation interprets an RFC quite liberally.
|
## endpoint's implementation interprets an RFC quite liberally.
|
||||||
|
event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string, source: string%);
|
||||||
event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%);
|
event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%);
|
||||||
|
|
||||||
## Generated for unexpected activity related to a pair of hosts, but independent
|
## Generated for unexpected activity related to a pair of hosts, but independent
|
||||||
|
|
@ -507,12 +515,16 @@ event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%)
|
||||||
##
|
##
|
||||||
## addl: Optional additional context further describing the situation.
|
## addl: Optional additional context further describing the situation.
|
||||||
##
|
##
|
||||||
|
## source: Optional source for the weird. When called by analyzers, this should
|
||||||
|
## be filled in with the name of the analyzer.
|
||||||
|
##
|
||||||
## .. zeek:see:: conn_weird net_weird file_weird expired_conn_weird
|
## .. zeek:see:: conn_weird net_weird file_weird expired_conn_weird
|
||||||
##
|
##
|
||||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||||
## than one would intuitively expect. While in principle, any protocol
|
## than one would intuitively expect. While in principle, any protocol
|
||||||
## violation could be an attack attempt, it's much more likely that an
|
## violation could be an attack attempt, it's much more likely that an
|
||||||
## endpoint's implementation interprets an RFC quite liberally.
|
## endpoint's implementation interprets an RFC quite liberally.
|
||||||
|
event flow_weird%(name: string, src: addr, dst: addr, addl: string, source: string%);
|
||||||
event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
|
event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
|
||||||
|
|
||||||
## Generated for unexpected activity that is not tied to a specific connection
|
## Generated for unexpected activity that is not tied to a specific connection
|
||||||
|
|
@ -527,12 +539,16 @@ event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
|
||||||
##
|
##
|
||||||
## addl: Optional additional context further describing the situation.
|
## addl: Optional additional context further describing the situation.
|
||||||
##
|
##
|
||||||
|
## source: Optional source for the weird. When called by analyzers, this should
|
||||||
|
## be filled in with the name of the analyzer.
|
||||||
|
##
|
||||||
## .. zeek:see:: flow_weird file_weird conn_weird expired_conn_weird
|
## .. zeek:see:: flow_weird file_weird conn_weird expired_conn_weird
|
||||||
##
|
##
|
||||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||||
## than one would intuitively expect. While in principle, any protocol
|
## than one would intuitively expect. While in principle, any protocol
|
||||||
## violation could be an attack attempt, it's much more likely that an
|
## violation could be an attack attempt, it's much more likely that an
|
||||||
## endpoint's implementation interprets an RFC quite liberally.
|
## endpoint's implementation interprets an RFC quite liberally.
|
||||||
|
event net_weird%(name: string, addl: string, source: string%);
|
||||||
event net_weird%(name: string, addl: string%);
|
event net_weird%(name: string, addl: string%);
|
||||||
|
|
||||||
## Generated for unexpected activity that is tied to a file.
|
## Generated for unexpected activity that is tied to a file.
|
||||||
|
|
@ -548,12 +564,15 @@ event net_weird%(name: string, addl: string%);
|
||||||
##
|
##
|
||||||
## addl: Additional information related to the weird.
|
## addl: Additional information related to the weird.
|
||||||
##
|
##
|
||||||
|
## source: The name of the file analyzer that generated the weird.
|
||||||
|
##
|
||||||
## .. zeek:see:: flow_weird net_weird conn_weird expired_conn_weird
|
## .. zeek:see:: flow_weird net_weird conn_weird expired_conn_weird
|
||||||
##
|
##
|
||||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||||
## than one would intuitively expect. While in principle, any protocol
|
## than one would intuitively expect. While in principle, any protocol
|
||||||
## violation could be an attack attempt, it's much more likely that an
|
## violation could be an attack attempt, it's much more likely that an
|
||||||
## endpoint's implementation interprets an RFC quite liberally.
|
## endpoint's implementation interprets an RFC quite liberally.
|
||||||
|
event file_weird%(name: string, f: fa_file, addl: string, source: string%);
|
||||||
event file_weird%(name: string, f: fa_file, addl: string%);
|
event file_weird%(name: string, f: fa_file, addl: string%);
|
||||||
|
|
||||||
## Generated regularly for the purpose of profiling Zeek's processing. This event
|
## Generated regularly for the purpose of profiling Zeek's processing. This event
|
||||||
|
|
|
||||||
|
|
@ -76,11 +76,6 @@ Packet::~Packet()
|
||||||
delete [] data;
|
delete [] data;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Packet::Weird(const char* name)
|
|
||||||
{
|
|
||||||
sessions->Weird(name, this);
|
|
||||||
}
|
|
||||||
|
|
||||||
RecordValPtr Packet::ToRawPktHdrVal() const
|
RecordValPtr Packet::ToRawPktHdrVal() const
|
||||||
{
|
{
|
||||||
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
|
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
|
||||||
|
|
|
||||||
|
|
@ -124,9 +124,6 @@ public:
|
||||||
[[deprecated("Remove in v4.1. Use ToRawPktHdrval() instead.")]]
|
[[deprecated("Remove in v4.1. Use ToRawPktHdrval() instead.")]]
|
||||||
RecordVal* BuildPktHdrVal() const;
|
RecordVal* BuildPktHdrVal() const;
|
||||||
|
|
||||||
// Wrapper to generate a packet-level weird. Has to be public for llanalyzers to use it.
|
|
||||||
void Weird(const char* name);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maximal length of a layer 2 address.
|
* Maximal length of a layer 2 address.
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -135,7 +135,7 @@ void PktSrc::Info(const std::string& msg)
|
||||||
|
|
||||||
void PktSrc::Weird(const std::string& msg, const Packet* p)
|
void PktSrc::Weird(const std::string& msg, const Packet* p)
|
||||||
{
|
{
|
||||||
sessions->Weird(msg.c_str(), p, nullptr);
|
sessions->Weird(msg.c_str(), p);
|
||||||
}
|
}
|
||||||
|
|
||||||
void PktSrc::InternalError(const std::string& msg)
|
void PktSrc::InternalError(const std::string& msg)
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@
|
||||||
#include "zeek/Dict.h"
|
#include "zeek/Dict.h"
|
||||||
#include "zeek/DebugLogger.h"
|
#include "zeek/DebugLogger.h"
|
||||||
#include "zeek/RunState.h"
|
#include "zeek/RunState.h"
|
||||||
|
#include "zeek/Sessions.h"
|
||||||
|
#include "zeek/util.h"
|
||||||
|
|
||||||
namespace zeek::packet_analysis {
|
namespace zeek::packet_analysis {
|
||||||
|
|
||||||
|
|
@ -96,7 +98,8 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) co
|
||||||
|
|
||||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
|
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
|
||||||
GetAnalyzerName());
|
GetAnalyzerName());
|
||||||
packet->Weird("no_suitable_analyzer_found");
|
|
||||||
|
Weird("no_suitable_analyzer_found", packet);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -116,4 +119,9 @@ void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
|
||||||
dispatcher.Register(identifier, std::move(child));
|
dispatcher.Register(identifier, std::move(child));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const
|
||||||
|
{
|
||||||
|
sessions->Weird(name, packet, addl, GetAnalyzerName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
} // namespace zeek::packet_analysis
|
||||||
|
|
|
||||||
|
|
@ -148,6 +148,18 @@ protected:
|
||||||
*/
|
*/
|
||||||
bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
|
bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reports a Weird with the analyzer's name included in the addl field.
|
||||||
|
*
|
||||||
|
* @param name The name of the weird.
|
||||||
|
* @param packet An optional pointer to a packet to be used for additional
|
||||||
|
* information in the weird output.
|
||||||
|
* @param addl An optional string containing additional information about
|
||||||
|
* the weird. If this is passed, the analyzer's name will be prepended to
|
||||||
|
* it before output.
|
||||||
|
*/
|
||||||
|
void Weird(const char* name, Packet* packet=nullptr, const char* addl="") const;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
Tag tag;
|
Tag tag;
|
||||||
Dispatcher dispatcher;
|
Dispatcher dispatcher;
|
||||||
|
|
|
||||||
|
|
@ -89,7 +89,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
// Check whether the header is complete.
|
// Check whether the header is complete.
|
||||||
if ( sizeof(struct arp_pkthdr) > len )
|
if ( sizeof(struct arp_pkthdr) > len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_ARP");
|
Weird("truncated_ARP", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -100,7 +100,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
size_t min_length = (ar_tpa(ah) - (char*) data) + ah->ar_pln;
|
size_t min_length = (ar_tpa(ah) - (char*) data) + ah->ar_pln;
|
||||||
if ( min_length > len )
|
if ( min_length > len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_ARP");
|
Weird("truncated_ARP", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
// to pull bytes out of it.
|
// to pull bytes out of it.
|
||||||
if ( 16 >= len )
|
if ( 16 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_ethernet_frame");
|
Weird("truncated_ethernet_frame", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -36,7 +36,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
|
|
||||||
if ( cfplen + 14 >= len )
|
if ( cfplen + 14 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header_cfp");
|
Weird("truncated_link_header_cfp", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -60,7 +60,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
{
|
{
|
||||||
if ( 16 >= len )
|
if ( 16 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_ethernet_frame");
|
Weird("truncated_ethernet_frame", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -86,6 +86,6 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
}
|
}
|
||||||
|
|
||||||
// Undefined (1500 < EtherType < 1536)
|
// Undefined (1500 < EtherType < 1536)
|
||||||
packet->Weird("undefined_ether_type");
|
Weird("undefined_ether_type", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ bool FDDIAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
||||||
|
|
||||||
if ( hdr_size >= len )
|
if ( hdr_size >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("FDDI_analyzer_failed");
|
Weird("FDDI_analyzer_failed");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,13 +51,13 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( ! BifConst::Tunnel::enable_gre )
|
if ( ! BifConst::Tunnel::enable_gre )
|
||||||
{
|
{
|
||||||
sessions->Weird("GRE_tunnel", packet);
|
Weird("GRE_tunnel", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( len < gre_header_len() )
|
if ( len < gre_header_len() )
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -75,7 +75,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( gre_version != 0 && gre_version != 1 )
|
if ( gre_version != 0 && gre_version != 1 )
|
||||||
{
|
{
|
||||||
sessions->Weird("unknown_gre_version", packet, util::fmt("%d", gre_version));
|
Weird("unknown_gre_version", packet, util::fmt("version=%d", gre_version));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -92,7 +92,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -109,7 +109,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -132,7 +132,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
erspan_len += 8;
|
erspan_len += 8;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -141,7 +141,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -152,7 +152,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
if ( proto_typ != 0x880b )
|
if ( proto_typ != 0x880b )
|
||||||
{
|
{
|
||||||
// Enhanced GRE payload must be PPP.
|
// Enhanced GRE payload must be PPP.
|
||||||
sessions->Weird("egre_protocol_type", packet, util::fmt("%d", proto_typ));
|
Weird("egre_protocol_type", packet, util::fmt("proto=%d", proto_typ));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -162,20 +162,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
// RFC 2784 deprecates the variable length routing field
|
// RFC 2784 deprecates the variable length routing field
|
||||||
// specified by RFC 1701. It could be parsed here, but easiest
|
// specified by RFC 1701. It could be parsed here, but easiest
|
||||||
// to just skip for now.
|
// to just skip for now.
|
||||||
sessions->Weird("gre_routing", packet);
|
Weird("gre_routing", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( flags_ver & 0x0078 )
|
if ( flags_ver & 0x0078 )
|
||||||
{
|
{
|
||||||
// Expect last 4 bits of flags are reserved, undefined.
|
// Expect last 4 bits of flags are reserved, undefined.
|
||||||
sessions->Weird("unknown_gre_flags", packet);
|
Weird("unknown_gre_flags", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( len < gre_len + ppp_len + eth_len + erspan_len )
|
if ( len < gre_len + ppp_len + eth_len + erspan_len )
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_GRE", packet);
|
Weird("truncated_GRE", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -185,7 +185,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
|
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
|
||||||
{
|
{
|
||||||
sessions->Weird("non_ip_packet_in_encap", packet);
|
Weird("non_ip_packet_in_encap", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
||||||
|
|
||||||
if ( len_80211 >= len )
|
if ( len_80211 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_802_11_header");
|
Weird("truncated_802_11_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -47,7 +47,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
||||||
|
|
||||||
if ( len_80211 >= len )
|
if ( len_80211 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_802_11_header");
|
Weird("truncated_802_11_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -82,7 +82,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
||||||
len_80211 += 8;
|
len_80211 += 8;
|
||||||
if ( len_80211 >= len )
|
if ( len_80211 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_802_11_header");
|
Weird("truncated_802_11_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
||||||
{
|
{
|
||||||
if ( 3 >= len )
|
if ( 3 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_radiotap_header");
|
Weird("truncated_radiotap_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -24,7 +24,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
||||||
|
|
||||||
if ( rtheader_len >= len )
|
if ( rtheader_len >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_radiotap_header");
|
Weird("truncated_radiotap_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
// check ipv4 here. We'll check ipv6 later once we determine we have an ipv6 header.
|
// check ipv4 here. We'll check ipv6 later once we determine we have an ipv6 header.
|
||||||
if ( len < sizeof(struct ip) )
|
if ( len < sizeof(struct ip) )
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_IP", packet);
|
Weird("truncated_IP", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -56,7 +56,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
{
|
{
|
||||||
if ( len < sizeof(struct ip6_hdr) )
|
if ( len < sizeof(struct ip6_hdr) )
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_IP", packet);
|
Weird("truncated_IP", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -65,7 +65,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sessions->Weird("unknown_ip_version", packet);
|
Weird("unknown_ip_version", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -76,7 +76,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
if ( total_len == 0 )
|
if ( total_len == 0 )
|
||||||
{
|
{
|
||||||
// TCP segmentation offloading can zero out the ip_len field.
|
// TCP segmentation offloading can zero out the ip_len field.
|
||||||
sessions->Weird("ip_hdr_len_zero", packet);
|
Weird("ip_hdr_len_zero", packet);
|
||||||
|
|
||||||
// Cope with the zero'd out ip_len field by using the caplen.
|
// Cope with the zero'd out ip_len field by using the caplen.
|
||||||
total_len = packet->cap_len - hdr_size;
|
total_len = packet->cap_len - hdr_size;
|
||||||
|
|
@ -84,7 +84,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( packet->len < total_len + hdr_size )
|
if ( packet->len < total_len + hdr_size )
|
||||||
{
|
{
|
||||||
sessions->Weird("truncated_IPv6", packet);
|
Weird("truncated_IPv6", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -93,13 +93,13 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
uint16_t ip_hdr_len = packet->ip_hdr->HdrLen();
|
uint16_t ip_hdr_len = packet->ip_hdr->HdrLen();
|
||||||
if ( ip_hdr_len > total_len )
|
if ( ip_hdr_len > total_len )
|
||||||
{
|
{
|
||||||
sessions->Weird("invalid_IP_header_size", packet);
|
Weird("invalid_IP_header_size", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ip_hdr_len > len )
|
if ( ip_hdr_len > len )
|
||||||
{
|
{
|
||||||
sessions->Weird("internally_truncated_header", packet);
|
Weird("internally_truncated_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -107,7 +107,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
{
|
{
|
||||||
if ( ip_hdr_len < sizeof(struct ip) )
|
if ( ip_hdr_len < sizeof(struct ip) )
|
||||||
{
|
{
|
||||||
sessions->Weird("IPv4_min_header_size", packet);
|
Weird("IPv4_min_header_size", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -115,7 +115,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
{
|
{
|
||||||
if ( ip_hdr_len < sizeof(struct ip6_hdr) )
|
if ( ip_hdr_len < sizeof(struct ip6_hdr) )
|
||||||
{
|
{
|
||||||
sessions->Weird("IPv6_min_header_size", packet);
|
Weird("IPv6_min_header_size", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -129,7 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
|
! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
|
||||||
detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
|
detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
|
||||||
{
|
{
|
||||||
sessions->Weird("bad_IP_checksum", packet);
|
Weird("bad_IP_checksum", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -144,7 +144,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( len < total_len )
|
if ( len < total_len )
|
||||||
{
|
{
|
||||||
sessions->Weird("incompletely_captured_fragment", packet);
|
Weird("incompletely_captured_fragment", packet);
|
||||||
|
|
||||||
// Don't try to reassemble, that's doomed.
|
// Don't try to reassemble, that's doomed.
|
||||||
// Discard all except the first fragment (which
|
// Discard all except the first fragment (which
|
||||||
|
|
@ -174,7 +174,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( ip_hdr_len > total_len )
|
if ( ip_hdr_len > total_len )
|
||||||
{
|
{
|
||||||
sessions->Weird("invalid_IP_header_size", packet);
|
Weird("invalid_IP_header_size", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -203,7 +203,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
|
|
||||||
if ( ! ignore_checksums && mobility_header_checksum(packet->ip_hdr) != 0xffff )
|
if ( ! ignore_checksums && mobility_header_checksum(packet->ip_hdr) != 0xffff )
|
||||||
{
|
{
|
||||||
sessions->Weird("bad_MH_checksum", packet);
|
Weird("bad_MH_checksum", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -211,7 +211,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
event_mgr.Enqueue(mobile_ipv6_message, packet->ip_hdr->ToPktHdrVal());
|
event_mgr.Enqueue(mobile_ipv6_message, packet->ip_hdr->ToPktHdrVal());
|
||||||
|
|
||||||
if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
|
if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
|
||||||
sessions->Weird("mobility_piggyback", packet);
|
Weird("mobility_piggyback", packet);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -249,7 +249,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
if ( ! ( packet->encap &&
|
if ( ! ( packet->encap &&
|
||||||
packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
|
packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
|
||||||
{
|
{
|
||||||
sessions->Weird("ipv6_no_next", packet);
|
Weird("ipv6_no_next", packet);
|
||||||
return_val = false;
|
return_val = false;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -29,14 +29,14 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
|
|
||||||
if ( ! BifConst::Tunnel::enable_ip )
|
if ( ! BifConst::Tunnel::enable_ip )
|
||||||
{
|
{
|
||||||
sessions->Weird("IP_tunnel", packet);
|
Weird("IP_tunnel", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( packet->encap &&
|
if ( packet->encap &&
|
||||||
packet->encap->Depth() >= BifConst::Tunnel::max_depth )
|
packet->encap->Depth() >= BifConst::Tunnel::max_depth )
|
||||||
{
|
{
|
||||||
sessions->Weird("exceeded_tunnel_max_depth", packet);
|
Weird("exceeded_tunnel_max_depth", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -52,11 +52,11 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
// Check for a valid inner packet first.
|
// Check for a valid inner packet first.
|
||||||
int result = sessions->ParseIPPacket(len, data, proto, inner);
|
int result = sessions->ParseIPPacket(len, data, proto, inner);
|
||||||
if ( result == -2 )
|
if ( result == -2 )
|
||||||
sessions->Weird("invalid_inner_IP_version", packet);
|
Weird("invalid_inner_IP_version", packet);
|
||||||
else if ( result < 0 )
|
else if ( result < 0 )
|
||||||
sessions->Weird("truncated_inner_IP", packet);
|
Weird("truncated_inner_IP", packet);
|
||||||
else if ( result > 0 )
|
else if ( result > 0 )
|
||||||
sessions->Weird("inner_IP_payload_length_mismatch", packet);
|
Weird("inner_IP_payload_length_mismatch", packet);
|
||||||
|
|
||||||
if ( result != 0 )
|
if ( result != 0 )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ bool LinuxSLLAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
||||||
auto len_sll_hdr = sizeof(SLLHeader);
|
auto len_sll_hdr = sizeof(SLLHeader);
|
||||||
if ( len_sll_hdr >= len )
|
if ( len_sll_hdr >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_Linux_SLL_header");
|
Weird("truncated_Linux_SLL_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ bool MPLSAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header");
|
Weird("truncated_link_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_nflog_header");
|
Weird("truncated_nflog_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -23,7 +23,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
||||||
|
|
||||||
if ( version != 0 )
|
if ( version != 0 )
|
||||||
{
|
{
|
||||||
packet->Weird("unknown_nflog_version");
|
Weird("unknown_nflog_version", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -38,7 +38,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("nflog_no_pcap_payload");
|
Weird("nflog_no_pcap_payload", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -66,7 +66,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
||||||
|
|
||||||
if ( tlv_len < 4 )
|
if ( tlv_len < 4 )
|
||||||
{
|
{
|
||||||
packet->Weird("nflog_bad_tlv_len");
|
Weird("nflog_bad_tlv_len", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ bool NullAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("null_analyzer_failed");
|
Weird("null_analyzer_failed", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ bool PPPSerialAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* p
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_ppp_serial_header");
|
Weird("truncated_ppp_serial_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ bool PPPoEAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
||||||
{
|
{
|
||||||
if ( 8 >= len )
|
if ( 8 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_pppoe_header");
|
Weird("truncated_pppoe_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ bool VLANAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
||||||
{
|
{
|
||||||
if ( 4 >= len )
|
if ( 4 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_VLAN_header");
|
Weird("truncated_VLAN_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
|
|
||||||
if ( data + cfplen + 14 >= end_of_data )
|
if ( data + cfplen + 14 >= end_of_data )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header_cfp");
|
Weird("truncated_link_header_cfp", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -55,7 +55,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
{
|
{
|
||||||
if ( data + 4 >= end_of_data )
|
if ( data + 4 >= end_of_data )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header");
|
Weird("truncated_link_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -73,7 +73,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
{
|
{
|
||||||
if ( data + 8 >= end_of_data )
|
if ( data + 8 >= end_of_data )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header");
|
Weird("truncated_link_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -87,7 +87,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Neither IPv4 nor IPv6.
|
// Neither IPv4 nor IPv6.
|
||||||
packet->Weird("non_ip_packet_in_pppoe_encapsulation");
|
Weird("non_ip_packet_in_pppoe_encapsulation", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -111,7 +111,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Neither IPv4 nor IPv6.
|
// Neither IPv4 nor IPv6.
|
||||||
packet->Weird("non_ip_packet_in_ethernet");
|
Weird("non_ip_packet_in_ethernet", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -125,7 +125,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
{
|
{
|
||||||
if ( data + 4 >= end_of_data )
|
if ( data + 4 >= end_of_data )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_link_header");
|
Weird("truncated_link_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -136,7 +136,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
// We assume that what remains is IP
|
// We assume that what remains is IP
|
||||||
if ( data + sizeof(struct ip) >= end_of_data )
|
if ( data + sizeof(struct ip) >= end_of_data )
|
||||||
{
|
{
|
||||||
packet->Weird("no_ip_in_mpls_payload");
|
Weird("no_ip_in_mpls_payload", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -149,7 +149,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Neither IPv4 nor IPv6.
|
// Neither IPv4 nor IPv6.
|
||||||
packet->Weird("no_ip_in_mpls_payload");
|
Weird("no_ip_in_mpls_payload", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -91,9 +91,9 @@ function Reporter::fatal_error_with_core%(msg: string%): bool
|
||||||
## name: the name of the weird.
|
## name: the name of the weird.
|
||||||
##
|
##
|
||||||
## Returns: Always true.
|
## Returns: Always true.
|
||||||
function Reporter::net_weird%(name: string%): bool
|
function Reporter::net_weird%(name: string, addl: string &default="", source: string &default=""%): bool
|
||||||
%{
|
%{
|
||||||
reporter->Weird(name->CheckString());
|
reporter->Weird(name->CheckString(), addl->CheckString(), source->CheckString());
|
||||||
return zeek::val_mgr->True();
|
return zeek::val_mgr->True();
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|
@ -106,9 +106,9 @@ function Reporter::net_weird%(name: string%): bool
|
||||||
## resp: the responder host associated with the weird.
|
## resp: the responder host associated with the weird.
|
||||||
##
|
##
|
||||||
## Returns: Always true.
|
## Returns: Always true.
|
||||||
function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
|
function Reporter::flow_weird%(name: string, orig: addr, resp: addr, addl: string &default="", source: string &default=""%): bool
|
||||||
%{
|
%{
|
||||||
reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString());
|
reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString(), addl->CheckString(), source->CheckString());
|
||||||
return zeek::val_mgr->True();
|
return zeek::val_mgr->True();
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|
@ -121,17 +121,17 @@ function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
|
||||||
## addl: additional information to accompany the weird.
|
## addl: additional information to accompany the weird.
|
||||||
##
|
##
|
||||||
## Returns: Always true.
|
## Returns: Always true.
|
||||||
function Reporter::conn_weird%(name: string, c: connection, addl: string &default=""%): bool
|
function Reporter::conn_weird%(name: string, c: connection, addl: string &default="", source: string &default=""%): bool
|
||||||
%{
|
%{
|
||||||
if ( c )
|
if ( c )
|
||||||
reporter->Weird(c, name->CheckString(), addl->CheckString());
|
reporter->Weird(c, name->CheckString(), addl->CheckString(), source->CheckString());
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
auto connection_record = @ARG@[1]->AsRecordVal();
|
auto connection_record = @ARG@[1]->AsRecordVal();
|
||||||
auto conn_id_val = connection_record->GetField<RecordVal>("id");
|
auto conn_id_val = connection_record->GetField<RecordVal>("id");
|
||||||
auto uid_val = connection_record->GetField<StringVal>("uid");
|
auto uid_val = connection_record->GetField<StringVal>("uid");
|
||||||
reporter->Weird(conn_id_val, uid_val,
|
reporter->Weird(conn_id_val, uid_val,
|
||||||
name->CheckString(), addl->CheckString());
|
name->CheckString(), addl->CheckString(), source->CheckString());
|
||||||
}
|
}
|
||||||
|
|
||||||
return zeek::val_mgr->True();
|
return zeek::val_mgr->True();
|
||||||
|
|
@ -146,7 +146,7 @@ function Reporter::conn_weird%(name: string, c: connection, addl: string &defaul
|
||||||
## addl: additional information to accompany the weird.
|
## addl: additional information to accompany the weird.
|
||||||
##
|
##
|
||||||
## Returns: true if the file was still valid, else false.
|
## Returns: true if the file was still valid, else false.
|
||||||
function Reporter::file_weird%(name: string, f: fa_file, addl: string &default=""%): bool
|
function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="", source: string&default=""%): bool
|
||||||
%{
|
%{
|
||||||
auto fuid = f->AsRecordVal()->GetField(0)->AsStringVal();
|
auto fuid = f->AsRecordVal()->GetField(0)->AsStringVal();
|
||||||
auto file = zeek::file_mgr->LookupFile(fuid->CheckString());
|
auto file = zeek::file_mgr->LookupFile(fuid->CheckString());
|
||||||
|
|
@ -154,7 +154,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
|
||||||
if ( ! file )
|
if ( ! file )
|
||||||
return zeek::val_mgr->False();
|
return zeek::val_mgr->False();
|
||||||
|
|
||||||
reporter->Weird(file, name->CheckString(), addl->CheckString());
|
reporter->Weird(file, name->CheckString(), addl->CheckString(), source->CheckString());
|
||||||
return zeek::val_mgr->True();
|
return zeek::val_mgr->True();
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,13 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2019-06-07-01-59-08
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1254722767.875996 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||||
1437831787.861602 CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||||
1437831799.610433 C3eiCBGOLw3VtHfOj 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||||
#close 2019-06-07-01-59-08
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,103 +1,104 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-07
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332784981.078396 - 127.0.0.1 0 127.0.0.1 0 bad_IP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX - 127.0.0.1 0 127.0.0.1 0 bad_IP_checksum - F zeek IP
|
||||||
#close 2020-10-14-18-44-07
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-08
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332784885.686428 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F zeek TCP
|
||||||
#close 2020-10-14-18-44-08
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-08
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332784933.501023 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F zeek UDP
|
||||||
#close 2020-10-14-18-44-08
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-09
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075363.536871 CHhAvVGS1DHFjwGM9 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F zeek ICMP
|
||||||
#close 2020-10-14-18-44-09
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-10
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332785210.013051 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||||
1332785210.013051 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F zeek TCP
|
||||||
#close 2020-10-14-18-44-10
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-10
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332782580.798420 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||||
1332782580.798420 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F zeek UDP
|
||||||
#close 2020-10-14-18-44-10
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-11
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075111.800086 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||||
1334075111.800086 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F zeek ICMP
|
||||||
#close 2020-10-14-18-44-11
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-11
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332785250.469132 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F zeek TCP
|
||||||
#close 2020-10-14-18-44-11
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-12
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332781342.923813 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F zeek UDP
|
||||||
#close 2020-10-14-18-44-12
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-12
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek ICMP
|
||||||
#close 2020-10-14-18-44-12
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,70 +1,71 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-12
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek ICMP
|
||||||
#close 2020-10-14-18-44-12
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-15
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332785125.596793 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-15
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-15
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1332782508.592037 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-15
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-44-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||||
#close 2020-10-14-18-44-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,471 +1,472 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-18-45-20
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1500557630.000000 - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:7265:6300::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557630.000000 - - - - - unknown_ip_version - F zeek
|
XXXXXXXXXX.XXXXXX - - - - - unknown_ip_version - F zeek IP
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:9ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:9ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:2304:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2304:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:28fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:28fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:2a29:: 0 0:80:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:: 0 0:80:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:fcff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:fcff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff32:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff32:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929:1000:0:6904:27ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:27ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:3afd:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:3afd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:c200:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:c200:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:700:fe:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:700:fe:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:21ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:21ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:ffff:ffff:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ff7f:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ff7f:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:ff3a 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:ff3a 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:0:ff00:69:2980:0:69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:e374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:e374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:2705:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2705:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:63ce:80:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:80:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:0:4:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:0:4:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7df 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7df 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ff01:: 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ff01:: 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:71fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:71fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:2:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:2:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0:7265:6374:6929:ff:0:27ff:28 0 126:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:0:27ff:28 0 126:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:69ff:ff00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ff00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:fef9:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:fef9:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:40 0 bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:40 0 bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:8000::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:8000::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 38bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 38bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:80:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:80:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:ff:ff00:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ff00:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:180:: 0 bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:180:: 0 bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:0:ff00:69:2980:0:29 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:29 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929:600:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:600:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7463:2a72:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7463:2a72:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b000:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b000:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0:7265:6374:6929:ff:27:a800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:a800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.65.95 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.65.95 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.65.95 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.65.95 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557631.000000 - b100:7265:6374:7129:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:7129:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b101:0:74:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b101:0:74:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fb03:12ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fb03:12ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 400:fffe:bfff::ecec:ecfc:ecec 0 ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 400:fffe:bfff::ecec:ecfc:ecec 0 ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:aa29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:aa29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:2600:0:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:2600:0:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:0:1000:6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:1000:6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 ff00:bf3b:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 ff00:bf3b:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b800:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b800:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:91:8bd6:ff00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:91:8bd6:ff00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:5445:52ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:5445:52ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fff7:820 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fff7:820 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b198:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b198:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929:0:100:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:100:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:0:100:0:480:ffbf 0 3bff:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:480:ffbf 0 3bff:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:2:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:2:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:fff8:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:fff8:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9cc2:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9cc2:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ff21:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ff21:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:ffff:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:ffff:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7229:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7229:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b104:7265:6374:2a29::6904:ff 0 3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b104:7265:6374:2a29::6904:ff 0 3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.255.255 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.255.255 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.255.255 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.255.255 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557631.000000 - b100:7265:6374:6900:8000:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:8000:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:4900:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:4900:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:636f:6d29::5704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:636f:6d29::5704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:723a:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:723a:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0:7265:6374:6929:ff:0:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:0:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929:100:0:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:100:0:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:0:ffff:6804:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:ffff:6804:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:0 0 80bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:0 0 80bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6827:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6827:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40::80ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40::80ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:908 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:908 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00::ffff:ff03:bffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00::ffff:ff03:bffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6300:0:8000:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6300:0:8000:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:8e00:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:8e00:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:9f74:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:9f74:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f701 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f701 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3b3f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3b3f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:fbff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:fbff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9529:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9529:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:3600:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:3600:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bb7:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bb7:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0.0.0.0 0 0.53.0.0 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.53.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557631.000000 - 0.0.0.0 0 0.53.0.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.53.0.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:39:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:39:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929:0:8000:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:8000:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7228:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7228:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff80::ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff80::ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7fc 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7fc 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 100:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 100:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7200:6300:4:ff27:65fe:bfff:ff 0 ffff:0:ffff:ff3a:f700:8000:20:8ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:6300:4:ff27:65fe:bfff:ff 0 ffff:0:ffff:ff3a:f700:8000:20:8ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:47:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:47:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f706 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f706 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265::6904:2aff 0 c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300::8001:0 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8001:0 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:900:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:900:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7d8 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7d8 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - ffff:ff27:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ff27:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:f7ff:fdff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:f7ff:fdff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:0:3a00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:3a00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:63ce:29:69:7400:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:29:69:7400:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:6500:72:6369:2a:2900:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a:2900:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:2100::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:2100::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:100:: 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:100:: 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557631.000000 - 0.0.0.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557631.000000 - b100:7265:6374:6929:1:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:1:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929:0:69:4:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:69:4:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557631.000000 - b100:7265:6374:6929::ff:3bff 0 4bf:8080:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff:3bff 0 4bf:8080:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:0:4ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:0:4ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:63f4:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63f4:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:637b:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:637b:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:340:80:ffef:ffff:fffd:f7fb 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:340:80:ffef:ffff:fffd:f7fb 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b300:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b300:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:ae74:6929:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:ae74:6929:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:1 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:1 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:ff:ffff:ffff:ffff 0 ffbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ffff:ffff:ffff 0 ffbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ff01:1:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ff01:1:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:0:4:0:80ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:4:0:80ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:0:40ff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:0:40ff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:434f:4e54:454e:5453:5f44 0 4ebf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:434f:4e54:454e:5453:5f44 0 4ebf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:fff7:ffff:fdff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:fff7:ffff:fdff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:0:80::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:0:80::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:900 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:900 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3b01::ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3b01::ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:3a00:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:3a00:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::692a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::692a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:40:8:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:40:8:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:bf 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:bf 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:69a9::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:69a9::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:5265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:5265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::97fb:ff00 0 c440:108:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::97fb:ff00 0 c440:108:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:8000 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:8000 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 32.0.8.99 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 32.0.8.99 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:6980:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:6980:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::693b:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::693b:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 0.0.0.0 0 0.255.255.255 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.255.255.255 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557632.000000 - 0.0.0.0 0 0.255.255.255 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.255.255.255 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557632.000000 - b100:7265:6374:6929::6928:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6928:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:5049:415f:5544:5000:0:6904:5544 0 50bf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:5049:415f:5544:5000:0:6904:5544 0 50bf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:0:1000:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:1000:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:3c0:ffff::fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:3c0:ffff::fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 fe:8d9a:948b:96d6:ff00:21:6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 fe:8d9a:948b:96d6:ff00:21:6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8014:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8014:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6301::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6301::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:63ce:69:7421:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7421:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:69:d529:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:d529:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff27:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff27:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - ffff:ffff:ffff:ffff::8004:ff 0 ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 7200:65:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 7200:65:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7263:692a:7429::6904:ff 0 3b:bf00:40ff:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7263:692a:7429::6904:ff 0 3b:bf00:40ff:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6306:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffe:1ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6306:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffe:1ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 50ff:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 50ff:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6900:2900:0:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6900:2900:0:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6305:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6305:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 101.99.116.105 0 41.0.255.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 101.99.116.105 0 41.0.255.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 ::40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 ::40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 0:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 2700:7265:6300:0:100:0:8004:ff00 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 2700:7265:6300:0:100:0:8004:ff00 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7200:400:65:6327:101:3ffe:ff 0 ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:101:3ffe:ff 0 ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:637c:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:637c:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:e374:6929::6904:ff 0 3bbf:ff00:40:a:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:e374:6929::6904:ff 0 3bbf:ff00:40:a:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:fd00:40:0:fffc:ffff:f720:fd3a 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:fd00:40:0:fffc:ffff:f720:fd3a 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:722a:2374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:2374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ff01:0 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ff01:0 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:fff2:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:fff2:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:2704:40:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:40:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:ff 0 6800:f265:6374:6929:11:27:c00:68 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 6800:f265:6374:6929:11:27:c00:68 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:725f:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:725f:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7200:400:65:6327:fffe:bfff:0 0 5000:ff:ffff:ffff:fdf7:ff3a:2000:800 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:0 0 5000:ff:ffff:ffff:fdf7:ff3a:2000:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:8000:0 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:8000:0 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:722a:6374:6929:400:4:0:ff69 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:4:0:ff69 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 7dbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 7dbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8084:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8084:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:0:ffff:ffff:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:ffff:ffff:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29:100:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:100:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ff00:ffff:3a20:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ff00:ffff:3a20:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a22:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a22:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b300:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b300:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40::ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40::ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:80:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:80:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:3a 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:3a 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff00:0:8080 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff00:0:8080 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2008:2b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2008:2b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:3b00:ff:0:6929:0:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:3b00:ff:0:6929:0:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:9:0:9704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:9:0:9704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:80fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:80fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ffcc:c219:aa00:0:c9:640d:eb3c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ffcc:c219:aa00:0:c9:640d:eb3c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:a78b:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:a78b:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bff:4000:bf00:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bff:4000:bf00:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:5265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:5265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7218:400:65:6327:fffe:bfff:ff 0 ffff:20:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7218:400:65:6327:fffe:bfff:ff 0 ffff:20:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 71.97.99.109 0 0.16.0.41 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 71.97.99.109 0 0.16.0.41 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557632.000000 - 71.97.99.109 0 0.16.0.41 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 71.97.99.109 0 0.16.0.41 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557632.000000 - b100:7221:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7221:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:7fef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:7fef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:d0d6:ffff:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:d0d6:ffff:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:6:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:6:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ecff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ecff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffef:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffef:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:e929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:27ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:e929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:27ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 3a00:7265:6374:6929::8004:ff 0 c540:fe:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 3a00:7265:6374:6929::8004:ff 0 c540:fe:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:40:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:40:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 65:63b1:7274:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 65:63b1:7274:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::2104:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::2104:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6328:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6328:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - f100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - f100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:72:6328:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6328:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7200:400:65:ffff:ffff:ffff:ffff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:ffff:ffff:ffff:ffff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:fdff:ffff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:fdff:ffff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:6500:6fd:188:4747:4747:61fd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:6500:6fd:188:4747:4747:61fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:7fff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:7fff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:27ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:27ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff4e:5654:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff4e:5654:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374::80:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374::80:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:3b 0 ff:ffbf:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:3b 0 ff:ffbf:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:6500:91:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:91:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:ff:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:ff:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6301::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6301::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:ffff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:ffff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:0:ff3b:bf:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:0:ff3b:bf:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:10ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:10ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6329:ffff:2a74:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:3b70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6329:ffff:2a74:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:3b70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 143.9.0.0 0 0.98.0.237 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 143.9.0.0 0 0.98.0.237 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557632.000000 - 143.9.0.0 0 0.98.0.237 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 143.9.0.0 0 0.98.0.237 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 fffb:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 fffb:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7200:6365::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:6365::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e00:0:704c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e00:0:704c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557632.000000 - b100:7265:6374:6909::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6909::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:feff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:feff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:2a60 0 3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2a60 0 3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 2a72:6300:b165:7429:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 2a72:6300:b165:7429:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:639a:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:639a:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::ff00:480 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff00:480 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:0:8:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:8:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b000:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:21e6:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b000:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:21e6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6301:0:29:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6301:0:29:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::3b04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::3b04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::8804:ff 0 3bbf:ff80:40:0:ffff:ffff:102:800 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8804:ff 0 3bbf:ff80:40:0:ffff:ffff:102:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 33bf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 33bf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3b9f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3b9f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b13b:bfff:0:4000:ff:ffff:ffff:fdf7 0 ff3a:2000:800:1e04:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b13b:bfff:0:4000:ff:ffff:ffff:fdf7 0 ff3a:2000:800:1e04:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:0 0 ::80:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:0 0 ::80:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b165:6300:7274:6929::400:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b165:6300:7274:6929::400:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff3b 0 0:bfff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff3b 0 0:bfff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::3b:bfff 0 ff04:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::3b:bfff 0 ff04:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:74a9:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:74a9:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:2aff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:2aff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:6374:65:69:7229:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6374:65:69:7229:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6377:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6377:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b128:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b128:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:2700:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:2700:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:fd00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:fd00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:722a:6374:6929::6968:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6968:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bff:bf00:40:0:ffff:ffff:fffd:e7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bff:bf00:40:0:ffff:ffff:fffd:e7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7261:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7261:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:7929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:7929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:df00::80ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:df00::80ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7263:65ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7263:65ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:f8:0:ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:f8:0:ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:692d::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:692d::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::4:fd 0 c3bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:fd 0 c3bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:3b 0 bf:ffff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:3b 0 bf:ffff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6900:ec00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:ec00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 e21e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 e21e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6928:ffff:fd00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6928:ffff:fd00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::ff00:bfff 0 3b00:400:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff00:bfff 0 3b00:400:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:520:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:520:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ffff 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ffff 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:28:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:28:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::80fb:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::80fb:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c2a:7200:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c2a:7200:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:693a::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:693a::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929:0:fffe:bfff:ff 0 ffff:ff68:0:4000:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:fffe:bfff:ff 0 ffff:ff68:0:4000:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ef 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ef 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::4:ff 0 3bbf:2700:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:2700:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:27:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:27:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::2a:0 0 ::6a:ffff:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::2a:0 0 ::6a:ffff:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6900:a:400:2a29:3b2a 0 ffbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:a:400:2a29:3b2a 0 ffbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:6500:72:6369:2a29:3b00:690a:ff 0 3bbf:fb00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:3b00:690a:ff 0 3bbf:fb00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:722a:6374:: 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:: 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:2aff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:2aff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7200:63:65::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:63:65::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:fc 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:fc 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6900:0 0 80bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6900:0 0 80bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:63ce:69:2129:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:2129:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:3a:ffef:ff:ffff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:3a:ffef:ff:ffff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:9265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:9265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:dffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:dffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:1ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:1ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:724a:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:724a:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:f6 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:f6 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:0 0 ffff:ff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:0 0 ffff:ff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6500:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6500:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:0:a:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:a:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6900::2900:0 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900::2900:0 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 68.80.95.104 0 109.115.117.0 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 68.80.95.104 0 109.115.117.0 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557633.000000 - 68.80.95.104 0 109.115.117.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 68.80.95.104 0 109.115.117.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:692b::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:692b::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6900:29:0:6914:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:29:0:6914:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 8:1e:400:ff00:0:3200:8004:ff 0 3bff:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 8:1e:400:ff00:0:3200:8004:ff 0 3bff:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:f7fd 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:f7fd 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:8ba:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:8ba:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300::8004:ff 0 48bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 48bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7365:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7365:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:5600:800:2b00:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:5600:800:2b00:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 0:7265:6374:6929:ff:6:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:6:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6909::6904:ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6909::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ff48:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ff48:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:7400:2969:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:7400:2969:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:c5:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:c5:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265::6904:2a3a 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265::6904:2a3a 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:f9ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:f9ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7261:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7261:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9fd6:ffff:2:800 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9fd6:ffff:2:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6300:69:7429:8000:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:8000:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - ffff:ffff:ffff:ffff:: 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff:: 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:400:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:400:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::ff00:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::ff00:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:fffe:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:fffe:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:ffff::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:ffff::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 4f00:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 4f00:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:8000::6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:8000::6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:1:400:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:1:400:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 0.255.255.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek
|
XXXXXXXXXX.XXXXXX - 0.255.255.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||||
1500557633.000000 - 0.255.255.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.255.255.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557633.000000 - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:342b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:342b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:6929:400:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:400:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - b100:7265:1::69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:1::69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557633.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:ffff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:722a:6374:6929:1001:900:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1001:900:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:40:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:40:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:722a:6374:6929::6904:eff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:eff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - ffdb:ffff:3b00::ff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - ffdb:ffff:3b00::ff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:6929:ffff:ffff:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6300:669:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:669:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:6929::693b:bdff 0 0:4000:ff:ffff:fdff:fff7:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::693b:bdff 0 0:4000:ff:ffff:fdff:fff7:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 0.71.103.97 0 99.116.0.128 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 0.71.103.97 0 99.116.0.128 0 invalid_IP_header_size - F zeek IP
|
||||||
1500557634.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:63ce:69:7429:0:690a:b1 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:b1 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 6500:0:6fd:188:4747:4747:6163:7400 0 0:2c29:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 6500:0:6fd:188:4747:4747:6163:7400 0 0:2c29:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:722a:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:6500:72:6369:2900:2a00:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2900:2a00:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:2a29::6904:ff 0 29bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 29bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:10:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:10:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:7265:6374:6929::612f:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::612f:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ffc3:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ffc3:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:722a:6374:6929:1000:100:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:100:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:6374:6929:ff:ffff:ff04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ffff:ff04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - b100:7265:0:ff00:69:2980:0:69 0 c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:69 0 c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
1500557634.000000 - 9c00:7265:6374:69d1::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:69d1::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
#close 2020-10-14-18-45-20
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2019-06-07-01-59-25
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1425182592.408334 - - - - - negative_packet_timestamp - F zeek
|
XXXXXXXXXX.XXXXXX - - - - - negative_packet_timestamp - F zeek -
|
||||||
#close 2019-06-07-01-59-25
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,81 +1,82 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-15
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334160095.895421 - - - - - truncated_IP - F zeek
|
XXXXXXXXXX.XXXXXX - - - - - truncated_IP - F zeek IP
|
||||||
#close 2020-10-14-19-20-15
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334156241.519125 - - - - - truncated_IP - F zeek
|
XXXXXXXXXX.XXXXXX - - - - - truncated_IP - F zeek IP
|
||||||
#close 2020-10-14-19-20-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1334094648.590126 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:4f8:4:7:2e0:81ff:fe52:9a6b 0 truncated_IPv6 - F zeek
|
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:4f8:4:7:2e0:81ff:fe52:9a6b 0 truncated_IPv6 - F zeek IP
|
||||||
#close 2020-10-14-19-20-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-17
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1338328954.078361 - 10.0.0.1 0 192.0.43.10 0 internally_truncated_header - F zeek
|
XXXXXXXXXX.XXXXXX - 10.0.0.1 0 192.0.43.10 0 internally_truncated_header - F zeek -
|
||||||
1338328954.099743 - 192.0.43.10 0 10.0.0.1 0 internally_truncated_header - F zeek
|
XXXXXXXXXX.XXXXXX - 192.0.43.10 0 10.0.0.1 0 internally_truncated_header - F zeek -
|
||||||
#close 2020-10-14-19-20-17
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-18
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1404148886.981015 - - - - - truncated_ethernet_frame - F zeek
|
XXXXXXXXXX.XXXXXX - - - - - truncated_ethernet_frame - F zeek ETHERNET
|
||||||
#close 2020-10-14-19-20-18
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-19
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 invalid_IP_header_size - F zeek
|
XXXXXXXXXX.XXXXXX - 163.253.48.183 0 192.150.187.43 0 invalid_IP_header_size - F zeek IP
|
||||||
#close 2020-10-14-19-20-19
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-19
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 internally_truncated_header - F zeek
|
XXXXXXXXXX.XXXXXX - 163.253.48.183 0 192.150.187.43 0 internally_truncated_header - F zeek IP
|
||||||
#close 2020-10-14-19-20-19
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-10-14-19-20-20
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1500557630.000000 - 0.255.0.255 0 15.254.2.1 0 invalid_IP_header_size_in_tunnel - F zeek
|
XXXXXXXXXX.XXXXXX - 0.255.0.255 0 15.254.2.1 0 invalid_IP_header_size_in_tunnel - F zeek IP
|
||||||
#close 2020-10-14-19-20-20
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,21 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2019-06-07-02-20-03
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1500557630.000000 - ff00:0:6929::6904:ff:3bbf 0 ffff:0:69:2900:0:69:400:ff3b 0 invalid_inner_IP_version_in_tunnel - F zeek
|
XXXXXXXXXX.XXXXXX - ff00:0:6929::6904:ff:3bbf 0 ffff:0:69:2900:0:69:400:ff3b 0 invalid_inner_IP_version_in_tunnel - F zeek IPTUNNEL
|
||||||
#close 2019-06-07-02-20-03
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2019-06-07-02-20-03
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1500557630.000000 - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||||
#close 2019-06-07-02-20-03
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-07-06-17-36-24
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek
|
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek TEREDO
|
||||||
1340127577.346849 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek TEREDO
|
||||||
#close 2020-07-06-17-36-24
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-01-15-20-41-16
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1348168976.514202 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 base64_illegal_encoding character 32 ignored by Base64 decoding F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 base64_illegal_encoding character 32 ignored by Base64 decoding F zeek -
|
||||||
1348168976.514202 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 ftp_adat_bad_first_token_encoding - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 ftp_adat_bad_first_token_encoding - F zeek FTP_ADAT
|
||||||
#close 2020-01-15-20-41-16
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-04-30-00-47-04
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1523627611.748118 CHhAvVGS1DHFjwGM9 127.0.0.1 58128 127.0.0.1 80 HTTP_range_not_matching_len - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58128 127.0.0.1 80 HTTP_range_not_matching_len - F zeek HTTP
|
||||||
#close 2020-04-30-00-47-04
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-04-30-00-47-07
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1452204358.172926 CHhAvVGS1DHFjwGM9 192.168.122.130 49157 202.7.177.41 80 bad_HTTP_request_with_version - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.122.130 49157 202.7.177.41 80 bad_HTTP_request_with_version - F zeek HTTP
|
||||||
#close 2020-04-30-00-47-07
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,36 +1,37 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-04-30-00-47-11
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1354328874.237327 ClEkJM2Vm5giqnMf4h 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F zeek
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F zeek HTTP
|
||||||
1354328874.278822 C4J4Th3PJpwUYZZ6gc 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328874.321792 CtPZjS20MLrsMUOJi2 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328882.908690 C37jN32gN3y3AZzyf6 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328882.949510 C3eiCBGOLw3VtHfOj 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328887.094494 C0LAHyvtKSQHyJxIl 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328891.141058 CFLRIC3zaTU1loLGxh 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328891.183942 C9rXSW3KSpTYvPrlI1 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request_with_version - F zeek
|
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request_with_version - F zeek HTTP
|
||||||
1354328891.226199 Ck51lg1bScffFj34Ri 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328891.267625 C9mvWx3ezztgzcexV7 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request_with_version - F zeek
|
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request_with_version - F zeek HTTP
|
||||||
1354328891.309065 CNnMIj2QSd84NKf7U3 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
|
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
|
||||||
1354328895.355012 C7fIlMZDuRiqjpYbb 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
|
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
|
||||||
1354328895.396634 CykQaM33ztNt0csB9a 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328895.438812 CtxTCR2Yer0FR1tIBg 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328895.480865 CpmdRlaUoJLN3uIRa 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
|
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
|
||||||
1354328903.614145 CLNN1k2QMum1aexUK7 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328903.656369 CBA8792iHmnhPLksKa 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328911.832856 Cipfzj1BEnhejw8cGf 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328911.876341 CV5WJ42jPYbNW9JNWf 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328920.052085 CzrZOtXqhwwndQva3 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328920.094072 CaGCc13FffXe6RkQl9 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328924.266693 CzmEfj4RValNyLfT58 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CzmEfj4RValNyLfT58 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328924.308714 CCk2V03QgWwIurU3f 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CCk2V03QgWwIurU3f 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328924.476011 CKJVAj1rNx0nolFFc4 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CKJVAj1rNx0nolFFc4 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328924.518204 CD7vfu1qu4YJKe1nGi 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CD7vfu1qu4YJKe1nGi 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328932.734579 CRJ9x54IaE7bkVEpad 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CRJ9x54IaE7bkVEpad 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
1354328932.776609 CAvUKGaEgLlR4i6t2 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F zeek
|
XXXXXXXXXX.XXXXXX CAvUKGaEgLlR4i6t2 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
|
||||||
#close 2020-04-30-00-47-11
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-04-30-00-47-19
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1362692526.939527 CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 missing_HTTP_uri - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 59856 192.150.187.43 80 missing_HTTP_uri - F zeek HTTP
|
||||||
#close 2020-04-30-00-47-19
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-04-30-00-47-20
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1501217955.063524 CHhAvVGS1DHFjwGM9 192.168.0.9 57322 192.150.187.12 80 illegal_%_at_end_of_URI - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.9 57322 192.150.187.12 80 illegal_%_at_end_of_URI - F zeek HTTP
|
||||||
1501217957.423701 ClEkJM2Vm5giqnMf4h 192.168.0.9 57323 192.150.187.12 80 partial_escape_at_end_of_URI - F zeek
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.9 57323 192.150.187.12 80 partial_escape_at_end_of_URI - F zeek HTTP
|
||||||
#close 2020-04-30-00-47-21
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,13 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-08-08-04-23-29
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1509735979.080381 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 contentline_size_exceeded - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 contentline_size_exceeded - F zeek CONTENTLINE
|
||||||
1509735979.080381 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_line_size_exceeded - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_line_size_exceeded - F zeek IRC
|
||||||
1509735981.241042 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_invalid_command - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_invalid_command - F zeek IRC
|
||||||
#close 2020-08-08-04-23-29
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
#separator \x09
|
#separator \x09
|
||||||
#set_separator ,
|
#set_separator ,
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path weird
|
#path weird
|
||||||
#open 2020-08-08-04-25-02
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
#types time string addr port addr port string string bool string
|
#types time string addr port addr port string string bool string string
|
||||||
1536797872.428637 CHhAvVGS1DHFjwGM9 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F zeek
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F zeek IRC
|
||||||
#close 2020-08-08-04-25-02
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
#include "LLCDemo.h"
|
#include "LLCDemo.h"
|
||||||
#include "Event.h"
|
#include "zeek/Event.h"
|
||||||
#include "Val.h"
|
#include "zeek/Val.h"
|
||||||
|
#include "zeek/Sessions.h"
|
||||||
#include "events.bif.h"
|
#include "events.bif.h"
|
||||||
|
|
||||||
using namespace zeek::packet_analysis::PacketDemo;
|
using namespace zeek::packet_analysis::PacketDemo;
|
||||||
|
|
@ -15,7 +16,7 @@ bool LLCDemo::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
// Rudimentary parsing of 802.2 LLC
|
// Rudimentary parsing of 802.2 LLC
|
||||||
if ( 17 >= len )
|
if ( 17 >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_llc_header");
|
sessions->Weird("truncated_llc_header", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <packet_analysis/Analyzer.h>
|
#include "zeek/packet_analysis/Analyzer.h"
|
||||||
#include <packet_analysis/Component.h>
|
#include "zeek/packet_analysis/Component.h"
|
||||||
|
|
||||||
namespace zeek::packet_analysis::PacketDemo {
|
namespace zeek::packet_analysis::PacketDemo {
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
#include "RawLayer.h"
|
#include "RawLayer.h"
|
||||||
#include "Event.h"
|
#include "zeek/Event.h"
|
||||||
#include "Val.h"
|
#include "zeek/Val.h"
|
||||||
|
#include "zeek/Sessions.h"
|
||||||
|
|
||||||
#include "events.bif.h"
|
#include "events.bif.h"
|
||||||
|
|
||||||
using namespace zeek::packet_analysis::PacketDemo;
|
using namespace zeek::packet_analysis::PacketDemo;
|
||||||
|
|
@ -15,7 +17,7 @@ bool RawLayer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
||||||
constexpr auto layer_size = 21;
|
constexpr auto layer_size = 21;
|
||||||
if ( layer_size >= len )
|
if ( layer_size >= len )
|
||||||
{
|
{
|
||||||
packet->Weird("truncated_raw_layer");
|
sessions->Weird("truncated_raw_layer", packet);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <packet_analysis/Analyzer.h>
|
#include "zeek/packet_analysis/Analyzer.h"
|
||||||
#include <packet_analysis/Component.h>
|
#include "zeek/packet_analysis/Component.h"
|
||||||
|
|
||||||
namespace zeek::packet_analysis::PacketDemo {
|
namespace zeek::packet_analysis::PacketDemo {
|
||||||
|
|
||||||
|
|
|
||||||
2
testing/external/commit-hash.zeek-testing
vendored
2
testing/external/commit-hash.zeek-testing
vendored
|
|
@ -1 +1 @@
|
||||||
96a87207c28441da667353eda00fe2266fa4f4cf
|
7c770801300b4999bb49f1e5ee38f3f26b918aec
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
4e8c53c07ff70e693c7366bf05680744ca3110c4
|
02c6be7f8c98d7dd42469f266f78f9f9b5df3111
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue