mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Store a single map of Sessions instead of split maps of Connections.
This commit also includes: - Storing the transport protocol in ConnID and ConnIDKey to allow tcp and udp connections from the same IP/Port combinations. This happens in the core.cisco-fabric-path test, for example. - Lots of test updates. The reasons for these are two fold. First, with the change to only store a single map means that TCP, UDP, and ICMP connections are now mixed. When Zeek drains the map at shutdown, it drains each of those protocols together instead of separately. The second is because of how Sessions are stored in the map. We're now storing them keyed by the hash of the key stored by the Session objects, which causes them to again be in the map in a different order.
This commit is contained in:
Tim Wojtulewicz
parent
008e2cbaef
commit
f7e3556a67
22 changed files with 263 additions and 367 deletions
|
|
@ -61,6 +61,7 @@ struct ConnID {
|
|||
uint32_t src_port;
|
||||
uint32_t dst_port;
|
||||
bool is_one_way; // if true, don't canonicalize order
|
||||
TransportProto proto;
|
||||
};
|
||||
|
||||
static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1,
|
||||
|
|
|
|||
|
|
@ -42,6 +42,8 @@ detail::ConnIDKey detail::BuildConnIDKey(const ConnID& id)
|
|||
key.port2 = id.src_port;
|
||||
}
|
||||
|
||||
key.transport = id.proto;
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,8 +26,9 @@ struct ConnIDKey {
|
|||
in6_addr ip2;
|
||||
uint16_t port1;
|
||||
uint16_t port2;
|
||||
TransportProto transport;
|
||||
|
||||
ConnIDKey() : port1(0), port2(0)
|
||||
ConnIDKey() : port1(0), port2(0), transport(TRANSPORT_UNKNOWN)
|
||||
{
|
||||
memset(&ip1, 0, sizeof(in6_addr));
|
||||
memset(&ip2, 0, sizeof(in6_addr));
|
||||
|
|
|
|||
264
src/Sessions.cc
264
src/Sessions.cc
|
|
@ -32,7 +32,6 @@
|
|||
#include "zeek/analyzer/protocol/stepping-stone/events.bif.h"
|
||||
|
||||
zeek::NetSessions* zeek::sessions;
|
||||
zeek::NetSessions*& sessions = zeek::sessions;
|
||||
|
||||
namespace zeek {
|
||||
|
||||
|
|
@ -45,14 +44,7 @@ NetSessions::NetSessions()
|
|||
|
||||
NetSessions::~NetSessions()
|
||||
{
|
||||
for ( const auto& entry : tcp_conns )
|
||||
Unref(entry.second);
|
||||
for ( const auto& entry : udp_conns )
|
||||
Unref(entry.second);
|
||||
for ( const auto& entry : icmp_conns )
|
||||
Unref(entry.second);
|
||||
|
||||
detail::fragment_mgr->Clear();
|
||||
Clear();
|
||||
}
|
||||
|
||||
void NetSessions::Done()
|
||||
|
|
@ -84,7 +76,6 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
ConnID id;
|
||||
id.src_addr = ip_hdr->SrcAddr();
|
||||
id.dst_addr = ip_hdr->DstAddr();
|
||||
ConnectionMap* d = nullptr;
|
||||
BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP;
|
||||
|
||||
switch ( proto ) {
|
||||
|
|
@ -94,7 +85,7 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
id.src_port = tp->th_sport;
|
||||
id.dst_port = tp->th_dport;
|
||||
id.is_one_way = false;
|
||||
d = &tcp_conns;
|
||||
id.proto = TRANSPORT_TCP;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -104,7 +95,7 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
id.src_port = up->uh_sport;
|
||||
id.dst_port = up->uh_dport;
|
||||
id.is_one_way = false;
|
||||
d = &udp_conns;
|
||||
id.proto = TRANSPORT_UDP;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -116,11 +107,9 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
id.dst_port = analyzer::icmp::ICMP4_counterpart(icmpp->icmp_type,
|
||||
icmpp->icmp_code,
|
||||
id.is_one_way);
|
||||
|
||||
id.src_port = htons(id.src_port);
|
||||
id.dst_port = htons(id.dst_port);
|
||||
|
||||
d = &icmp_conns;
|
||||
id.proto = TRANSPORT_ICMP;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -132,11 +121,9 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
id.dst_port = analyzer::icmp::ICMP6_counterpart(icmpp->icmp_type,
|
||||
icmpp->icmp_code,
|
||||
id.is_one_way);
|
||||
|
||||
id.src_port = htons(id.src_port);
|
||||
id.dst_port = htons(id.dst_port);
|
||||
|
||||
d = &icmp_conns;
|
||||
id.proto = TRANSPORT_ICMP;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -145,20 +132,21 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
return;
|
||||
}
|
||||
|
||||
detail::ConnIDKey key = detail::BuildConnIDKey(id);
|
||||
detail::ConnIDKey conn_key = detail::BuildConnIDKey(id);
|
||||
detail::SessionKey key(&conn_key, sizeof(conn_key), false);
|
||||
Connection* conn = nullptr;
|
||||
|
||||
// FIXME: The following is getting pretty complex. Need to split up
|
||||
// into separate functions.
|
||||
auto it = d->find(key);
|
||||
if ( it != d->end() )
|
||||
conn = it->second;
|
||||
auto it = session_map.find(key);
|
||||
if (it != session_map.end() )
|
||||
conn = static_cast<Connection*>(it->second);
|
||||
|
||||
if ( ! conn )
|
||||
{
|
||||
conn = NewConn(key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt);
|
||||
conn = NewConn(conn_key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt);
|
||||
if ( conn )
|
||||
InsertConnection(d, key, conn);
|
||||
InsertSession(std::move(key), conn);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -168,9 +156,9 @@ void NetSessions::ProcessTransportLayer(double t, const Packet* pkt, size_t rema
|
|||
conn->Event(connection_reused, nullptr);
|
||||
|
||||
Remove(conn);
|
||||
conn = NewConn(key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt);
|
||||
conn = NewConn(conn_key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt);
|
||||
if ( conn )
|
||||
InsertConnection(d, key, conn);
|
||||
InsertSession(std::move(key), conn);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -341,28 +329,15 @@ Connection* NetSessions::FindConnection(Val* v)
|
|||
id.dst_port = htons((unsigned short) resp_portv->Port());
|
||||
|
||||
id.is_one_way = false; // ### incorrect for ICMP connections
|
||||
id.proto = orig_portv->PortType();
|
||||
|
||||
detail::ConnIDKey key = detail::BuildConnIDKey(id);
|
||||
ConnectionMap* d;
|
||||
|
||||
if ( orig_portv->IsTCP() )
|
||||
d = &tcp_conns;
|
||||
else if ( orig_portv->IsUDP() )
|
||||
d = &udp_conns;
|
||||
else if ( orig_portv->IsICMP() )
|
||||
d = &icmp_conns;
|
||||
else
|
||||
{
|
||||
// This can happen due to pseudo-connections we
|
||||
// construct, for example for packet headers embedded
|
||||
// in ICMPs.
|
||||
return nullptr;
|
||||
}
|
||||
detail::ConnIDKey conn_key = detail::BuildConnIDKey(id);
|
||||
detail::SessionKey key(&conn_key, sizeof(conn_key), false);
|
||||
|
||||
Connection* conn = nullptr;
|
||||
auto it = d->find(key);
|
||||
if ( it != d->end() )
|
||||
conn = it->second;
|
||||
auto it = session_map.find(key);
|
||||
if ( it != session_map.end() )
|
||||
conn = static_cast<Connection*>(it->second);
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
|
@ -371,85 +346,53 @@ void NetSessions::Remove(Session* s)
|
|||
{
|
||||
Connection* c = static_cast<Connection*>(s);
|
||||
|
||||
if ( c->IsKeyValid() )
|
||||
if ( s->IsKeyValid() )
|
||||
{
|
||||
const detail::ConnIDKey& key = c->Key();
|
||||
c->CancelTimers();
|
||||
s->CancelTimers();
|
||||
s->Done();
|
||||
s->RemovalEvent();
|
||||
|
||||
c->Done();
|
||||
c->RemovalEvent();
|
||||
// Clears out the session's copy of the key so that if the
|
||||
// session has been Ref()'d somewhere, we know that on a future
|
||||
// call to Remove() that it's no longer in the map.
|
||||
detail::SessionKey key = s->SessionKey(false);
|
||||
|
||||
// Zero out c's copy of the key, so that if c has been Ref()'d
|
||||
// up, we know on a future call to Remove() that it's no
|
||||
// longer in the dictionary.
|
||||
c->ClearKey();
|
||||
|
||||
switch ( c->ConnTransport() ) {
|
||||
case TRANSPORT_TCP:
|
||||
if ( tcp_conns.erase(key) == 0 )
|
||||
reporter->InternalWarning("connection missing");
|
||||
else
|
||||
if ( session_map.erase(key) == 0 )
|
||||
reporter->InternalWarning("connection missing");
|
||||
else
|
||||
switch ( c->ConnTransport() ) {
|
||||
case TRANSPORT_TCP:
|
||||
stats.GetOrAdd({{"tcp", "num_conns"}}).Dec();
|
||||
break;
|
||||
|
||||
case TRANSPORT_UDP:
|
||||
if ( udp_conns.erase(key) == 0 )
|
||||
reporter->InternalWarning("connection missing");
|
||||
else
|
||||
break;
|
||||
case TRANSPORT_UDP:
|
||||
stats.GetOrAdd({{"udp", "num_conns"}}).Dec();
|
||||
break;
|
||||
|
||||
case TRANSPORT_ICMP:
|
||||
if ( icmp_conns.erase(key) == 0 )
|
||||
reporter->InternalWarning("connection missing");
|
||||
else
|
||||
break;
|
||||
case TRANSPORT_ICMP:
|
||||
stats.GetOrAdd({{"icmp", "num_conns"}}).Dec();
|
||||
break;
|
||||
break;
|
||||
case TRANSPORT_UNKNOWN: break;
|
||||
}
|
||||
|
||||
case TRANSPORT_UNKNOWN:
|
||||
reporter->InternalWarning("unknown transport when removing connection");
|
||||
break;
|
||||
}
|
||||
|
||||
Unref(c);
|
||||
s->ClearKey();
|
||||
Unref(s);
|
||||
}
|
||||
}
|
||||
|
||||
void NetSessions::Insert(Connection* c)
|
||||
void NetSessions::Insert(Session* s)
|
||||
{
|
||||
assert(c->IsKeyValid());
|
||||
assert(s->IsKeyValid());
|
||||
|
||||
Connection* old = nullptr;
|
||||
Session* old = nullptr;
|
||||
detail::SessionKey key = s->SessionKey(true);
|
||||
|
||||
switch ( c->ConnTransport() ) {
|
||||
// Remove first. Otherwise the map would still reference the old key for
|
||||
// already existing connections.
|
||||
auto it = session_map.find(key);
|
||||
if ( it != session_map.end() )
|
||||
old = it->second;
|
||||
|
||||
case TRANSPORT_TCP:
|
||||
old = LookupConn(tcp_conns, c->Key());
|
||||
tcp_conns.erase(c->Key());
|
||||
InsertConnection(&tcp_conns, c->Key(), c);
|
||||
break;
|
||||
session_map.erase(key);
|
||||
InsertSession(std::move(key), s);
|
||||
|
||||
case TRANSPORT_UDP:
|
||||
old = LookupConn(udp_conns, c->Key());
|
||||
udp_conns.erase(c->Key());
|
||||
InsertConnection(&udp_conns, c->Key(), c);
|
||||
break;
|
||||
|
||||
case TRANSPORT_ICMP:
|
||||
old = LookupConn(icmp_conns, c->Key());
|
||||
icmp_conns.erase(c->Key());
|
||||
InsertConnection(&icmp_conns, c->Key(), c);
|
||||
break;
|
||||
|
||||
default:
|
||||
reporter->InternalWarning("unknown connection type");
|
||||
Unref(c);
|
||||
return;
|
||||
}
|
||||
|
||||
if ( old && old != c )
|
||||
if ( old && old != s )
|
||||
{
|
||||
// Some clean-ups similar to those in Remove() (but invisible
|
||||
// to the script layer).
|
||||
|
|
@ -461,40 +404,20 @@ void NetSessions::Insert(Connection* c)
|
|||
|
||||
void NetSessions::Drain()
|
||||
{
|
||||
for ( const auto& entry : tcp_conns )
|
||||
for ( const auto& entry : session_map )
|
||||
{
|
||||
Connection* tc = entry.second;
|
||||
Session* tc = entry.second;
|
||||
tc->Done();
|
||||
tc->RemovalEvent();
|
||||
}
|
||||
|
||||
for ( const auto& entry : udp_conns )
|
||||
{
|
||||
Connection* uc = entry.second;
|
||||
uc->Done();
|
||||
uc->RemovalEvent();
|
||||
}
|
||||
|
||||
for ( const auto& entry : icmp_conns )
|
||||
{
|
||||
Connection* ic = entry.second;
|
||||
ic->Done();
|
||||
ic->RemovalEvent();
|
||||
}
|
||||
}
|
||||
|
||||
void NetSessions::Clear()
|
||||
{
|
||||
for ( const auto& entry : tcp_conns )
|
||||
Unref(entry.second);
|
||||
for ( const auto& entry : udp_conns )
|
||||
Unref(entry.second);
|
||||
for ( const auto& entry : icmp_conns )
|
||||
for ( const auto& entry : session_map )
|
||||
Unref(entry.second);
|
||||
|
||||
tcp_conns.clear();
|
||||
udp_conns.clear();
|
||||
icmp_conns.clear();
|
||||
session_map.clear();
|
||||
|
||||
detail::fragment_mgr->Clear();
|
||||
}
|
||||
|
|
@ -578,15 +501,6 @@ Connection* NetSessions::NewConn(const detail::ConnIDKey& k, double t, const Con
|
|||
return conn;
|
||||
}
|
||||
|
||||
Connection* NetSessions::LookupConn(const ConnectionMap& conns, const detail::ConnIDKey& key)
|
||||
{
|
||||
auto it = conns.find(key);
|
||||
if ( it != conns.end() )
|
||||
return it->second;
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
bool NetSessions::IsLikelyServerPort(uint32_t port, TransportProto proto) const
|
||||
{
|
||||
// We keep a cached in-core version of the table to speed up the lookup.
|
||||
|
|
@ -695,13 +609,7 @@ unsigned int NetSessions::ConnectionMemoryUsage()
|
|||
// Connections have been flushed already.
|
||||
return 0;
|
||||
|
||||
for ( const auto& entry : tcp_conns )
|
||||
mem += entry.second->MemoryAllocation();
|
||||
|
||||
for ( const auto& entry : udp_conns )
|
||||
mem += entry.second->MemoryAllocation();
|
||||
|
||||
for ( const auto& entry : icmp_conns )
|
||||
for ( const auto& entry : session_map )
|
||||
mem += entry.second->MemoryAllocation();
|
||||
|
||||
return mem;
|
||||
|
|
@ -715,13 +623,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals()
|
|||
// Connections have been flushed already.
|
||||
return 0;
|
||||
|
||||
for ( const auto& entry : tcp_conns )
|
||||
mem += entry.second->MemoryAllocationConnVal();
|
||||
|
||||
for ( const auto& entry : udp_conns )
|
||||
mem += entry.second->MemoryAllocationConnVal();
|
||||
|
||||
for ( const auto& entry : icmp_conns )
|
||||
for ( const auto& entry : session_map )
|
||||
mem += entry.second->MemoryAllocationConnVal();
|
||||
|
||||
return mem;
|
||||
|
|
@ -735,48 +637,42 @@ unsigned int NetSessions::MemoryAllocation()
|
|||
|
||||
return ConnectionMemoryUsage()
|
||||
+ padded_sizeof(*this)
|
||||
+ (tcp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type)))
|
||||
+ (udp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type)))
|
||||
+ (icmp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type)))
|
||||
+ (session_map.size() * (sizeof(SessionMap::key_type) + sizeof(SessionMap::value_type)))
|
||||
+ detail::fragment_mgr->MemoryAllocation();
|
||||
// FIXME: MemoryAllocation() not implemented for rest.
|
||||
;
|
||||
}
|
||||
|
||||
void NetSessions::InsertConnection(ConnectionMap* m, const detail::ConnIDKey& key, Connection* conn)
|
||||
void NetSessions::InsertSession(detail::SessionKey key, Session* session)
|
||||
{
|
||||
(*m)[key] = conn;
|
||||
key.CopyData();
|
||||
session_map.insert_or_assign(std::move(key), session);
|
||||
|
||||
switch ( conn->ConnTransport() )
|
||||
std::string protocol;
|
||||
switch ( static_cast<Connection*>(session)->ConnTransport() )
|
||||
{
|
||||
case TRANSPORT_TCP:
|
||||
{
|
||||
stats.GetOrAdd({{"tcp", "num_conns"}}).Inc();
|
||||
stats.GetOrAdd({{"tcp", "cumulative_conns"}}).Inc();
|
||||
auto max = stats.GetOrAdd({{"tcp", "max_conns"}});
|
||||
if ( m->size() > max.Value() )
|
||||
max.Inc();
|
||||
protocol = "tcp";
|
||||
break;
|
||||
}
|
||||
case TRANSPORT_UDP:
|
||||
{
|
||||
stats.GetOrAdd({{"udp", "num_conns"}}).Inc();
|
||||
stats.GetOrAdd({{"udp", "cumulative_conns"}}).Inc();
|
||||
auto max = stats.GetOrAdd({{"udp", "max_conns"}});
|
||||
if ( m->size() > max.Value() )
|
||||
max.Inc();
|
||||
protocol = "udp";
|
||||
break;
|
||||
}
|
||||
case TRANSPORT_ICMP:
|
||||
{
|
||||
stats.GetOrAdd({{"icmp", "num_conns"}}).Inc();
|
||||
stats.GetOrAdd({{"icmp", "cumulative_conns"}}).Inc();
|
||||
auto max = stats.GetOrAdd({{"icmp", "max_conns"}});
|
||||
if ( m->size() > max.Value() )
|
||||
max.Inc();
|
||||
protocol = "icmp";
|
||||
break;
|
||||
}
|
||||
default: break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if ( ! protocol.empty() )
|
||||
{
|
||||
auto max = stats.GetOrAdd({{protocol, "max_conns"}});
|
||||
auto num = stats.GetOrAdd({{protocol, "num_conns"}});
|
||||
num.Inc();
|
||||
|
||||
stats.GetOrAdd({{protocol, "cumulative_conns"}}).Inc();
|
||||
if ( num.Value() > max.Value() )
|
||||
max.Inc();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@
|
|||
#include "zeek/NetVar.h"
|
||||
#include "zeek/analyzer/protocol/tcp/Stats.h"
|
||||
#include "zeek/telemetry/Gauge.h"
|
||||
#include "zeek/Hash.h"
|
||||
#include "zeek/Session.h"
|
||||
|
||||
namespace zeek {
|
||||
|
||||
|
|
@ -18,7 +20,6 @@ namespace detail { class PacketFilter; }
|
|||
class EncapsulationStack;
|
||||
class Packet;
|
||||
class Connection;
|
||||
class Session;
|
||||
struct ConnID;
|
||||
|
||||
struct SessionStats {
|
||||
|
|
@ -39,7 +40,7 @@ struct SessionStats {
|
|||
uint64_t num_packets;
|
||||
};
|
||||
|
||||
class NetSessions {
|
||||
class NetSessions final {
|
||||
public:
|
||||
NetSessions();
|
||||
~NetSessions();
|
||||
|
|
@ -61,7 +62,7 @@ public:
|
|||
Connection* FindConnection(const detail::ConnIDKey& key, TransportProto proto);
|
||||
|
||||
void Remove(Session* s);
|
||||
void Insert(Connection* c);
|
||||
void Insert(Session* c);
|
||||
|
||||
// Generating connection_pending events for all connections
|
||||
// that are still active.
|
||||
|
|
@ -82,7 +83,7 @@ public:
|
|||
|
||||
unsigned int CurrentConnections()
|
||||
{
|
||||
return tcp_conns.size() + udp_conns.size() + icmp_conns.size();
|
||||
return session_map.size();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -130,16 +131,13 @@ public:
|
|||
analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states
|
||||
|
||||
protected:
|
||||
friend class ConnCompressor;
|
||||
|
||||
using ConnectionMap = std::map<detail::ConnIDKey, Connection*>;
|
||||
using SessionMap = std::map<detail::SessionKey, Session*>;
|
||||
|
||||
Connection* NewConn(const detail::ConnIDKey& k, double t, const ConnID* id,
|
||||
const u_char* data, int proto, uint32_t flow_label,
|
||||
const Packet* pkt);
|
||||
|
||||
Connection* LookupConn(const ConnectionMap& conns, const detail::ConnIDKey& key);
|
||||
|
||||
// Returns true if the port corresonds to an application
|
||||
// for which there's a Bro analyzer (even if it might not
|
||||
// be used by the present policy script), or it's more
|
||||
|
|
@ -167,12 +165,9 @@ protected:
|
|||
// the new one. Connection count stats get updated either way (so most
|
||||
// cases should likely check that the key is not already in the map to
|
||||
// avoid unnecessary incrementing of connecting counts).
|
||||
void InsertConnection(ConnectionMap* m, const detail::ConnIDKey& key, Connection* conn);
|
||||
|
||||
ConnectionMap tcp_conns;
|
||||
ConnectionMap udp_conns;
|
||||
ConnectionMap icmp_conns;
|
||||
void InsertSession(detail::SessionKey key, Session* session);
|
||||
|
||||
SessionMap session_map;
|
||||
telemetry::IntGaugeFamily stats;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -25,9 +25,10 @@ static zeek::Connection* add_connection()
|
|||
conn_id.src_port = htons(23132);
|
||||
conn_id.dst_port = htons(80);
|
||||
conn_id.is_one_way = false;
|
||||
conn_id.proto = TRANSPORT_TCP;
|
||||
zeek::detail::ConnIDKey key = zeek::detail::BuildConnIDKey(conn_id);
|
||||
zeek::Connection* conn = new zeek::Connection(zeek::sessions, key, network_time_start,
|
||||
&conn_id, 1, &p);
|
||||
&conn_id, 1, &p);
|
||||
conn->SetTransport(TRANSPORT_TCP);
|
||||
zeek::sessions->Insert(conn);
|
||||
return conn;
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 40264 172.28.2.3 22 tcp - 3.1
|
|||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
|
|
|
|||
|
|
@ -15,17 +15,17 @@ XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 tcp http
|
|||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.1 8 10.0.0.2 0 icmp - 3.004616 224 224 OTH - - 0 - 4 336 4 336 CUM0KZ3MLUfNB0cl11,C4J4Th3PJpwUYZZ6gc
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 udp vxlan 3.004278 424 0 S0 - - 0 D 4 536 0 0 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.56.12 40908 192.168.56.11 4789 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.56.11 39924 192.168.56.12 4789 udp - - - - S0 - - 0 D 1 78 0 0 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 udp vxlan 3.004434 424 0 S0 - - 0 D 4 536 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 10.0.0.1 8 10.0.0.2 0 icmp - 3.004616 224 224 OTH - - 0 - 4 336 4 336 CUM0KZ3MLUfNB0cl11,C4J4Th3PJpwUYZZ6gc
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.
|
|||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.1
|
|||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,15 +8,7 @@
|
|||
#fields _write_ts _stream _system_name ts uid id.orig_h id.resp_h
|
||||
#types time string string time string addr addr
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 141.142.220.235
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 208.80.152.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 208.80.152.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 208.80.152.118
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 141.142.2.2
|
||||
|
|
@ -30,9 +22,17 @@ XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.
|
|||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 141.142.2.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 224.0.0.251
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 224.0.0.251
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 224.0.0.251
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 224.0.0.251
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 208.80.152.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 208.80.152.2
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 208.80.152.3
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 208.80.152.118
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 224.0.0.251
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 141.142.220.255
|
||||
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 224.0.0.252
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 4999
|
|||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 4
|
|||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0
|
|||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -21,17 +21,17 @@ XXXXXXXXXX.XXXXXX 141.142.220.118
|
|||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.44
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.50
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.118
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.202
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.226
|
||||
XXXXXXXXXX.XXXXXX 141.142.220.226
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0
|
|||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0
|
|||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
|
||||
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
|
||||
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
|
||||
|
|
|
|||
|
|
@ -8,7 +8,23 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
|
||||
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
|
|
@ -17,22 +33,6 @@ XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0
|
|||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
|
||||
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb
|
||||
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb
|
||||
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb
|
||||
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff
|
||||
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue