mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge branch 'master' into topic/vern/script-inlining
This commit is contained in:
Jon Siwek
commit
ff7d9e3d72
144 changed files with 1930 additions and 1263 deletions
18
.cirrus.yml
18
.cirrus.yml
|
|
@ -4,6 +4,7 @@ btest_retries: &BTEST_RETRIES 2
|
|||
memory: &MEMORY 4GB
|
||||
|
||||
config: &CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --prefix=$CIRRUS_WORKING_DIR/install
|
||||
static_config: &STATIC_CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --enable-static-broker --enable-static-binpac --prefix=$CIRRUS_WORKING_DIR/install
|
||||
sanitizer_config: &SANITIZER_CONFIG --build-type=debug --enable-cpp-tests --disable-broker-tests --sanitizers=address,undefined --enable-fuzzers --enable-coverage
|
||||
|
||||
resources_template: &RESOURCES_TEMPLATE
|
||||
|
|
@ -87,13 +88,6 @@ fedora32_task:
|
|||
<< : *RESOURCES_TEMPLATE
|
||||
<< : *CI_TEMPLATE
|
||||
|
||||
fedora31_task:
|
||||
container:
|
||||
# Fedora 31 EOL: Nov 24 2020
|
||||
dockerfile: ci/fedora-31/Dockerfile
|
||||
<< : *RESOURCES_TEMPLATE
|
||||
<< : *CI_TEMPLATE
|
||||
|
||||
centos8_task:
|
||||
container:
|
||||
# CentOS 8 EOL: May 31, 2029
|
||||
|
|
@ -120,6 +114,16 @@ debian10_task:
|
|||
<< : *RESOURCES_TEMPLATE
|
||||
<< : *CI_TEMPLATE
|
||||
|
||||
debian10_static_task:
|
||||
container:
|
||||
# Just uses a recent/common distro to run a static compile test.
|
||||
# Debian 10 EOL: June 2024
|
||||
dockerfile: ci/debian-10/Dockerfile
|
||||
<< : *RESOURCES_TEMPLATE
|
||||
<< : *CI_TEMPLATE
|
||||
env:
|
||||
ZEEK_CI_CONFIGURE_FLAGS: *STATIC_CONFIG
|
||||
|
||||
debian9_task:
|
||||
container:
|
||||
# Debian 9 EOL: June 2022
|
||||
|
|
|
|||
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -8,3 +8,6 @@ cmake-build-*
|
|||
|
||||
# skip DS Store for MacOS
|
||||
.DS_Store
|
||||
|
||||
# ignore pyenv local settings
|
||||
.python-version
|
||||
|
|
|
|||
118
CHANGES
118
CHANGES
|
|
@ -1,3 +1,121 @@
|
|||
|
||||
3.3.0-dev.607 | 2020-12-04 11:16:09 -0800
|
||||
|
||||
* Fix the CMake 'dist' target of Zeek plugins to only run when outdated (Benjamin Bannier, Corelight)
|
||||
|
||||
3.3.0-dev.604 | 2020-12-04 18:40:03 +0000
|
||||
|
||||
* Sumstats: allow users to manage epoch manually
|
||||
|
||||
This change allows users to specify an epoch length of 0, which means
|
||||
that the user manually has to finish the epochs. A new next_epoch
|
||||
function is introduced to allow users to manually end epochs.
|
||||
|
||||
Addresses GH-348 (Johanna Amann, Corelight)
|
||||
|
||||
* Sumstats: epoch_finished was not called under certain circumstances
|
||||
|
||||
In non-clustered mode, epoch_finished was not called when there was no
|
||||
data during the epoch.
|
||||
|
||||
This behavior does not fit the documentation, and also is different in
|
||||
cluster-mode, where epoch_finished is, indeed, called after every epoch.
|
||||
|
||||
This small change fixes this behavior. (Johanna Amann, Corelight)
|
||||
|
||||
3.3.0-dev.600 | 2020-12-03 18:02:22 -0800
|
||||
|
||||
* Add a CI task for compiling with static broker/binpac (Johanna Amann, Corelight)
|
||||
|
||||
3.3.0-dev.596 | 2020-12-03 09:35:42 -0700
|
||||
|
||||
* Fix a couple of life-time issues when plugin loading fails.
|
||||
|
||||
Reported by Coverity.
|
||||
|
||||
Follow-up to #1179. (Robin Sommer, Corelight)
|
||||
|
||||
3.3.0-dev.593 | 2020-12-02 12:53:04 -0800
|
||||
|
||||
* Add `count_to_double` and `int_to_double` bif functions (Yacin Nadji, Corelight)
|
||||
|
||||
3.3.0-dev.590 | 2020-12-02 11:11:26 -0800
|
||||
|
||||
* Update minimum required CMake to 3.5 (Jon Siwek, Corelight)
|
||||
|
||||
Also now uses CMake's ENABLE_EXPORTS target property for the zeek
|
||||
executable to ensure symbols are visible to plugins. Prior to CMake
|
||||
3.4, the policy was to export symbols by default for certain platforms,
|
||||
but later versions need either the explicit target property or policy.
|
||||
|
||||
3.3.0-dev.587 | 2020-12-01 10:17:42 -0700
|
||||
|
||||
* GH-1184: Add 'source' field to weird log denoting where the weird was reported (Tim Wojtulewicz, Corelight)
|
||||
|
||||
3.3.0-dev.585 | 2020-12-01 14:42:54 +0000
|
||||
|
||||
* Retry loading plugins on failure to resolve to dependencies.
|
||||
Closes #1179. (Robin Sommer, Corelight)
|
||||
|
||||
3.3.0-dev.580 | 2020-11-30 14:07:39 -0700
|
||||
|
||||
* Find correct zeek namespace in debug logger macros.
|
||||
|
||||
These macros forward to functionality in `zeek::detail::debug_logger`
|
||||
and are not intended for customization. This patch fixes the macros to
|
||||
always use `::zeek::detail::debug_logger` as without the leading `::`
|
||||
lookup could happen in any potentially local namespace `zeek` which does
|
||||
not need to provide this symbol.
|
||||
|
||||
This closes zeek/spicy#597. (Benjamin Bannier, Corelight)
|
||||
|
||||
3.3.0-dev.576 | 2020-11-26 18:16:07 +0000
|
||||
|
||||
* Remove Python2 compatibility logic. We now require at least Python 3.5.
|
||||
This includes script changes, improves the cmake logic to find python3,
|
||||
makes scripts explicitly call python3 and documentation updates.
|
||||
|
||||
(Jon Siwek, Corelight)
|
||||
|
||||
* Remove Fedora 31 (EOL) from CI (Jon Siwek, Corelight)
|
||||
|
||||
3.3.0-dev.564 | 2020-11-24 15:23:50 -0800
|
||||
|
||||
* Improve support for custom libdir locations (Christian Kreibich, Corelight)
|
||||
|
||||
- Remove hardwiring of $ZEEK_ROOT/lib throughout the three and
|
||||
defaults the name of Zeek's library directory to the default on the
|
||||
given platform (e.g. lib64), via GNUInstallDirs.
|
||||
|
||||
- Consistently use that lib directory, instead of two lib folders
|
||||
resulting when using a custom libdir.
|
||||
|
||||
- Remove the old lib directory in the installation prefix, if one exists
|
||||
|
||||
- Add --lib_dir to zeek-config (and sort its options a bit).
|
||||
|
||||
3.3.0-dev.561 | 2020-11-23 21:50:19 -0800
|
||||
|
||||
* Move implementation of internal_{type,var,etc} methods back into global namespace.
|
||||
(Tim Wojtulewicz, Corelight)
|
||||
|
||||
This fixes an unknown symbol error if using those methods. They're defined
|
||||
as extern in the global namespace in Var.h, but Var.cc had their
|
||||
implementations defined in the zeek::detail namespace.
|
||||
|
||||
3.3.0-dev.559 | 2020-11-23 21:39:29 -0800
|
||||
|
||||
* Simplify Debian/Ubuntu CI dependencies and setup (Dominik Charousset, Corelight)
|
||||
|
||||
* Update .gitignore to ignore pyenv .python-version (Otto Fowler)
|
||||
|
||||
3.3.0-dev.554 | 2020-11-19 18:09:01 -0800
|
||||
|
||||
* Reverts the SMTP regex change in dead3226a545e264072ced40284f86ac41528ba8. (Tim Wojtulewicz, Corelight)
|
||||
|
||||
The regex change broke some of the external tests. I added some more cases
|
||||
to the regular email btest to hopefully cover all of the cases better.
|
||||
|
||||
3.3.0-dev.551 | 2020-11-17 15:01:04 -0700
|
||||
|
||||
* Added unit tests for regex fix (christina23)
|
||||
|
|
|
|||
|
|
@ -1,17 +1,10 @@
|
|||
# When changing the minimum version here, also adapt
|
||||
# auxil/zeek-aux/plugin-support/skeleton/CMakeLists.txt
|
||||
cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
|
||||
cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
|
||||
|
||||
project(Zeek C CXX)
|
||||
|
||||
if ( NOT CMAKE_INSTALL_LIBDIR )
|
||||
# Currently, some sub-projects may use GNUInstallDirs.cmake to choose the
|
||||
# library install dir, while others just default to "lib". For sake of
|
||||
# consistency, this just overrides the former to always use "lib" in case
|
||||
# it would have chosen something else, like "lib64", but a thing for the
|
||||
# future may be to standardize all sub-projects to use GNUInstallDirs.
|
||||
set(CMAKE_INSTALL_LIBDIR lib)
|
||||
endif ()
|
||||
include(GNUInstallDirs)
|
||||
|
||||
include(cmake/CommonCMakeConfig.cmake)
|
||||
include(cmake/FindClangTidy.cmake)
|
||||
|
|
@ -60,7 +53,8 @@ endif ()
|
|||
get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH}
|
||||
ABSOLUTE)
|
||||
|
||||
set(BRO_PLUGIN_INSTALL_PATH ${ZEEK_ROOT_DIR}/lib/zeek/plugins CACHE STRING "Installation path for plugins" FORCE)
|
||||
set(BRO_PLUGIN_INSTALL_PATH ${CMAKE_INSTALL_FULL_LIBDIR}/zeek/plugins CACHE STRING "Installation path for plugins" FORCE)
|
||||
set(PY_MOD_INSTALL_DIR ${CMAKE_INSTALL_FULL_LIBDIR}/zeekctl CACHE STRING "Installation path for Python modules" FORCE)
|
||||
|
||||
configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
|
||||
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
|
||||
|
|
@ -126,7 +120,7 @@ if ( NOT BINARY_PACKAGING_MODE )
|
|||
# before Zeek 3.0.
|
||||
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro" "${CMAKE_INSTALL_PREFIX}/include/zeek")
|
||||
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro" "${CMAKE_INSTALL_PREFIX}/share/zeek")
|
||||
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_PREFIX}/lib/zeek")
|
||||
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_FULL_LIBDIR}/zeek")
|
||||
endif ()
|
||||
|
||||
if ( ZEEK_SANITIZERS )
|
||||
|
|
@ -242,6 +236,7 @@ if (NOT SED_EXE)
|
|||
endif ()
|
||||
endif ()
|
||||
|
||||
list(APPEND Python_ADDITIONAL_VERSIONS 3)
|
||||
FindRequiredPackage(PythonInterp)
|
||||
FindRequiredPackage(FLEX)
|
||||
FindRequiredPackage(BISON)
|
||||
|
|
@ -288,6 +283,12 @@ if (MISSING_PREREQS)
|
|||
message(FATAL_ERROR "Configuration aborted due to missing prerequisites")
|
||||
endif ()
|
||||
|
||||
set(ZEEK_PYTHON_MIN 3.5.0)
|
||||
|
||||
if ( PYTHON_VERSION_STRING VERSION_LESS ${ZEEK_PYTHON_MIN} )
|
||||
message(FATAL_ERROR "Python ${ZEEK_PYTHON_MIN} or greater is required.")
|
||||
endif ()
|
||||
|
||||
if ( CAF_ROOT_DIR )
|
||||
find_package(CAF COMPONENTS core io openssl REQUIRED)
|
||||
endif ()
|
||||
|
|
@ -514,12 +515,29 @@ CheckOptionalBuildSources(auxil/zeekctl ZeekControl INSTALL_ZEEKCTL)
|
|||
CheckOptionalBuildSources(auxil/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS)
|
||||
CheckOptionalBuildSources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
|
||||
|
||||
########################################################################
|
||||
## Transitions and cleanups
|
||||
|
||||
if ( NOT BINARY_PACKAGING_MODE )
|
||||
# Remove pre-existing libdir of the old hardwired name if it is not
|
||||
# the name we're now installing under.
|
||||
set(_old_libdir ${CMAKE_INSTALL_PREFIX}/lib)
|
||||
|
||||
install(CODE "
|
||||
if ( EXISTS \"${_old_libdir}\" AND IS_DIRECTORY \"${_old_libdir}\"
|
||||
AND NOT \"${_old_libdir}\" STREQUAL \"${CMAKE_INSTALL_FULL_LIBDIR}\" )
|
||||
message(STATUS \"WARNING: removing old library directory ${_old_libdir}\")
|
||||
execute_process(COMMAND \"${CMAKE_COMMAND}\" -E remove_directory \"${_old_libdir}\")
|
||||
endif ()
|
||||
")
|
||||
endif ()
|
||||
|
||||
########################################################################
|
||||
## Packaging Setup
|
||||
|
||||
if (INSTALL_ZEEKCTL)
|
||||
# CPack RPM Generator may not automatically detect this
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0")
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES "python >= ${ZEEK_PYTHON_MIN}")
|
||||
endif ()
|
||||
|
||||
# If this CMake project is a sub-project of another, we will not
|
||||
|
|
|
|||
61
NEWS
61
NEWS
|
|
@ -84,6 +84,42 @@ New Functionality
|
|||
is a special version indicating that the server/client supports both SSH2 and
|
||||
SSH1.
|
||||
|
||||
- Added ``count_to_double()`` and ``int_to_double()`` type-conversion BIFs.
|
||||
|
||||
- Added these string-processing BIFs:
|
||||
|
||||
- count_substr
|
||||
- find_str
|
||||
- rfind_str
|
||||
- starts_with
|
||||
- ends_with
|
||||
- is_num
|
||||
- is_alpha
|
||||
- is_alnum
|
||||
- ljust
|
||||
- rjust
|
||||
- swap_case
|
||||
- to_title
|
||||
- zfill
|
||||
- remove_prefix
|
||||
- remove_suffix
|
||||
|
||||
- Added a new ``Weird::sampling_global_list`` option to configure global
|
||||
rate-limiting of certain weirds instead of per connection/flow.
|
||||
|
||||
- Added a ``Pcap::findalldevs()`` for obtaining available network devices.
|
||||
|
||||
- Added ``enum_names()`` BIF to return names of an enum type's values
|
||||
|
||||
- Added ``type_aliases`` BIF for introspecting type-names of types/values
|
||||
|
||||
- Added composite-index support for ``&backend`` (Broker-backed tables).
|
||||
An example of a set with composite index is ``set[string, count, count]``.
|
||||
|
||||
- Sumstats now allows manual epochs. If an ``epoch`` interval of 0 is specified,
|
||||
epochs will have to be manually ended by callis ``SumStats::next_epoch``. This
|
||||
can be convenient because epochs can be synced to other events.
|
||||
|
||||
Changed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
@ -127,6 +163,27 @@ Changed Functionality
|
|||
to a behavior that favors consistency. For reference, see
|
||||
https://github.com/zeek/zeek/pull/251#issuecomment-713956976
|
||||
|
||||
- The Zeek installation tree is now more consistent in using a ``lib64/``
|
||||
(rather than ``lib/``) subdirectory for platforms where that's the common
|
||||
convention. If the old hardcoded ``lib/`` path exists while installing Zeek
|
||||
4.0 and the new subdirectory differs, then the old ``lib/`` will be removed.
|
||||
This potentially wipes out binary plugins that have already been installed
|
||||
there, but Zeek plugins generally have to be re-built/re-installed upon any
|
||||
Zeek upgrade anyway, so no part of the usual upgrade process is expected to
|
||||
be complicated by this cleanup operation.
|
||||
|
||||
- Continued renaming/namespacing of many classes into either ``zeek`` or
|
||||
``zeek::detail`` namespaces as already explained in Zeek 3.2's release notes.
|
||||
Deprecation warnings should generally help notify plugin developers of these
|
||||
changes.
|
||||
|
||||
- Changed HTTP DPD signatures to trigger analyzer independent of peer state.
|
||||
|
||||
This is to avoid missing large sessions where a single side exceeds
|
||||
the DPD buffer size. It comes with the trade-off that now the analyzer
|
||||
can be triggered by anybody controlling one of the endpoints (instead
|
||||
of both). For discussion, see https://github.com/zeek/zeek/issues/343.
|
||||
|
||||
Removed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
@ -146,6 +203,10 @@ Removed Functionality
|
|||
``connection_state_remove`` handler can now be resolved with a less-confusing
|
||||
approach: see the ``Conn::register_removal_hook`` function.
|
||||
|
||||
- Python 2 is no longer supported. Python 3.5 is the new minimum requirement.
|
||||
|
||||
- CMake versions less than 3.5 are no longer supported.
|
||||
|
||||
Deprecated Functionality
|
||||
------------------------
|
||||
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
3.3.0-dev.551
|
||||
3.3.0-dev.607
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 1eaa6aff1d991307b134d85b64e1ab7b68c89c92
|
||||
Subproject commit 5a45ae8d0f61e7ae7fa3ed0ea5841e8347e40926
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit bc719c1565de9454b04a4b9aade14460268bcfbe
|
||||
Subproject commit 1078f4e9d6065ae47cf6fca9bd8e98183f913b98
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 28fbb63d06c9192923effc930a4b60226c35fb0e
|
||||
Subproject commit 8899280694d8d5ad3aaa0a03cc99e4c3d3fd7887
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 8ce78fe388fbb583b47e1a9ea956c94cb9b5be6d
|
||||
Subproject commit 26c180e0c6a14ced1853dfb42be0e7b99c71eca0
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 92d1bee12b0d92d36d784367c3c33646a7db990d
|
||||
Subproject commit 94e1c36512adb47b43c157b87c500176ffb668e2
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 512c911c27aeb319430093187f85c70610d80035
|
||||
Subproject commit f7b6c4566187e8a7968ceab58bb329da25142ea2
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 107b7bd51d530df888996553123992d05f1ee27b
|
||||
Subproject commit 37d9e97833aab3e6c24fdeb8c8f5385b878f8290
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit fbb5a21719d4d00244bdd9f0d0a2f8543580a016
|
||||
Subproject commit 037bd04115ee0176536d85374f39980a45e9ff92
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit f99e3265c5e7d6c45361b7d8dc03e772f66b0d4b
|
||||
Subproject commit 0abed02b22f75d40d8c089fa1185681a6a9ee6d6
|
||||
|
|
@ -5,7 +5,7 @@ FROM centos:7
|
|||
RUN yum -y install \
|
||||
https://repo.ius.io/ius-release-el7.rpm \
|
||||
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
|
||||
&& yum -y install git2u \
|
||||
&& yum -y install git224 \
|
||||
&& yum clean all && rm -rf /var/cache/yum
|
||||
|
||||
RUN yum -y install \
|
||||
|
|
@ -38,13 +38,7 @@ RUN yum -y install \
|
|||
which \
|
||||
&& yum clean all && rm -rf /var/cache/yum
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
||||
RUN echo 'unset BASH_ENV PROMPT_COMMAND ENV' > /usr/bin/zeek-ci-env && \
|
||||
echo 'source /opt/rh/devtoolset-7/enable' >> /usr/bin/zeek-ci-env
|
||||
|
|
|
|||
|
|
@ -23,13 +23,8 @@ RUN dnf -y update && dnf -y install \
|
|||
zlib-devel \
|
||||
libsqlite3x-devel \
|
||||
findutils \
|
||||
diffutils \
|
||||
which \
|
||||
&& dnf clean all && rm -rf /var/cache/dnf
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
|
|
|||
|
|
@ -25,10 +25,4 @@ RUN apt-get update && apt-get -y install \
|
|||
xz-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
|
|
|||
|
|
@ -31,12 +31,6 @@ RUN apt-get update && apt-get -y install \
|
|||
RUN update-alternatives --install /usr/bin/cc cc /usr/bin/clang-7 100
|
||||
RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-7 100
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
||||
ENV CXXFLAGS=-stdlib=libc++
|
||||
|
|
|
|||
|
|
@ -28,15 +28,8 @@ RUN apt-get update && apt-get -y install \
|
|||
libc++abi-7-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN update-alternatives --install /usr/bin/cc cc /usr/bin/clang-7 100
|
||||
RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-7 100
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
||||
ENV CC=/usr/bin/clang-7
|
||||
ENV CXX=/usr/bin/clang++-7
|
||||
ENV CXXFLAGS=-stdlib=libc++
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
FROM fedora:31
|
||||
|
||||
RUN yum -y install \
|
||||
bison \
|
||||
cmake \
|
||||
diffutils \
|
||||
findutils \
|
||||
flex \
|
||||
git \
|
||||
gcc \
|
||||
gcc-c++ \
|
||||
libpcap-devel \
|
||||
make \
|
||||
openssl \
|
||||
openssl-devel \
|
||||
python3 \
|
||||
python3-devel \
|
||||
python3-pip\
|
||||
sqlite \
|
||||
swig \
|
||||
which \
|
||||
zlib-devel \
|
||||
&& yum clean all && rm -rf /var/cache/yum
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
|
|
@ -22,10 +22,4 @@ RUN yum -y install \
|
|||
zlib-devel \
|
||||
&& yum clean all && rm -rf /var/cache/yum
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
|
|
|||
|
|
@ -22,10 +22,4 @@ RUN yum -y install \
|
|||
zlib-devel \
|
||||
&& yum clean all && rm -rf /var/cache/yum
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
|
|
|||
|
|
@ -9,5 +9,4 @@ env ASSUME_ALWAYS_YES=YES pkg bootstrap
|
|||
pkg install -y bash git cmake swig bison python3 base64
|
||||
pyver=`python3 -c 'import sys; print(f"py{sys.version_info[0]}{sys.version_info[1]}")'`
|
||||
pkg install -y $pyver-sqlite3 $pyver-pip
|
||||
( cd && mkdir -p ./bin && ln -s /usr/local/bin/python3 ./bin/python )
|
||||
pip install junit2html
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ RUN apt-get update && apt-get -y install \
|
|||
python3 \
|
||||
python3-dev \
|
||||
python3-pip\
|
||||
clang-8 \
|
||||
libc++-8-dev \
|
||||
libc++abi-8-dev \
|
||||
swig \
|
||||
zlib1g-dev \
|
||||
libkrb5-dev \
|
||||
|
|
@ -25,19 +28,8 @@ RUN apt-get update && apt-get -y install \
|
|||
xz-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN wget -q https://releases.llvm.org/9.0.0/clang+llvm-9.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
RUN mkdir /clang-9
|
||||
RUN tar --strip-components=1 -C /clang-9 -xvf clang+llvm-9.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
RUN update-alternatives --install /usr/bin/cc cc /clang-9/bin/clang 100
|
||||
RUN update-alternatives --install /usr/bin/c++ c++ /clang-9/bin/clang++ 100
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
|
||||
ENV CC=/usr/bin/clang-8
|
||||
ENV CXX=/usr/bin/clang++-8
|
||||
ENV CXXFLAGS=-stdlib=libc++
|
||||
ENV LD_LIBRARY_PATH=/clang-9/lib
|
||||
|
|
|
|||
|
|
@ -29,11 +29,5 @@ RUN apt-get update && apt-get -y install \
|
|||
lcov \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
RUN gem install coveralls-lcov
|
||||
|
|
|
|||
|
|
@ -29,11 +29,5 @@ RUN apt-get update && apt-get -y install \
|
|||
lcov \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so
|
||||
# this is a simple workaround until we drop Python 2 support and explicitly
|
||||
# use `python3` for all invocations (e.g. in shebangs).
|
||||
RUN ln -sf /usr/bin/python3 /usr/local/bin/python
|
||||
RUN ln -sf /usr/bin/pip3 /usr/local/bin/pip
|
||||
|
||||
RUN pip install junit2html
|
||||
RUN pip3 install junit2html
|
||||
RUN gem install coveralls-lcov
|
||||
|
|
|
|||
2
cmake
2
cmake
|
|
@ -1 +1 @@
|
|||
Subproject commit cf652b845908a15c02e11dca3162f3eecca0a9c5
|
||||
Subproject commit 40251ae850dee52eae8eb05e552c165e2deef354
|
||||
2
configure
vendored
2
configure
vendored
|
|
@ -148,7 +148,6 @@ prefix=/usr/local/zeek
|
|||
CMakeCacheEntries=""
|
||||
append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix
|
||||
append_cache_entry ZEEK_ROOT_DIR PATH $prefix
|
||||
append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl
|
||||
append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
|
||||
append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
|
||||
append_cache_entry ENABLE_DEBUG BOOL false
|
||||
|
|
@ -203,7 +202,6 @@ while [ $# -ne 0 ]; do
|
|||
prefix=$optarg
|
||||
append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
|
||||
append_cache_entry ZEEK_ROOT_DIR PATH $optarg
|
||||
append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl
|
||||
;;
|
||||
--libdir=*)
|
||||
append_cache_entry CMAKE_INSTALL_LIBDIR PATH $optarg
|
||||
|
|
|
|||
2
doc
2
doc
|
|
@ -1 +1 @@
|
|||
Subproject commit 7658414ac454522ecd5710c13ca6e0bc4a842e12
|
||||
Subproject commit 63264729ec6d342892a925cd3f003105544ea1d5
|
||||
|
|
@ -54,6 +54,10 @@ export {
|
|||
## trouble to help identify which node is having trouble.
|
||||
peer: string &log &optional &default=peer_description;
|
||||
|
||||
## The source of the weird. When reported by an analyzer, this
|
||||
## should be the name of the analyzer.
|
||||
source: string &log &optional;
|
||||
|
||||
## This field is to be provided when a weird is generated for
|
||||
## the purpose of deduplicating weirds. The identifier string
|
||||
## should be unique for a single instance of the weird. This field
|
||||
|
|
@ -400,16 +404,19 @@ function weird(w: Weird::Info)
|
|||
}
|
||||
|
||||
# The following events come from core generated weirds typically.
|
||||
event conn_weird(name: string, c: connection, addl: string)
|
||||
event conn_weird(name: string, c: connection, addl: string, source: string)
|
||||
{
|
||||
local i = Info($ts=network_time(), $name=name, $conn=c, $identifier=id_string(c$id));
|
||||
if ( addl != "" )
|
||||
i$addl = addl;
|
||||
|
||||
if ( source != "" )
|
||||
i$source = source;
|
||||
|
||||
weird(i);
|
||||
}
|
||||
|
||||
event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
|
||||
event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string, source: string)
|
||||
{
|
||||
local i = Info($ts=network_time(), $name=name, $uid=uid, $id=id,
|
||||
$identifier=id_string(id));
|
||||
|
|
@ -417,10 +424,13 @@ event expired_conn_weird(name: string, id: conn_id, uid: string, addl: string)
|
|||
if ( addl != "" )
|
||||
i$addl = addl;
|
||||
|
||||
if ( source != "" )
|
||||
i$source = source;
|
||||
|
||||
weird(i);
|
||||
}
|
||||
|
||||
event flow_weird(name: string, src: addr, dst: addr, addl: string)
|
||||
event flow_weird(name: string, src: addr, dst: addr, addl: string, source: string)
|
||||
{
|
||||
# We add the source and destination as port 0/unknown because that is
|
||||
# what fits best here.
|
||||
|
|
@ -432,25 +442,34 @@ event flow_weird(name: string, src: addr, dst: addr, addl: string)
|
|||
if ( addl != "" )
|
||||
i$addl = addl;
|
||||
|
||||
if ( source != "" )
|
||||
i$source = source;
|
||||
|
||||
weird(i);
|
||||
}
|
||||
|
||||
event net_weird(name: string, addl: string)
|
||||
event net_weird(name: string, addl: string, source: string)
|
||||
{
|
||||
local i = Info($ts=network_time(), $name=name);
|
||||
|
||||
if ( addl != "" )
|
||||
i$addl = addl;
|
||||
|
||||
if ( source != "" )
|
||||
i$source = source;
|
||||
|
||||
weird(i);
|
||||
}
|
||||
|
||||
event file_weird(name: string, f: fa_file, addl: string)
|
||||
event file_weird(name: string, f: fa_file, addl: string, source: string)
|
||||
{
|
||||
local i = Info($ts=network_time(), $name=name, $addl=f$id);
|
||||
|
||||
if ( addl != "" )
|
||||
i$addl += fmt(": %s", addl);
|
||||
|
||||
if ( source != "" )
|
||||
i$source = source;
|
||||
|
||||
weird(i);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -272,6 +272,7 @@ event SumStats::finish_epoch(ss: SumStat)
|
|||
}
|
||||
|
||||
# Schedule the next finish_epoch event.
|
||||
if ( ss$epoch != 0secs )
|
||||
schedule ss$epoch { SumStats::finish_epoch(ss) };
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -93,12 +93,16 @@ export {
|
|||
## be referred to later.
|
||||
name: string;
|
||||
|
||||
## The interval at which this filter should be "broken"
|
||||
## The interval at which this sumstat should be "broken"
|
||||
## and the *epoch_result* callback called. The
|
||||
## results are also reset at this time so any threshold
|
||||
## based detection needs to be set to a
|
||||
## value that should be expected to happen within
|
||||
## this epoch.
|
||||
##
|
||||
## Passing an epoch of zero (e.g. ``0 secs``) causes this
|
||||
## sumstat to be set to manual epochs. You will have to manually
|
||||
## end the epoch by calling :zeek:see:`SumStats::next_epoch`.
|
||||
epoch: interval;
|
||||
|
||||
## The reducers for the SumStat.
|
||||
|
|
@ -175,6 +179,23 @@ export {
|
|||
##
|
||||
## Returns: A string representation of the metric key.
|
||||
global key2str: function(key: SumStats::Key): string;
|
||||
|
||||
## Manually end the current epoch for a sumstat. Calling this function will
|
||||
## cause the end of the epoch processing of sumstats to start. Note that the
|
||||
## epoch will not end immediately - especially in a cluster settings, a number
|
||||
## of messages need to be exchanged between the cluster nodes.
|
||||
##
|
||||
## Note that this function only can be called if the sumstat was created with
|
||||
## an epoch time of zero (manual epochs).
|
||||
##
|
||||
## In a cluster, this function must be called on the manager; it will not have
|
||||
## any effect when called on workers.
|
||||
##
|
||||
## ss_name: SumStat name.
|
||||
##
|
||||
## Returns: true on success, false on failure. Failures can be: sumstat not found,
|
||||
## or sumstat not created for manual epochs.
|
||||
global next_epoch: function(ss_name: string): bool;
|
||||
}
|
||||
|
||||
# The function prototype for plugins to do calculations.
|
||||
|
|
@ -248,6 +269,19 @@ global data_added: function(ss: SumStat, key: Key, result: Result);
|
|||
# framework for clustered or non-clustered usage.
|
||||
global finish_epoch: event(ss: SumStat);
|
||||
|
||||
function next_epoch(ss_name: string): bool
|
||||
{
|
||||
if ( ss_name !in stats_store )
|
||||
return F;
|
||||
|
||||
local ss = stats_store[ss_name];
|
||||
if ( ss$epoch != 0secs )
|
||||
return F;
|
||||
|
||||
event SumStats::finish_epoch(ss);
|
||||
return T;
|
||||
}
|
||||
|
||||
function key2str(key: Key): string
|
||||
{
|
||||
local out = "";
|
||||
|
|
@ -396,6 +430,9 @@ function create(ss: SumStat)
|
|||
}
|
||||
|
||||
reset(ss);
|
||||
|
||||
## do not schedule epoch if this is set to manual epochs.
|
||||
if ( ss$epoch != 0secs )
|
||||
schedule ss$epoch { SumStats::finish_epoch(ss) };
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,9 +43,15 @@ event SumStats::finish_epoch(ss: SumStat)
|
|||
if ( ss?$epoch_finished )
|
||||
ss$epoch_finished(now);
|
||||
}
|
||||
else if ( |data| > 0 )
|
||||
else
|
||||
{
|
||||
if ( |data| > 0 )
|
||||
event SumStats::process_epoch_result(ss, now, copy(data));
|
||||
else
|
||||
{
|
||||
if ( ss?$epoch_finished )
|
||||
ss$epoch_finished(now);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -55,6 +61,7 @@ event SumStats::finish_epoch(ss: SumStat)
|
|||
reset(ss);
|
||||
}
|
||||
|
||||
if ( ss$epoch != 0secs )
|
||||
schedule ss$epoch { SumStats::finish_epoch(ss) };
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -58,8 +58,7 @@ function extract_first_email_addr(str: string): string
|
|||
function split_mime_email_addresses(line: string): set[string]
|
||||
{
|
||||
local output = string_set();
|
||||
|
||||
local addrs = find_all(line, /(\"[^"]*\")?[^,]+@[^,]+/);
|
||||
local addrs = find_all(line, /(\"[^"]*\")?[^,]+/);
|
||||
for ( part in addrs )
|
||||
{
|
||||
add output[strip(part)];
|
||||
|
|
|
|||
|
|
@ -406,10 +406,8 @@ add_executable(zeek main.cc
|
|||
${bro_PLUGIN_LIBS}
|
||||
)
|
||||
target_link_libraries(zeek ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
|
||||
|
||||
if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" )
|
||||
set_target_properties(zeek PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}")
|
||||
endif ()
|
||||
# Export symbols from zeek executable for use by plugins
|
||||
set_target_properties(zeek PROPERTIES ENABLE_EXPORTS TRUE)
|
||||
|
||||
install(TARGETS zeek DESTINATION bin)
|
||||
|
||||
|
|
|
|||
|
|
@ -530,10 +530,10 @@ void Connection::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a,
|
|||
event_mgr.Enqueue(f, std::move(args), util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this);
|
||||
}
|
||||
|
||||
void Connection::Weird(const char* name, const char* addl)
|
||||
void Connection::Weird(const char* name, const char* addl, const char* source)
|
||||
{
|
||||
weird = 1;
|
||||
reporter->Weird(this, name, addl ? addl : "");
|
||||
reporter->Weird(this, name, addl ? addl : "", source ? source : "");
|
||||
}
|
||||
|
||||
void Connection::AddTimer(timer_func timer, double t, bool do_expire,
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ public:
|
|||
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
|
||||
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
|
||||
|
||||
void Weird(const char* name, const char* addl = "");
|
||||
void Weird(const char* name, const char* addl = "", const char* source = "");
|
||||
bool DidWeird() const { return weird != 0; }
|
||||
|
||||
// Cancel all associated timers.
|
||||
|
|
|
|||
|
|
@ -12,15 +12,15 @@
|
|||
#include <set>
|
||||
|
||||
#define DBG_LOG(stream, args...) \
|
||||
if ( zeek::detail::debug_logger.IsEnabled(stream) ) \
|
||||
zeek::detail::debug_logger.Log(stream, args)
|
||||
if ( ::zeek::detail::debug_logger.IsEnabled(stream) ) \
|
||||
::zeek::detail::debug_logger.Log(stream, args)
|
||||
#define DBG_LOG_VERBOSE(stream, args...) \
|
||||
if ( zeek::detail::debug_logger.IsVerbose() && zeek::detail::debug_logger.IsEnabled(stream) ) \
|
||||
zeek::detail::debug_logger.Log(stream, args)
|
||||
#define DBG_PUSH(stream) zeek::detail::debug_logger.PushIndent(stream)
|
||||
#define DBG_POP(stream) zeek::detail::debug_logger.PopIndent(stream)
|
||||
if ( ::zeek::detail::debug_logger.IsVerbose() && ::zeek::detail::debug_logger.IsEnabled(stream) ) \
|
||||
::zeek::detail::debug_logger.Log(stream, args)
|
||||
#define DBG_PUSH(stream) ::zeek::detail::debug_logger.PushIndent(stream)
|
||||
#define DBG_POP(stream) ::zeek::detail::debug_logger.PopIndent(stream)
|
||||
|
||||
#define PLUGIN_DBG_LOG(plugin, args...) zeek::detail::debug_logger.Log(plugin, args)
|
||||
#define PLUGIN_DBG_LOG(plugin, args...) ::zeek::detail::debug_logger.Log(plugin, args)
|
||||
|
||||
ZEEK_FORWARD_DECLARE_NAMESPACED(Plugin, zeek, plugin);
|
||||
|
||||
|
|
|
|||
|
|
@ -396,7 +396,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id
|
|||
return false;
|
||||
}
|
||||
|
||||
void Reporter::Weird(const char* name, const char* addl)
|
||||
void Reporter::Weird(const char* name, const char* addl, const char* source)
|
||||
{
|
||||
UpdateWeirdStats(name);
|
||||
|
||||
|
|
@ -406,10 +406,10 @@ void Reporter::Weird(const char* name, const char* addl)
|
|||
return;
|
||||
}
|
||||
|
||||
WeirdHelper(net_weird, {new StringVal(addl)}, "%s", name);
|
||||
WeirdHelper(net_weird, {new StringVal(addl), new StringVal(source)}, "%s", name);
|
||||
}
|
||||
|
||||
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
|
||||
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl, const char* source)
|
||||
{
|
||||
UpdateWeirdStats(name);
|
||||
|
||||
|
|
@ -424,11 +424,11 @@ void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
|
|||
return;
|
||||
}
|
||||
|
||||
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl)},
|
||||
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl), new StringVal(source)},
|
||||
"%s", name);
|
||||
}
|
||||
|
||||
void Reporter::Weird(Connection* conn, const char* name, const char* addl)
|
||||
void Reporter::Weird(Connection* conn, const char* name, const char* addl, const char* source)
|
||||
{
|
||||
UpdateWeirdStats(name);
|
||||
|
||||
|
|
@ -443,12 +443,12 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
|
|||
return;
|
||||
}
|
||||
|
||||
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)},
|
||||
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl), new StringVal(source)},
|
||||
"%s", name);
|
||||
}
|
||||
|
||||
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
|
||||
const char* name, const char* addl)
|
||||
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid, const char* name,
|
||||
const char* addl, const char* source)
|
||||
{
|
||||
UpdateWeirdStats(name);
|
||||
|
||||
|
|
@ -463,11 +463,11 @@ void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
|
|||
}
|
||||
|
||||
WeirdHelper(expired_conn_weird,
|
||||
{conn_id.release(), uid.release(), new StringVal(addl)},
|
||||
{conn_id.release(), uid.release(), new StringVal(addl), new StringVal(source)},
|
||||
"%s", name);
|
||||
}
|
||||
|
||||
void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl)
|
||||
void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl, const char* source)
|
||||
{
|
||||
UpdateWeirdStats(name);
|
||||
|
||||
|
|
@ -482,7 +482,7 @@ void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, c
|
|||
}
|
||||
|
||||
WeirdHelper(flow_weird,
|
||||
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl)},
|
||||
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl), new StringVal(source)},
|
||||
"%s", name);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -95,12 +95,15 @@ public:
|
|||
|
||||
// Report a traffic weirdness, i.e., an unexpected protocol situation
|
||||
// that may lead to incorrectly processing a connnection.
|
||||
void Weird(const char* name, const char* addl = ""); // Raises net_weird().
|
||||
void Weird(file_analysis::File* f, const char* name, const char* addl = ""); // Raises file_weird().
|
||||
void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird().
|
||||
void Weird(const char* name, const char* addl = "", const char* source = ""); // Raises net_weird().
|
||||
void Weird(file_analysis::File* f, const char* name,
|
||||
const char* addl = "", const char* source = ""); // Raises file_weird().
|
||||
void Weird(Connection* conn, const char* name,
|
||||
const char* addl = "", const char* source = ""); // Raises conn_weird().
|
||||
void Weird(RecordValPtr conn_id, StringValPtr uid,
|
||||
const char* name, const char* addl = ""); // Raises expired_conn_weird().
|
||||
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
|
||||
const char* name, const char* addl = "", const char* source = ""); // Raises expired_conn_weird().
|
||||
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name,
|
||||
const char* addl = "", const char* source = ""); // Raises flow_weird().
|
||||
|
||||
// Syslog a message. This methods does nothing if we're running
|
||||
// offline from a trace.
|
||||
|
|
|
|||
|
|
@ -681,7 +681,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port,
|
|||
return true;
|
||||
}
|
||||
|
||||
void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
|
||||
void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl, const char* source)
|
||||
{
|
||||
const char* weird_name = name;
|
||||
|
||||
|
|
@ -694,12 +694,12 @@ void NetSessions::Weird(const char* name, const Packet* pkt, const char* addl)
|
|||
|
||||
if ( pkt->ip_hdr )
|
||||
{
|
||||
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl);
|
||||
reporter->Weird(pkt->ip_hdr->SrcAddr(), pkt->ip_hdr->DstAddr(), weird_name, addl, source);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
reporter->Weird(weird_name, addl);
|
||||
reporter->Weird(weird_name, addl, source);
|
||||
}
|
||||
|
||||
void NetSessions::Weird(const char* name, const IP_Hdr* ip, const char* addl)
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public:
|
|||
void GetStats(SessionStats& s) const;
|
||||
|
||||
void Weird(const char* name, const Packet* pkt,
|
||||
const char* addl = "");
|
||||
const char* addl = "", const char* source = "");
|
||||
void Weird(const char* name, const IP_Hdr* ip,
|
||||
const char* addl = "");
|
||||
|
||||
|
|
|
|||
60
src/Var.cc
60
src/Var.cc
|
|
@ -749,11 +749,6 @@ void end_func(StmtPtr body)
|
|||
ingredients.release();
|
||||
}
|
||||
|
||||
Val* internal_val(const char* name)
|
||||
{
|
||||
return id::find_val(name).get();
|
||||
}
|
||||
|
||||
IDPList gather_outer_ids(Scope* scope, Stmt* body)
|
||||
{
|
||||
OuterIDBindingFinder cb(scope);
|
||||
|
|
@ -774,20 +769,27 @@ IDPList gather_outer_ids(Scope* scope, Stmt* body)
|
|||
return idl;
|
||||
}
|
||||
|
||||
Val* internal_const_val(const char* name)
|
||||
} // namespace zeek::detail
|
||||
|
||||
zeek::Val* internal_val(const char* name)
|
||||
{
|
||||
return id::find_const(name).get();
|
||||
return zeek::id::find_val(name).get();
|
||||
}
|
||||
|
||||
Val* opt_internal_val(const char* name)
|
||||
zeek::Val* internal_const_val(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
return zeek::id::find_const(name).get();
|
||||
}
|
||||
|
||||
zeek::Val* opt_internal_val(const char* name)
|
||||
{
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
return id ? id->GetVal().get() : nullptr;
|
||||
}
|
||||
|
||||
double opt_internal_double(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id ) return 0.0;
|
||||
const auto& v = id->GetVal();
|
||||
return v ? v->InternalDouble() : 0.0;
|
||||
|
|
@ -795,7 +797,7 @@ double opt_internal_double(const char* name)
|
|||
|
||||
bro_int_t opt_internal_int(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id ) return 0;
|
||||
const auto& v = id->GetVal();
|
||||
return v ? v->InternalInt() : 0;
|
||||
|
|
@ -803,63 +805,63 @@ bro_int_t opt_internal_int(const char* name)
|
|||
|
||||
bro_uint_t opt_internal_unsigned(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id ) return 0;
|
||||
const auto& v = id->GetVal();
|
||||
return v ? v->InternalUnsigned() : 0;
|
||||
}
|
||||
|
||||
StringVal* opt_internal_string(const char* name)
|
||||
zeek::StringVal* opt_internal_string(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id ) return nullptr;
|
||||
const auto& v = id->GetVal();
|
||||
return v ? v->AsStringVal() : nullptr;
|
||||
}
|
||||
|
||||
TableVal* opt_internal_table(const char* name)
|
||||
zeek::TableVal* opt_internal_table(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id ) return nullptr;
|
||||
const auto& v = id->GetVal();
|
||||
return v ? v->AsTableVal() : nullptr;
|
||||
}
|
||||
|
||||
ListVal* internal_list_val(const char* name)
|
||||
zeek::ListVal* internal_list_val(const char* name)
|
||||
{
|
||||
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
|
||||
const auto& id = zeek::detail::lookup_ID(name, zeek::detail::GLOBAL_MODULE_NAME);
|
||||
if ( ! id )
|
||||
return nullptr;
|
||||
|
||||
Val* v = id->GetVal().get();
|
||||
zeek::Val* v = id->GetVal().get();
|
||||
|
||||
if ( v )
|
||||
{
|
||||
if ( v->GetType()->Tag() == TYPE_LIST )
|
||||
return (ListVal*) v;
|
||||
if ( v->GetType()->Tag() == zeek::TYPE_LIST )
|
||||
return (zeek::ListVal*) v;
|
||||
|
||||
else if ( v->GetType()->IsSet() )
|
||||
{
|
||||
TableVal* tv = v->AsTableVal();
|
||||
zeek::TableVal* tv = v->AsTableVal();
|
||||
auto lv = tv->ToPureListVal();
|
||||
return lv.release();
|
||||
}
|
||||
|
||||
else
|
||||
reporter->InternalError("internal variable %s is not a list", name);
|
||||
zeek::reporter->InternalError("internal variable %s is not a list", name);
|
||||
}
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
Type* internal_type(const char* name)
|
||||
zeek::Type* internal_type(const char* name)
|
||||
{
|
||||
return id::find_type(name).get();
|
||||
return zeek::id::find_type(name).get();
|
||||
}
|
||||
|
||||
Func* internal_func(const char* name)
|
||||
zeek::Func* internal_func(const char* name)
|
||||
{
|
||||
const auto& v = id::find_val(name);
|
||||
const auto& v = zeek::id::find_val(name);
|
||||
|
||||
if ( v )
|
||||
return v->AsFunc();
|
||||
|
|
@ -867,9 +869,7 @@ Func* internal_func(const char* name)
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
EventHandlerPtr internal_handler(const char* name)
|
||||
zeek::EventHandlerPtr internal_handler(const char* name)
|
||||
{
|
||||
return event_registry->Register(name);
|
||||
}
|
||||
|
||||
} // namespace zeek::detail
|
||||
|
|
|
|||
|
|
@ -838,7 +838,7 @@ void Analyzer::EnqueueConnEvent(EventHandlerPtr f, Args args)
|
|||
|
||||
void Analyzer::Weird(const char* name, const char* addl)
|
||||
{
|
||||
conn->Weird(name, addl);
|
||||
conn->Weird(name, addl, GetAnalyzerName());
|
||||
}
|
||||
|
||||
SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ flow AYIYA_Flow
|
|||
|
||||
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
||||
{
|
||||
zeek::reporter->Weird(c, "tunnel_depth");
|
||||
connection()->zeek_analyzer()->Weird("tunnel_depth");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ flow AYIYA_Flow
|
|||
if ( ${pdu.next_header} != IPPROTO_IPV6 &&
|
||||
${pdu.next_header} != IPPROTO_IPV4 )
|
||||
{
|
||||
zeek::reporter->Weird(c, "ayiya_tunnel_non_ip");
|
||||
connection()->zeek_analyzer()->Weird("ayiya_tunnel_non_ip");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -119,6 +119,8 @@ void BitTorrent_Analyzer::EndpointEOF(bool is_orig)
|
|||
void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
|
||||
{
|
||||
if ( bittorrent_peer_weird )
|
||||
|
||||
// TODO: why does bittorrent have a different set of weirds?
|
||||
EnqueueConnEvent(bittorrent_peer_weird,
|
||||
ConnVal(),
|
||||
val_mgr->Bool(orig),
|
||||
|
|
|
|||
|
|
@ -190,8 +190,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
|||
if ( it != fb.end() )
|
||||
{
|
||||
// We already had a first frag earlier.
|
||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
||||
"multiple_first_fragments_in_dce_rpc_reassembly");
|
||||
connection()->zeek_analyzer()->Weird("multiple_first_fragments_in_dce_rpc_reassembly");
|
||||
connection()->zeek_analyzer()->SetSkip(true);
|
||||
return false;
|
||||
}
|
||||
|
|
@ -212,15 +211,13 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
|||
|
||||
if ( fb.size() > zeek::BifConst::DCE_RPC::max_cmd_reassembly )
|
||||
{
|
||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
||||
"too_many_dce_rpc_msgs_in_reassembly");
|
||||
connection()->zeek_analyzer()->Weird("too_many_dce_rpc_msgs_in_reassembly");
|
||||
connection()->zeek_analyzer()->SetSkip(true);
|
||||
}
|
||||
|
||||
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
||||
{
|
||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
||||
"too_much_dce_rpc_fragment_data");
|
||||
connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
|
||||
connection()->zeek_analyzer()->SetSkip(true);
|
||||
}
|
||||
|
||||
|
|
@ -235,8 +232,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
|
|||
|
||||
if ( flowbuf->data_length() > (int)zeek::BifConst::DCE_RPC::max_frag_data )
|
||||
{
|
||||
zeek::reporter->Weird(connection()->zeek_analyzer()->Conn(),
|
||||
"too_much_dce_rpc_fragment_data");
|
||||
connection()->zeek_analyzer()->Weird("too_much_dce_rpc_fragment_data");
|
||||
connection()->zeek_analyzer()->SetSkip(true);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -655,7 +655,7 @@ flow GTPv1_Flow(is_orig: bool)
|
|||
|
||||
if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth )
|
||||
{
|
||||
zeek::reporter->Weird(c, "tunnel_depth");
|
||||
a->Weird("tunnel_depth");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1262,11 +1262,11 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
|
|||
return 1;
|
||||
|
||||
bad_http_request_with_version:
|
||||
reporter->Weird(Conn(), "bad_HTTP_request_with_version");
|
||||
Weird("bad_HTTP_request_with_version");
|
||||
return 0;
|
||||
|
||||
error:
|
||||
reporter->Weird(Conn(), "bad_HTTP_request");
|
||||
Weird("bad_HTTP_request");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ refine connection IMAP_Conn += {
|
|||
if ( is_orig && commands == "starttls" )
|
||||
{
|
||||
if ( !client_starttls_id.empty() )
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: client sent duplicate StartTLS");
|
||||
zeek_analyzer()->Weird("IMAP: client sent duplicate StartTLS");
|
||||
|
||||
client_starttls_id = tags;
|
||||
}
|
||||
|
|
@ -48,7 +48,7 @@ refine connection IMAP_Conn += {
|
|||
zeek::BifEvent::enqueue_imap_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
||||
}
|
||||
else
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "IMAP: server refused StartTLS");
|
||||
zeek_analyzer()->Weird("IMAP: server refused StartTLS");
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -539,7 +539,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
|
|||
else
|
||||
{
|
||||
if ( Conn()->FlagEvent(SINGULAR_LF) )
|
||||
Conn()->Weird("line_terminated_with_single_LF");
|
||||
Weird("line_terminated_with_single_LF");
|
||||
buf[offset++] = c;
|
||||
}
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
|
|||
case RSH_PRESUMED_REJECTED:
|
||||
if ( state == RSH_PRESUMED_REJECTED )
|
||||
{
|
||||
Conn()->Weird("rsh_text_after_rejected");
|
||||
Weird("rsh_text_after_rejected");
|
||||
state = RSH_UNKNOWN;
|
||||
}
|
||||
|
||||
|
|
@ -140,7 +140,7 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data)
|
|||
|
||||
void Contents_Rsh_Analyzer::BadProlog()
|
||||
{
|
||||
Conn()->Weird("bad_rsh_prolog");
|
||||
Weird("bad_rsh_prolog");
|
||||
state = RSH_UNKNOWN;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
|
|||
if ( state == RLOGIN_LINE_MODE &&
|
||||
peer->state == RLOGIN_PRESUMED_REJECTED )
|
||||
{
|
||||
Conn()->Weird("rlogin_text_after_rejected");
|
||||
Weird("rlogin_text_after_rejected");
|
||||
state = RLOGIN_UNKNOWN;
|
||||
}
|
||||
|
||||
|
|
@ -203,7 +203,7 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data)
|
|||
|
||||
void Contents_Rlogin_Analyzer::BadProlog()
|
||||
{
|
||||
Conn()->Weird("bad_rlogin_prolog");
|
||||
Weird("bad_rlogin_prolog");
|
||||
state = RLOGIN_UNKNOWN;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -175,13 +175,13 @@ refine connection SOCKS_Conn += {
|
|||
|
||||
function socks5_unsupported_authentication_method(auth_method: uint8): bool
|
||||
%{
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
|
||||
zeek_analyzer()->Weird("socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method));
|
||||
return true;
|
||||
%}
|
||||
|
||||
function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool
|
||||
%{
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
|
||||
zeek_analyzer()->Weird("socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version));
|
||||
return true;
|
||||
%}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
|
||||
function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool
|
||||
%{
|
||||
if ( certificates->size() == 0 )
|
||||
return true;
|
||||
|
|
@ -18,7 +18,8 @@
|
|||
|
||||
if ( cert.length() <= 0 )
|
||||
{
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate");
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "zero_length_certificate", "",
|
||||
zeek_analyzer()->GetAnalyzerName());
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -322,7 +322,7 @@ refine connection Handshake_Conn += {
|
|||
}
|
||||
else if ( response.length() == 0 )
|
||||
{
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "SSL_zero_length_stapled_OCSP_message");
|
||||
zeek_analyzer()->Weird("SSL_zero_length_stapled_OCSP_message");
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
|
|||
else
|
||||
{
|
||||
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_LF) )
|
||||
Conn()->Weird("line_terminated_with_single_LF");
|
||||
Weird("line_terminated_with_single_LF");
|
||||
buf[offset++] = c;
|
||||
}
|
||||
break;
|
||||
|
|
@ -282,7 +282,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
|
|||
|
||||
if ( last_char == '\r' )
|
||||
if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_CR) )
|
||||
Conn()->Weird("line_terminated_with_single_CR");
|
||||
Weird("line_terminated_with_single_CR");
|
||||
|
||||
last_char = c;
|
||||
}
|
||||
|
|
@ -312,7 +312,7 @@ void ContentLine_Analyzer::CheckNUL()
|
|||
else
|
||||
{
|
||||
if ( ! suppress_weirds && Conn()->FlagEvent(NUL_IN_LINE) )
|
||||
Conn()->Weird("NUL_in_line");
|
||||
Weird("NUL_in_line");
|
||||
flag_NULs = false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -461,20 +461,20 @@ static void update_window(TCP_Endpoint* endpoint, unsigned int window,
|
|||
}
|
||||
}
|
||||
|
||||
static void syn_weirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len)
|
||||
void TCP_Analyzer::SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const
|
||||
{
|
||||
if ( flags.RST() )
|
||||
endpoint->Conn()->Weird("TCP_christmas");
|
||||
endpoint->Conn()->Weird("TCP_christmas", "", GetAnalyzerName());
|
||||
|
||||
if ( flags.URG() )
|
||||
endpoint->Conn()->Weird("baroque_SYN");
|
||||
endpoint->Conn()->Weird("baroque_SYN", "", GetAnalyzerName());
|
||||
|
||||
if ( data_len > 0 )
|
||||
// Not technically wrong according to RFC 793, but the other side
|
||||
// would be forced to buffer data until the handshake succeeds, and
|
||||
// that could be bad in some cases, e.g. SYN floods.
|
||||
// T/TCP definitely complicates this.
|
||||
endpoint->Conn()->Weird("SYN_with_data");
|
||||
endpoint->Conn()->Weird("SYN_with_data", "", GetAnalyzerName());
|
||||
}
|
||||
|
||||
void TCP_Analyzer::UpdateInactiveState(double t,
|
||||
|
|
@ -1097,7 +1097,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
|
|||
|
||||
if ( flags.SYN() )
|
||||
{
|
||||
syn_weirds(flags, endpoint, len);
|
||||
SynWeirds(flags, endpoint, len);
|
||||
RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp);
|
||||
init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(),
|
||||
base_seq, ack_seq);
|
||||
|
|
|
|||
|
|
@ -167,6 +167,9 @@ protected:
|
|||
static int get_segment_len(int payload_len, TCP_Flags flags);
|
||||
|
||||
private:
|
||||
|
||||
void SynWeirds(TCP_Flags flags, TCP_Endpoint* endpoint, int data_len) const;
|
||||
|
||||
TCP_Endpoint* orig;
|
||||
TCP_Endpoint* resp;
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ public:
|
|||
void Weird(const char* name, bool force = false) const
|
||||
{
|
||||
if ( ProtocolConfirmed() || force )
|
||||
reporter->Weird(Conn(), name);
|
||||
reporter->Weird(Conn(), name, "", GetAnalyzerName());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
|
|||
|
||||
if ( outer && outer->Depth() >= BifConst::Tunnel::max_depth )
|
||||
{
|
||||
reporter->Weird(Conn(), "tunnel_depth");
|
||||
Weird("tunnel_depth");
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ refine connection XMPP_Conn += {
|
|||
zeek::BifEvent::enqueue_xmpp_starttls(zeek_analyzer(), zeek_analyzer()->Conn());
|
||||
}
|
||||
else if ( !is_orig && token == "proceed" )
|
||||
zeek::reporter->Weird(zeek_analyzer()->Conn(), "XMPP: proceed without starttls");
|
||||
zeek_analyzer()->Weird("XMPP: proceed without starttls");
|
||||
|
||||
// printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
|
||||
|
||||
|
|
|
|||
|
|
@ -453,12 +453,16 @@ event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%);
|
|||
##
|
||||
## addl: Optional additional context further describing the situation.
|
||||
##
|
||||
## source: Optional source for the weird. When called by analyzers, this should
|
||||
## be filled in with the name of the analyzer.
|
||||
##
|
||||
## .. zeek:see:: flow_weird net_weird file_weird expired_conn_weird
|
||||
##
|
||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||
## than one would intuitively expect. While in principle, any protocol
|
||||
## violation could be an attack attempt, it's much more likely that an
|
||||
## endpoint's implementation interprets an RFC quite liberally.
|
||||
event conn_weird%(name: string, c: connection, addl: string, source: string%);
|
||||
event conn_weird%(name: string, c: connection, addl: string%);
|
||||
|
||||
## Generated for unexpected activity related to a specific connection whose
|
||||
|
|
@ -482,12 +486,16 @@ event conn_weird%(name: string, c: connection, addl: string%);
|
|||
##
|
||||
## addl: Optional additional context further describing the situation.
|
||||
##
|
||||
## source: Optional source for the weird. When called by analyzers, this should
|
||||
## be filled in with the name of the analyzer.
|
||||
##
|
||||
## .. zeek:see:: flow_weird net_weird file_weird conn_weird
|
||||
##
|
||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||
## than one would intuitively expect. While in principle, any protocol
|
||||
## violation could be an attack attempt, it's much more likely that an
|
||||
## endpoint's implementation interprets an RFC quite liberally.
|
||||
event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string, source: string%);
|
||||
event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%);
|
||||
|
||||
## Generated for unexpected activity related to a pair of hosts, but independent
|
||||
|
|
@ -507,12 +515,16 @@ event expired_conn_weird%(name: string, id: conn_id, uid: string, addl: string%)
|
|||
##
|
||||
## addl: Optional additional context further describing the situation.
|
||||
##
|
||||
## source: Optional source for the weird. When called by analyzers, this should
|
||||
## be filled in with the name of the analyzer.
|
||||
##
|
||||
## .. zeek:see:: conn_weird net_weird file_weird expired_conn_weird
|
||||
##
|
||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||
## than one would intuitively expect. While in principle, any protocol
|
||||
## violation could be an attack attempt, it's much more likely that an
|
||||
## endpoint's implementation interprets an RFC quite liberally.
|
||||
event flow_weird%(name: string, src: addr, dst: addr, addl: string, source: string%);
|
||||
event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
|
||||
|
||||
## Generated for unexpected activity that is not tied to a specific connection
|
||||
|
|
@ -527,12 +539,16 @@ event flow_weird%(name: string, src: addr, dst: addr, addl: string%);
|
|||
##
|
||||
## addl: Optional additional context further describing the situation.
|
||||
##
|
||||
## source: Optional source for the weird. When called by analyzers, this should
|
||||
## be filled in with the name of the analyzer.
|
||||
##
|
||||
## .. zeek:see:: flow_weird file_weird conn_weird expired_conn_weird
|
||||
##
|
||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||
## than one would intuitively expect. While in principle, any protocol
|
||||
## violation could be an attack attempt, it's much more likely that an
|
||||
## endpoint's implementation interprets an RFC quite liberally.
|
||||
event net_weird%(name: string, addl: string, source: string%);
|
||||
event net_weird%(name: string, addl: string%);
|
||||
|
||||
## Generated for unexpected activity that is tied to a file.
|
||||
|
|
@ -548,12 +564,15 @@ event net_weird%(name: string, addl: string%);
|
|||
##
|
||||
## addl: Additional information related to the weird.
|
||||
##
|
||||
## source: The name of the file analyzer that generated the weird.
|
||||
##
|
||||
## .. zeek:see:: flow_weird net_weird conn_weird expired_conn_weird
|
||||
##
|
||||
## .. note:: "Weird" activity is much more common in real-world network traffic
|
||||
## than one would intuitively expect. While in principle, any protocol
|
||||
## violation could be an attack attempt, it's much more likely that an
|
||||
## endpoint's implementation interprets an RFC quite liberally.
|
||||
event file_weird%(name: string, f: fa_file, addl: string, source: string%);
|
||||
event file_weird%(name: string, f: fa_file, addl: string%);
|
||||
|
||||
## Generated regularly for the purpose of profiling Zeek's processing. This event
|
||||
|
|
|
|||
|
|
@ -76,11 +76,6 @@ Packet::~Packet()
|
|||
delete [] data;
|
||||
}
|
||||
|
||||
void Packet::Weird(const char* name)
|
||||
{
|
||||
sessions->Weird(name, this);
|
||||
}
|
||||
|
||||
RecordValPtr Packet::ToRawPktHdrVal() const
|
||||
{
|
||||
static auto raw_pkt_hdr_type = id::find_type<RecordType>("raw_pkt_hdr");
|
||||
|
|
|
|||
|
|
@ -124,9 +124,6 @@ public:
|
|||
[[deprecated("Remove in v4.1. Use ToRawPktHdrval() instead.")]]
|
||||
RecordVal* BuildPktHdrVal() const;
|
||||
|
||||
// Wrapper to generate a packet-level weird. Has to be public for llanalyzers to use it.
|
||||
void Weird(const char* name);
|
||||
|
||||
/**
|
||||
* Maximal length of a layer 2 address.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ void PktSrc::Info(const std::string& msg)
|
|||
|
||||
void PktSrc::Weird(const std::string& msg, const Packet* p)
|
||||
{
|
||||
sessions->Weird(msg.c_str(), p, nullptr);
|
||||
sessions->Weird(msg.c_str(), p);
|
||||
}
|
||||
|
||||
void PktSrc::InternalError(const std::string& msg)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
#include "zeek/Dict.h"
|
||||
#include "zeek/DebugLogger.h"
|
||||
#include "zeek/RunState.h"
|
||||
#include "zeek/Sessions.h"
|
||||
#include "zeek/util.h"
|
||||
|
||||
namespace zeek::packet_analysis {
|
||||
|
||||
|
|
@ -96,7 +98,8 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) co
|
|||
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
|
||||
GetAnalyzerName());
|
||||
packet->Weird("no_suitable_analyzer_found");
|
||||
|
||||
Weird("no_suitable_analyzer_found", packet);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -116,4 +119,9 @@ void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
|
|||
dispatcher.Register(identifier, std::move(child));
|
||||
}
|
||||
|
||||
}
|
||||
void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const
|
||||
{
|
||||
sessions->Weird(name, packet, addl, GetAnalyzerName());
|
||||
}
|
||||
|
||||
} // namespace zeek::packet_analysis
|
||||
|
|
|
|||
|
|
@ -148,6 +148,18 @@ protected:
|
|||
*/
|
||||
bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
|
||||
|
||||
/**
|
||||
* Reports a Weird with the analyzer's name included in the addl field.
|
||||
*
|
||||
* @param name The name of the weird.
|
||||
* @param packet An optional pointer to a packet to be used for additional
|
||||
* information in the weird output.
|
||||
* @param addl An optional string containing additional information about
|
||||
* the weird. If this is passed, the analyzer's name will be prepended to
|
||||
* it before output.
|
||||
*/
|
||||
void Weird(const char* name, Packet* packet=nullptr, const char* addl="") const;
|
||||
|
||||
private:
|
||||
Tag tag;
|
||||
Dispatcher dispatcher;
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// Check whether the header is complete.
|
||||
if ( sizeof(struct arp_pkthdr) > len )
|
||||
{
|
||||
packet->Weird("truncated_ARP");
|
||||
Weird("truncated_ARP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
size_t min_length = (ar_tpa(ah) - (char*) data) + ah->ar_pln;
|
||||
if ( min_length > len )
|
||||
{
|
||||
packet->Weird("truncated_ARP");
|
||||
Weird("truncated_ARP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
// to pull bytes out of it.
|
||||
if ( 16 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ethernet_frame");
|
||||
Weird("truncated_ethernet_frame", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -36,7 +36,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
|
||||
if ( cfplen + 14 >= len )
|
||||
{
|
||||
packet->Weird("truncated_link_header_cfp");
|
||||
Weird("truncated_link_header_cfp", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -60,7 +60,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
{
|
||||
if ( 16 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ethernet_frame");
|
||||
Weird("truncated_ethernet_frame", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -86,6 +86,6 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
}
|
||||
|
||||
// Undefined (1500 < EtherType < 1536)
|
||||
packet->Weird("undefined_ether_type");
|
||||
Weird("undefined_ether_type", packet);
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool FDDIAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
|
||||
if ( hdr_size >= len )
|
||||
{
|
||||
packet->Weird("FDDI_analyzer_failed");
|
||||
Weird("FDDI_analyzer_failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,13 +51,13 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ! BifConst::Tunnel::enable_gre )
|
||||
{
|
||||
sessions->Weird("GRE_tunnel", packet);
|
||||
Weird("GRE_tunnel", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( len < gre_header_len() )
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -75,7 +75,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( gre_version != 0 && gre_version != 1 )
|
||||
{
|
||||
sessions->Weird("unknown_gre_version", packet, util::fmt("%d", gre_version));
|
||||
Weird("unknown_gre_version", packet, util::fmt("version=%d", gre_version));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -92,7 +92,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -109,7 +109,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -132,7 +132,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
erspan_len += 8;
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -141,7 +141,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -152,7 +152,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( proto_typ != 0x880b )
|
||||
{
|
||||
// Enhanced GRE payload must be PPP.
|
||||
sessions->Weird("egre_protocol_type", packet, util::fmt("%d", proto_typ));
|
||||
Weird("egre_protocol_type", packet, util::fmt("proto=%d", proto_typ));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -162,20 +162,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// RFC 2784 deprecates the variable length routing field
|
||||
// specified by RFC 1701. It could be parsed here, but easiest
|
||||
// to just skip for now.
|
||||
sessions->Weird("gre_routing", packet);
|
||||
Weird("gre_routing", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( flags_ver & 0x0078 )
|
||||
{
|
||||
// Expect last 4 bits of flags are reserved, undefined.
|
||||
sessions->Weird("unknown_gre_flags", packet);
|
||||
Weird("unknown_gre_flags", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( len < gre_len + ppp_len + eth_len + erspan_len )
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -185,7 +185,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
|
||||
{
|
||||
sessions->Weird("non_ip_packet_in_encap", packet);
|
||||
Weird("non_ip_packet_in_encap", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -82,7 +82,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
len_80211 += 8;
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
|||
{
|
||||
if ( 3 >= len )
|
||||
{
|
||||
packet->Weird("truncated_radiotap_header");
|
||||
Weird("truncated_radiotap_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
|||
|
||||
if ( rtheader_len >= len )
|
||||
{
|
||||
packet->Weird("truncated_radiotap_header");
|
||||
Weird("truncated_radiotap_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// check ipv4 here. We'll check ipv6 later once we determine we have an ipv6 header.
|
||||
if ( len < sizeof(struct ip) )
|
||||
{
|
||||
sessions->Weird("truncated_IP", packet);
|
||||
Weird("truncated_IP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -56,7 +56,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( len < sizeof(struct ip6_hdr) )
|
||||
{
|
||||
sessions->Weird("truncated_IP", packet);
|
||||
Weird("truncated_IP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("unknown_ip_version", packet);
|
||||
Weird("unknown_ip_version", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -76,7 +76,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( total_len == 0 )
|
||||
{
|
||||
// TCP segmentation offloading can zero out the ip_len field.
|
||||
sessions->Weird("ip_hdr_len_zero", packet);
|
||||
Weird("ip_hdr_len_zero", packet);
|
||||
|
||||
// Cope with the zero'd out ip_len field by using the caplen.
|
||||
total_len = packet->cap_len - hdr_size;
|
||||
|
|
@ -84,7 +84,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( packet->len < total_len + hdr_size )
|
||||
{
|
||||
sessions->Weird("truncated_IPv6", packet);
|
||||
Weird("truncated_IPv6", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -93,13 +93,13 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
uint16_t ip_hdr_len = packet->ip_hdr->HdrLen();
|
||||
if ( ip_hdr_len > total_len )
|
||||
{
|
||||
sessions->Weird("invalid_IP_header_size", packet);
|
||||
Weird("invalid_IP_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ip_hdr_len > len )
|
||||
{
|
||||
sessions->Weird("internally_truncated_header", packet);
|
||||
Weird("internally_truncated_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -107,7 +107,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( ip_hdr_len < sizeof(struct ip) )
|
||||
{
|
||||
sessions->Weird("IPv4_min_header_size", packet);
|
||||
Weird("IPv4_min_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -115,7 +115,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( ip_hdr_len < sizeof(struct ip6_hdr) )
|
||||
{
|
||||
sessions->Weird("IPv6_min_header_size", packet);
|
||||
Weird("IPv6_min_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -129,7 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
|
||||
detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
|
||||
{
|
||||
sessions->Weird("bad_IP_checksum", packet);
|
||||
Weird("bad_IP_checksum", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -144,7 +144,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( len < total_len )
|
||||
{
|
||||
sessions->Weird("incompletely_captured_fragment", packet);
|
||||
Weird("incompletely_captured_fragment", packet);
|
||||
|
||||
// Don't try to reassemble, that's doomed.
|
||||
// Discard all except the first fragment (which
|
||||
|
|
@ -174,7 +174,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ip_hdr_len > total_len )
|
||||
{
|
||||
sessions->Weird("invalid_IP_header_size", packet);
|
||||
Weird("invalid_IP_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -203,7 +203,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ! ignore_checksums && mobility_header_checksum(packet->ip_hdr) != 0xffff )
|
||||
{
|
||||
sessions->Weird("bad_MH_checksum", packet);
|
||||
Weird("bad_MH_checksum", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -211,7 +211,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
event_mgr.Enqueue(mobile_ipv6_message, packet->ip_hdr->ToPktHdrVal());
|
||||
|
||||
if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
|
||||
sessions->Weird("mobility_piggyback", packet);
|
||||
Weird("mobility_piggyback", packet);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -249,7 +249,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( ! ( packet->encap &&
|
||||
packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
|
||||
{
|
||||
sessions->Weird("ipv6_no_next", packet);
|
||||
Weird("ipv6_no_next", packet);
|
||||
return_val = false;
|
||||
}
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -29,14 +29,14 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
|
||||
if ( ! BifConst::Tunnel::enable_ip )
|
||||
{
|
||||
sessions->Weird("IP_tunnel", packet);
|
||||
Weird("IP_tunnel", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( packet->encap &&
|
||||
packet->encap->Depth() >= BifConst::Tunnel::max_depth )
|
||||
{
|
||||
sessions->Weird("exceeded_tunnel_max_depth", packet);
|
||||
Weird("exceeded_tunnel_max_depth", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -52,11 +52,11 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
// Check for a valid inner packet first.
|
||||
int result = sessions->ParseIPPacket(len, data, proto, inner);
|
||||
if ( result == -2 )
|
||||
sessions->Weird("invalid_inner_IP_version", packet);
|
||||
Weird("invalid_inner_IP_version", packet);
|
||||
else if ( result < 0 )
|
||||
sessions->Weird("truncated_inner_IP", packet);
|
||||
Weird("truncated_inner_IP", packet);
|
||||
else if ( result > 0 )
|
||||
sessions->Weird("inner_IP_payload_length_mismatch", packet);
|
||||
Weird("inner_IP_payload_length_mismatch", packet);
|
||||
|
||||
if ( result != 0 )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ bool LinuxSLLAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
auto len_sll_hdr = sizeof(SLLHeader);
|
||||
if ( len_sll_hdr >= len )
|
||||
{
|
||||
packet->Weird("truncated_Linux_SLL_header");
|
||||
Weird("truncated_Linux_SLL_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ bool MPLSAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_nflog_header");
|
||||
Weird("truncated_nflog_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
|
||||
if ( version != 0 )
|
||||
{
|
||||
packet->Weird("unknown_nflog_version");
|
||||
Weird("unknown_nflog_version", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("nflog_no_pcap_payload");
|
||||
Weird("nflog_no_pcap_payload", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
|
||||
if ( tlv_len < 4 )
|
||||
{
|
||||
packet->Weird("nflog_bad_tlv_len");
|
||||
Weird("nflog_bad_tlv_len", packet);
|
||||
return false;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool NullAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("null_analyzer_failed");
|
||||
Weird("null_analyzer_failed", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool PPPSerialAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* p
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ppp_serial_header");
|
||||
Weird("truncated_ppp_serial_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool PPPoEAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 8 >= len )
|
||||
{
|
||||
packet->Weird("truncated_pppoe_header");
|
||||
Weird("truncated_pppoe_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool VLANAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_VLAN_header");
|
||||
Weird("truncated_VLAN_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
|
||||
if ( data + cfplen + 14 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header_cfp");
|
||||
Weird("truncated_link_header_cfp", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -55,7 +55,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 4 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -73,7 +73,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 8 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -87,7 +87,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("non_ip_packet_in_pppoe_encapsulation");
|
||||
Weird("non_ip_packet_in_pppoe_encapsulation", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -111,7 +111,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("non_ip_packet_in_ethernet");
|
||||
Weird("non_ip_packet_in_ethernet", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -125,7 +125,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 4 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -136,7 +136,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
// We assume that what remains is IP
|
||||
if ( data + sizeof(struct ip) >= end_of_data )
|
||||
{
|
||||
packet->Weird("no_ip_in_mpls_payload");
|
||||
Weird("no_ip_in_mpls_payload", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -149,7 +149,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("no_ip_in_mpls_payload");
|
||||
Weird("no_ip_in_mpls_payload", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -140,8 +140,10 @@ void Manager::SearchDynamicPlugins(const std::string& dir)
|
|||
closedir(d);
|
||||
}
|
||||
|
||||
bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found)
|
||||
bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found, std::vector<std::string>* errors)
|
||||
{
|
||||
errors->clear(); // caller should pass it in empty, but just to be sure
|
||||
|
||||
dynamic_plugin_map::iterator m = dynamic_plugins.find(util::strtolower(name));
|
||||
|
||||
if ( m == dynamic_plugins.end() )
|
||||
|
|
@ -160,7 +162,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
|
|||
return true;
|
||||
}
|
||||
|
||||
reporter->Error("plugin %s is not available", name.c_str());
|
||||
errors->push_back(util::fmt("plugin %s is not available", name.c_str()));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -175,6 +177,74 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
|
|||
|
||||
DBG_LOG(DBG_PLUGINS, "Activating plugin %s", name.c_str());
|
||||
|
||||
// Load shared libraries.
|
||||
|
||||
string dypattern = dir + "/lib/*." + HOST_ARCHITECTURE + DYNAMIC_PLUGIN_SUFFIX;
|
||||
|
||||
DBG_LOG(DBG_PLUGINS, " Searching for shared libraries %s", dypattern.c_str());
|
||||
|
||||
glob_t gl;
|
||||
|
||||
if ( glob(dypattern.c_str(), 0, 0, &gl) == 0 )
|
||||
{
|
||||
for ( size_t i = 0; i < gl.gl_pathc; i++ )
|
||||
{
|
||||
const char* path = gl.gl_pathv[i];
|
||||
|
||||
current_plugin = nullptr;
|
||||
current_dir = dir.c_str();
|
||||
current_sopath = path;
|
||||
void* hdl = dlopen(path, RTLD_NOW | RTLD_GLOBAL);
|
||||
current_dir = nullptr;
|
||||
current_sopath = nullptr;
|
||||
|
||||
if ( ! hdl )
|
||||
{
|
||||
const char* err = dlerror();
|
||||
errors->push_back(util::fmt("cannot load plugin library %s: %s", path, err ? err : "<unknown error>"));
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( ! current_plugin ) {
|
||||
errors->push_back(util::fmt("load plugin library %s did not instantiate a plugin", path));
|
||||
continue;
|
||||
}
|
||||
|
||||
current_plugin->SetDynamic(true);
|
||||
current_plugin->DoConfigure();
|
||||
DBG_LOG(DBG_PLUGINS, " InitialzingComponents");
|
||||
current_plugin->InitializeComponents();
|
||||
|
||||
plugins_by_path.insert(std::make_pair(util::detail::normalize_path(dir), current_plugin));
|
||||
|
||||
// We execute the pre-script initialization here; this in
|
||||
// fact could be *during* script initialization if we got
|
||||
// triggered via @load-plugin.
|
||||
current_plugin->InitPreScript();
|
||||
|
||||
// Make sure the name the plugin reports is consistent with
|
||||
// what we expect from its magic file.
|
||||
if ( util::strtolower(current_plugin->Name()) != util::strtolower(name) ) {
|
||||
errors->push_back(util::fmt("inconsistent plugin name: %s vs %s",
|
||||
current_plugin->Name().c_str(), name.c_str()));
|
||||
continue;
|
||||
}
|
||||
|
||||
current_plugin = nullptr;
|
||||
DBG_LOG(DBG_PLUGINS, " Loaded %s", path);
|
||||
}
|
||||
|
||||
globfree(&gl);
|
||||
|
||||
if ( ! errors->empty() )
|
||||
return false;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
DBG_LOG(DBG_PLUGINS, " No shared library found");
|
||||
}
|
||||
|
||||
// Add the "scripts" and "bif" directories to ZEEKPATH.
|
||||
std::string scripts = dir + "scripts";
|
||||
|
||||
|
|
@ -227,104 +297,72 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
|
|||
}
|
||||
}
|
||||
|
||||
// Load shared libraries.
|
||||
|
||||
string dypattern = dir + "/lib/*." + HOST_ARCHITECTURE + DYNAMIC_PLUGIN_SUFFIX;
|
||||
|
||||
DBG_LOG(DBG_PLUGINS, " Searching for shared libraries %s", dypattern.c_str());
|
||||
|
||||
glob_t gl;
|
||||
|
||||
if ( glob(dypattern.c_str(), 0, 0, &gl) == 0 )
|
||||
{
|
||||
for ( size_t i = 0; i < gl.gl_pathc; i++ )
|
||||
{
|
||||
const char* path = gl.gl_pathv[i];
|
||||
|
||||
current_plugin = nullptr;
|
||||
current_dir = dir.c_str();
|
||||
current_sopath = path;
|
||||
void* hdl = dlopen(path, RTLD_LAZY | RTLD_GLOBAL);
|
||||
|
||||
if ( ! hdl )
|
||||
{
|
||||
const char* err = dlerror();
|
||||
reporter->FatalError("cannot load plugin library %s: %s", path, err ? err : "<unknown error>");
|
||||
}
|
||||
|
||||
if ( ! current_plugin )
|
||||
reporter->FatalError("load plugin library %s did not instantiate a plugin", path);
|
||||
|
||||
current_plugin->SetDynamic(true);
|
||||
current_plugin->DoConfigure();
|
||||
DBG_LOG(DBG_PLUGINS, " InitialzingComponents");
|
||||
current_plugin->InitializeComponents();
|
||||
|
||||
plugins_by_path.insert(std::make_pair(util::detail::normalize_path(dir), current_plugin));
|
||||
|
||||
// We execute the pre-script initialization here; this in
|
||||
// fact could be *during* script initialization if we got
|
||||
// triggered via @load-plugin.
|
||||
current_plugin->InitPreScript();
|
||||
|
||||
// Make sure the name the plugin reports is consistent with
|
||||
// what we expect from its magic file.
|
||||
if ( util::strtolower(current_plugin->Name()) != util::strtolower(name) )
|
||||
reporter->FatalError("inconsistent plugin name: %s vs %s",
|
||||
current_plugin->Name().c_str(), name.c_str());
|
||||
|
||||
current_dir = nullptr;
|
||||
current_sopath = nullptr;
|
||||
current_plugin = nullptr;
|
||||
|
||||
DBG_LOG(DBG_PLUGINS, " Loaded %s", path);
|
||||
}
|
||||
|
||||
globfree(&gl);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
DBG_LOG(DBG_PLUGINS, " No shared library found");
|
||||
}
|
||||
|
||||
// Mark this plugin as activated by clearing the path.
|
||||
m->second.clear();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool Manager::ActivateDynamicPlugin(const std::string& name)
|
||||
void Manager::ActivateDynamicPlugin(const std::string& name)
|
||||
{
|
||||
if ( ! ActivateDynamicPluginInternal(name) )
|
||||
return false;
|
||||
|
||||
std::vector<std::string> errors;
|
||||
if ( ActivateDynamicPluginInternal(name, false, &errors) )
|
||||
UpdateInputFiles();
|
||||
return true;
|
||||
else
|
||||
// Reschedule for another attempt later.
|
||||
requested_plugins.insert(std::move(name));
|
||||
}
|
||||
|
||||
bool Manager::ActivateDynamicPlugins(bool all)
|
||||
{
|
||||
void Manager::ActivateDynamicPlugins(bool all) {
|
||||
// Tracks plugins we need to activate as pairs of their names and booleans
|
||||
// indicating whether an activation failure is to be deemed a fatal error.
|
||||
std::set<std::pair<std::string, bool>> plugins_to_activate;
|
||||
|
||||
// Activate plugins that were specifically requested.
|
||||
for ( const auto& x : requested_plugins )
|
||||
plugins_to_activate.emplace(x, false);
|
||||
|
||||
// Activate plugins that our environment tells us to.
|
||||
vector<string> p;
|
||||
util::tokenize_string(util::zeek_plugin_activate(), ",", &p);
|
||||
|
||||
for ( size_t n = 0; n < p.size(); ++n )
|
||||
ActivateDynamicPluginInternal(p[n], true);
|
||||
for ( const auto& x : p )
|
||||
plugins_to_activate.emplace(x, true);
|
||||
|
||||
if ( all )
|
||||
{
|
||||
for ( dynamic_plugin_map::const_iterator i = dynamic_plugins.begin();
|
||||
i != dynamic_plugins.end(); i++ )
|
||||
{
|
||||
if ( ! ActivateDynamicPluginInternal(i->first) )
|
||||
return false;
|
||||
// Activate all other ones we discovered.
|
||||
for ( const auto& x : dynamic_plugins )
|
||||
plugins_to_activate.emplace(x.first, false);
|
||||
}
|
||||
|
||||
// Now we keep iterating over all the plugins, trying to load them, for as
|
||||
// long as we're successful for at least one further of them each round.
|
||||
// Doing so ensures that we can resolve (non-cyclic) load dependencies
|
||||
// independent of any particular order.
|
||||
while ( ! plugins_to_activate.empty() ) {
|
||||
std::vector<std::string> errors;
|
||||
auto plugins_left = plugins_to_activate;
|
||||
|
||||
for ( const auto& x : plugins_to_activate )
|
||||
{
|
||||
if ( ActivateDynamicPluginInternal(x.first, x.second, &errors) )
|
||||
plugins_left.erase(x);
|
||||
}
|
||||
|
||||
if ( plugins_left.size() == plugins_to_activate.size() )
|
||||
{
|
||||
// Could not load a single further plugin this round, that's fatal.
|
||||
for ( const auto& msg : errors )
|
||||
reporter->Error("%s", msg.c_str());
|
||||
|
||||
reporter->FatalError("aborting after plugin errors");
|
||||
}
|
||||
|
||||
plugins_to_activate = std::move(plugins_left);
|
||||
}
|
||||
|
||||
UpdateInputFiles();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void Manager::UpdateInputFiles()
|
||||
|
|
|
|||
|
|
@ -2,9 +2,10 @@
|
|||
|
||||
#pragma once
|
||||
|
||||
#include <utility>
|
||||
#include <map>
|
||||
#include <set>
|
||||
#include <string_view>
|
||||
#include <utility>
|
||||
|
||||
#include "zeek/plugin/Plugin.h"
|
||||
#include "zeek/plugin/Component.h"
|
||||
|
|
@ -79,28 +80,25 @@ public:
|
|||
* Activating a plugin involves loading its dynamic module, making its
|
||||
* bifs available, and adding its script paths to ZEEKPATH.
|
||||
*
|
||||
* This attempts to activate the plugin immediately. If that fails for
|
||||
* some reason, we schedule it to be retried later with
|
||||
* ActivateDynamicPlugins().
|
||||
*
|
||||
* @param name The name of the plugin, as found previously by
|
||||
* SearchPlugin().
|
||||
*
|
||||
* @return True if the plugin has been loaded successfully.
|
||||
*
|
||||
·* SearchPlugin().
|
||||
*/
|
||||
bool ActivateDynamicPlugin(const std::string& name);
|
||||
void ActivateDynamicPlugin(const std::string& name);
|
||||
|
||||
/**
|
||||
* Activates plugins that SearchDynamicPlugins() has previously discovered.
|
||||
* The effect is the same all calling \a ActivePlugin(name) for each plugin.
|
||||
* Activates plugins that SearchDynamicPlugins() has previously discovered,
|
||||
* including any that have failed to load in prior calls to
|
||||
* ActivateDynamicPlugin(). Aborts if any plugins fails to activate.
|
||||
*
|
||||
* @param all If true, activates all plugins that are found. If false,
|
||||
* activates only those that should always be activated unconditionally,
|
||||
* as specified via the ZEEK_PLUGIN_ACTIVATE enviroment variable. In other
|
||||
* words, it's \c true in standard mode and \c false in bare mode.
|
||||
*
|
||||
* @return True if all plugins have been loaded successfully. If one
|
||||
* fails to load, the method stops there without loading any further ones
|
||||
* and returns false.
|
||||
* as specified via the ZEEK_PLUGIN_ACTIVATE environment variable.
|
||||
*/
|
||||
bool ActivateDynamicPlugins(bool all);
|
||||
void ActivateDynamicPlugins(bool all);
|
||||
|
||||
/**
|
||||
* First-stage initializion of the manager. This is called early on
|
||||
|
|
@ -413,11 +411,15 @@ public:
|
|||
static void RegisterBifFile(const char* plugin, bif_init_func c);
|
||||
|
||||
private:
|
||||
bool ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found = false);
|
||||
bool ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found, std::vector<std::string>* errors);
|
||||
void UpdateInputFiles();
|
||||
void MetaHookPre(HookType hook, const HookArgumentList& args) const;
|
||||
void MetaHookPost(HookType hook, const HookArgumentList& args, HookArgument result) const;
|
||||
|
||||
// Plugins that were explicitly requested to be activated, but failed to
|
||||
// load at first.
|
||||
std::set<std::string> requested_plugins;
|
||||
|
||||
// All found dynamic plugins, mapping their names to base directory.
|
||||
using dynamic_plugin_map = std::map<std::string, std::string>;
|
||||
dynamic_plugin_map dynamic_plugins;
|
||||
|
|
|
|||
|
|
@ -91,9 +91,9 @@ function Reporter::fatal_error_with_core%(msg: string%): bool
|
|||
## name: the name of the weird.
|
||||
##
|
||||
## Returns: Always true.
|
||||
function Reporter::net_weird%(name: string%): bool
|
||||
function Reporter::net_weird%(name: string, addl: string &default="", source: string &default=""%): bool
|
||||
%{
|
||||
reporter->Weird(name->CheckString());
|
||||
reporter->Weird(name->CheckString(), addl->CheckString(), source->CheckString());
|
||||
return zeek::val_mgr->True();
|
||||
%}
|
||||
|
||||
|
|
@ -106,9 +106,9 @@ function Reporter::net_weird%(name: string%): bool
|
|||
## resp: the responder host associated with the weird.
|
||||
##
|
||||
## Returns: Always true.
|
||||
function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
|
||||
function Reporter::flow_weird%(name: string, orig: addr, resp: addr, addl: string &default="", source: string &default=""%): bool
|
||||
%{
|
||||
reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString());
|
||||
reporter->Weird(orig->AsAddr(), resp->AsAddr(), name->CheckString(), addl->CheckString(), source->CheckString());
|
||||
return zeek::val_mgr->True();
|
||||
%}
|
||||
|
||||
|
|
@ -121,17 +121,17 @@ function Reporter::flow_weird%(name: string, orig: addr, resp: addr%): bool
|
|||
## addl: additional information to accompany the weird.
|
||||
##
|
||||
## Returns: Always true.
|
||||
function Reporter::conn_weird%(name: string, c: connection, addl: string &default=""%): bool
|
||||
function Reporter::conn_weird%(name: string, c: connection, addl: string &default="", source: string &default=""%): bool
|
||||
%{
|
||||
if ( c )
|
||||
reporter->Weird(c, name->CheckString(), addl->CheckString());
|
||||
reporter->Weird(c, name->CheckString(), addl->CheckString(), source->CheckString());
|
||||
else
|
||||
{
|
||||
auto connection_record = @ARG@[1]->AsRecordVal();
|
||||
auto conn_id_val = connection_record->GetField<RecordVal>("id");
|
||||
auto uid_val = connection_record->GetField<StringVal>("uid");
|
||||
reporter->Weird(conn_id_val, uid_val,
|
||||
name->CheckString(), addl->CheckString());
|
||||
name->CheckString(), addl->CheckString(), source->CheckString());
|
||||
}
|
||||
|
||||
return zeek::val_mgr->True();
|
||||
|
|
@ -146,7 +146,7 @@ function Reporter::conn_weird%(name: string, c: connection, addl: string &defaul
|
|||
## addl: additional information to accompany the weird.
|
||||
##
|
||||
## Returns: true if the file was still valid, else false.
|
||||
function Reporter::file_weird%(name: string, f: fa_file, addl: string &default=""%): bool
|
||||
function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="", source: string&default=""%): bool
|
||||
%{
|
||||
auto fuid = f->AsRecordVal()->GetField(0)->AsStringVal();
|
||||
auto file = zeek::file_mgr->LookupFile(fuid->CheckString());
|
||||
|
|
@ -154,7 +154,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
|
|||
if ( ! file )
|
||||
return zeek::val_mgr->False();
|
||||
|
||||
reporter->Weird(file, name->CheckString(), addl->CheckString());
|
||||
reporter->Weird(file, name->CheckString(), addl->CheckString(), source->CheckString());
|
||||
return zeek::val_mgr->True();
|
||||
%}
|
||||
|
||||
|
|
|
|||
|
|
@ -1405,7 +1405,7 @@ function swap_case%(str: string%) : string
|
|||
%}
|
||||
|
||||
## Converts a string to Title Case. This changes the first character of each sequence of non-space characters
|
||||
## in the string to be capitalized. See https://docs.python.org/2/library/stdtypes.html#str.title for more info.
|
||||
## in the string to be capitalized. See https://docs.python.org/3/library/stdtypes.html#str.title for more info.
|
||||
##
|
||||
## str: The string to convert.
|
||||
##
|
||||
|
|
|
|||
|
|
@ -606,17 +606,8 @@ SetupResult setup(int argc, char** argv, Options* zopts)
|
|||
file_mgr->InitPreScript();
|
||||
zeekygen_mgr->InitPreScript();
|
||||
|
||||
bool missing_plugin = false;
|
||||
|
||||
for ( set<string>::const_iterator i = requested_plugins.begin();
|
||||
i != requested_plugins.end(); i++ )
|
||||
{
|
||||
if ( ! plugin_mgr->ActivateDynamicPlugin(*i) )
|
||||
missing_plugin = true;
|
||||
}
|
||||
|
||||
if ( missing_plugin )
|
||||
reporter->FatalError("Failed to activate requested dynamic plugin(s).");
|
||||
for ( const auto& x : requested_plugins )
|
||||
plugin_mgr->ActivateDynamicPlugin(std::move(x));
|
||||
|
||||
plugin_mgr->ActivateDynamicPlugins(! options.bare_mode);
|
||||
|
||||
|
|
|
|||
24
src/zeek.bif
24
src/zeek.bif
|
|
@ -2537,6 +2537,30 @@ function interval_to_double%(i: interval%): double
|
|||
return zeek::make_intrusive<zeek::DoubleVal>(i);
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`count` to a :zeek:type:`double`.
|
||||
##
|
||||
## c: The :zeek:type:`count` to convert.
|
||||
##
|
||||
## Returns: The :zeek:type:`count` *c* as :zeek:type:`double`.
|
||||
##
|
||||
## .. zeek:see:: int_to_double double_to_count
|
||||
function count_to_double%(c: count%): double
|
||||
%{
|
||||
return zeek::make_intrusive<zeek::DoubleVal>(c);
|
||||
%}
|
||||
|
||||
## Converts an :zeek:type:`int` to a :zeek:type:`double`.
|
||||
##
|
||||
## i: The :zeek:type:`int` to convert.
|
||||
##
|
||||
## Returns: The :zeek:type:`int` *i* as :zeek:type:`double`.
|
||||
##
|
||||
## .. zeek:see:: count_to_double double_to_count
|
||||
function int_to_double%(i: int%): double
|
||||
%{
|
||||
return zeek::make_intrusive<zeek::DoubleVal>(i);
|
||||
%}
|
||||
|
||||
## Converts a :zeek:type:`time` value to a :zeek:type:`double`.
|
||||
##
|
||||
## t: The :zeek:type:`time` to convert.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-06-07-01-59-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1254722767.875996 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
||||
1437831787.861602 CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
||||
1437831799.610433 C3eiCBGOLw3VtHfOj 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek
|
||||
#close 2019-06-07-01-59-08
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.133.100 49655 17.167.150.73 443 base64_illegal_encoding incomplete base64 group, padding with 12 bits of 0 F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -4,3 +4,6 @@
|
|||
3600.0
|
||||
86400.0
|
||||
1342748947.655087
|
||||
0.0
|
||||
10000.0
|
||||
-41.0
|
||||
|
|
|
|||
|
|
@ -1,103 +1,104 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-07
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784981.078396 - 127.0.0.1 0 127.0.0.1 0 bad_IP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-07
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 127.0.0.1 0 127.0.0.1 0 bad_IP_checksum - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784885.686428 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-08
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F zeek TCP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784933.501023 CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-08
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F zeek UDP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-09
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075363.536871 CHhAvVGS1DHFjwGM9 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-09
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F zeek ICMP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-10
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785210.013051 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
||||
1332785210.013051 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-10
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F zeek TCP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-10
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782580.798420 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
||||
1332782580.798420 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-10
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F zeek UDP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-11
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075111.800086 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
||||
1334075111.800086 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-11
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F zeek ICMP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-11
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785250.469132 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-11
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F zeek TCP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332781342.923813 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-12
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F zeek UDP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-12
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek ICMP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,70 +1,71 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek
|
||||
#close 2020-10-14-18-44-12
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F zeek ICMP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785125.596793 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-15
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782508.592037 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-15
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::2 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-44-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek
|
||||
#close 2020-10-14-18-44-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:78:1:32::1 0 routing0_hdr - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,471 +1,472 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-18-45-20
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6300::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557630.000000 - - - - - unknown_ip_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:9ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:2304:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:28fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:2a29:: 0 0:80:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:fcff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff32:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929:1000:0:6904:27ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:3afd:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:c200:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:700:fe:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:21ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:ffff:ffff:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ff7f:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:ff3a 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:0:ff00:69:2980:0:69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:e374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:2705:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:63ce:80:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:0:4:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7df 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ff01:: 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:71fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:2:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0:7265:6374:6929:ff:0:27ff:28 0 126:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:69ff:ff00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:fef9:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:40 0 bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:8000::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 38bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:80:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:ff:ff00:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:180:: 0 bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:0:ff00:69:2980:0:29 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929:600:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7463:2a72:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b000:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0:7265:6374:6929:ff:27:a800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.65.95 0 ip_hdr_len_zero - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.65.95 0 invalid_IP_header_size - F zeek
|
||||
1500557631.000000 - b100:7265:6374:7129:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b101:0:74:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fb03:12ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 400:fffe:bfff::ecec:ecfc:ecec 0 ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:aa29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:2600:0:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:0:1000:6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 ff00:bf3b:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b800:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:91:8bd6:ff00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:5445:52ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fff7:820 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b198:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929:0:100:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:0:100:0:480:ffbf 0 3bff:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:2:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:fff8:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9cc2:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ff21:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:ffff:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7229:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b104:7265:6374:2a29::6904:ff 0 3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.255.255 0 ip_hdr_len_zero - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.255.255 0 invalid_IP_header_size - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6900:8000:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:4900:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:636f:6d29::5704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:723a:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0:7265:6374:6929:ff:0:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929:100:0:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:0:ffff:6804:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:0 0 80bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6827:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40::80ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:908 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00::ffff:ff03:bffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6300:0:8000:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:8e00:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:9f74:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f701 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8004:ff 0 3b3f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:fbff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9529:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:3600:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bb7:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.53.0.0 0 ip_hdr_len_zero - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.53.0.0 0 invalid_IP_header_size - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:39:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929:0:8000:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7228:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff80::ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7fc 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c00:7265:6374:6929::6927:ff 0 100:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7200:6300:4:ff27:65fe:bfff:ff 0 ffff:0:ffff:ff3a:f700:8000:20:8ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:47:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f706 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265::6904:2aff 0 c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300::8001:0 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:900:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7d8 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - ffff:ff27:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:f7ff:fdff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:0:3a00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:63ce:29:69:7400:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:6500:72:6369:2a:2900:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:2100::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:100:: 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek
|
||||
1500557631.000000 - 0.0.0.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:1:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929:0:69:4:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557631.000000 - b100:7265:6374:6929::ff:3bff 0 4bf:8080:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:0:4ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:63f4:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:637b:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:340:80:ffef:ffff:fffd:f7fb 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b300:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:ae74:6929:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:1 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:ff:ffff:ffff:ffff 0 ffbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ff01:1:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:0:4:0:80ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:0:40ff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:434f:4e54:454e:5453:5f44 0 4ebf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:fff7:ffff:fdff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:0:80::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:900 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3b01::ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:3a00:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::692a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:40:8:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:bf 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:69a9::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:5265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::97fb:ff00 0 c440:108:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:8000 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 32.0.8.99 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:6980:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::693b:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 0.0.0.0 0 0.255.255.255 0 ip_hdr_len_zero - F zeek
|
||||
1500557632.000000 - 0.0.0.0 0 0.255.255.255 0 invalid_IP_header_size - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6928:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:5049:415f:5544:5000:0:6904:5544 0 50bf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:0:1000:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:3c0:ffff::fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 fe:8d9a:948b:96d6:ff00:21:6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8014:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6301::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:63ce:69:7421:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:d529:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff27:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - ffff:ffff:ffff:ffff::8004:ff 0 ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 7200:65:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7263:692a:7429::6904:ff 0 3b:bf00:40ff:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6306:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffe:1ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 50ff:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6900:2900:0:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6305:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 101.99.116.105 0 41.0.255.0 0 invalid_IP_header_size - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 ::40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 0:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 2700:7265:6300:0:100:0:8004:ff00 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7200:400:65:6327:101:3ffe:ff 0 ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:637c:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:e374:6929::6904:ff 0 3bbf:ff00:40:a:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:fd00:40:0:fffc:ffff:f720:fd3a 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:722a:2374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ff01:0 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:fff2:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:2704:40:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:ff 0 6800:f265:6374:6929:11:27:c00:68 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:725f:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7200:400:65:6327:fffe:bfff:0 0 5000:ff:ffff:ffff:fdf7:ff3a:2000:800 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:8000:0 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:722a:6374:6929:400:4:0:ff69 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 7dbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8084:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:0:ffff:ffff:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29:100:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ff00:ffff:3a20:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a22:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b300:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40::ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:80:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:3a 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff00:0:8080 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2008:2b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:3b00:ff:0:6929:0:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:9:0:9704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:80fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ffcc:c219:aa00:0:c9:640d:eb3c 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:a78b:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bff:4000:bf00:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:5265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7218:400:65:6327:fffe:bfff:ff 0 ffff:20:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 71.97.99.109 0 0.16.0.41 0 ip_hdr_len_zero - F zeek
|
||||
1500557632.000000 - 71.97.99.109 0 0.16.0.41 0 invalid_IP_header_size - F zeek
|
||||
1500557632.000000 - b100:7221:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:7fef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:d0d6:ffff:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:6:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ecff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffef:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:e929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:27ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 3a00:7265:6374:6929::8004:ff 0 c540:fe:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:40:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 65:63b1:7274:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::2104:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6328:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - f100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:72:6328:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7200:400:65:ffff:ffff:ffff:ffff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:fdff:ffff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6127:fb 0 3bbf:6500:6fd:188:4747:4747:61fd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:7fff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:27ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff4e:5654:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374::80:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:3b 0 ff:ffbf:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:6500:91:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:840:ff:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6301::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:ffff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:0:ff3b:bf:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:10ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6329:ffff:2a74:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:3b70:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 143.9.0.0 0 0.98.0.237 0 ip_hdr_len_zero - F zeek
|
||||
1500557632.000000 - 143.9.0.0 0 0.98.0.237 0 invalid_IP_header_size - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 fffb:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7200:6365::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e00:0:704c 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557632.000000 - b100:7265:6374:6909::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:feff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:2a60 0 3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 2a72:6300:b165:7429:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:639a:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::ff00:480 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:0:8:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b000:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:21e6:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6301:0:29:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::3b04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::8804:ff 0 3bbf:ff80:40:0:ffff:ffff:102:800 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 33bf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3b9f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b13b:bfff:0:4000:ff:ffff:ffff:fdf7 0 ff3a:2000:800:1e04:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:0 0 ::80:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b165:6300:7274:6929::400:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff3b 0 0:bfff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::3b:bfff 0 ff04:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:74a9:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:2aff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:6374:65:69:7229:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6377:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b128:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:2700:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:722a:6374:6929::6904:ff 0 3bbf:fd00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:722a:6374:6929::6968:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:7429:0:6904:ff 0 3bff:bf00:40:0:ffff:ffff:fffd:e7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7261:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:7929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:df00::80ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7263:65ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:f8:0:ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:692d::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::4:fd 0 c3bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:3b 0 bf:ffff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6900:ec00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 e21e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6928:ffff:fd00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::ff00:bfff 0 3b00:400:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:520:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ffff 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:28:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::80fb:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c2a:7200:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:693a::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929:0:fffe:bfff:ff 0 ffff:ff68:0:4000:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ef 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::4:ff 0 3bbf:2700:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:27:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::2a:0 0 ::6a:ffff:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6900:a:400:2a29:3b2a 0 ffbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:6500:72:6369:2a29:3b00:690a:ff 0 3bbf:fb00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:722a:6374:: 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:2aff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7200:63:65::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:fc 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6900:0 0 80bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:63ce:69:2129:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:3a:ffef:ff:ffff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:9265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:dffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:: 0 80:ff00:40:0:1ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:724a:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:f6 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:0 0 ffff:ff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6500:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:0:a:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6900::2900:0 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 68.80.95.104 0 109.115.117.0 0 ip_hdr_len_zero - F zeek
|
||||
1500557633.000000 - 68.80.95.104 0 109.115.117.0 0 invalid_IP_header_size - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:692b::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6900:29:0:6914:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 8:1e:400:ff00:0:3200:8004:ff 0 3bff:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:f7fd 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:8ba:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300::8004:ff 0 48bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7365:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:5600:800:2b00:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 0:7265:6374:6929:ff:6:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6909::6904:ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ff48:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:7400:2969:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:c5:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265::6904:2a3a 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:f9ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7261:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9fd6:ffff:2:800 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6300:69:7429:8000:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - ffff:ffff:ffff:ffff:: 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:400:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::ff00:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:fffe:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:ffff::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 4f00:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929::6904:ff 0 3b1e:8000::6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:1:400:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 0.255.255.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek
|
||||
1500557633.000000 - 0.255.255.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:342b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:6929:400:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:7265:6374:6929::6927:ff 0 3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - b100:7265:1::69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557633.000000 - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:ffff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:722a:6374:6929:1001:900:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:40:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:722a:6374:6929::6904:eff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - ffdb:ffff:3b00::ff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:6929:ffff:ffff:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6300:669:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:6929::693b:bdff 0 0:4000:ff:ffff:fdff:fff7:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 0.71.103.97 0 99.116.0.128 0 invalid_IP_header_size - F zeek
|
||||
1500557634.000000 - b100:7265:6300::8004:ff 0 3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:63ce:69:7429:0:690a:b1 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 6500:0:6fd:188:4747:4747:6163:7400 0 0:2c29:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:722a:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:6500:72:6369:2900:2a00:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:2a29::6904:ff 0 29bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:10:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:7265:6374:6929::612f:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ffc3:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:722a:6374:6929:1000:100:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:6374:6929:ff:ffff:ff04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - b100:7265:0:ff00:69:2980:0:69 0 c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
1500557634.000000 - 9c00:7265:6374:69d1::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
#close 2020-10-14-18-45-20
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - - - - - unknown_ip_version - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:9ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2304:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:28fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:: 0 0:80:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fb2a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffbf:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:fcff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff32:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:27ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:3afd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:c200:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:700:fe:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:21ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ff7f:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:ff3a 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:e374:6929::6927:ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2705:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:80:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:0:4:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7df 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:0:ffff:ff01:: 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:71fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:2:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:0:27ff:28 0 126:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:fffe:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ff00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:fef9:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff3a:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:40 0 bf:ff3b:0:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:8000::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 38bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:69ff:ffff:ffff:ffff:ffff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:80:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:5:1ff:f7ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ff00:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:180:: 0 bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:29 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:600:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7463:2a72:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b000:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:a800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:f9fe:ffbf:ffff:0:ff28:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.65.95 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.65.95 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:7129:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b101:0:74:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7fd 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fb03:12ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 400:fffe:bfff::ecec:ecfc:ecec 0 ecec:ecec:ecec:ec00:ffff:ffff:fffd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:aa29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:2600:0:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:1000:6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 ff00:bf3b:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b800:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:f2:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:3a40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:91:8bd6:ff00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:5445:52ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:8b:0:ffff:ffff:f7fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fff7:820 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:9d8b:d5d5:ffff:fffc:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b198:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:100:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:480:ffbf 0 3bff:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:2:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:fff8:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9cc2:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:f8fe:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ff21:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:ffff:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7229:6374:6929::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b104:7265:6374:2a29::6904:ff 0 3bbf:ff03:40:0:ffff:ffff:f5fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.255.255 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.255.255 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:8000:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:4900:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:636f:6d29::5704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:723a:6374:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00::ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:0:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:100:0:6127:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:ffff:6804:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:0 0 80bf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6827:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:440:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff00:40::80ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:908 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00::ffff:ff03:bffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6300:0:8000:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:8e00:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:9f74:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f701 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3b3f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:7d6d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:fbff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9529:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:3600:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bb7:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.53.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.53.0.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:39:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:ffff:fbfd:ffff:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:8000:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7228:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff80::ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7fc 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 100:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:6300:4:ff27:65fe:bfff:ff 0 ffff:0:ffff:ff3a:f700:8000:20:8ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:47:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f706 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 c540:ff:ffbf:ffde:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8001:0 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:f8:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:900:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7d8 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ff27:ffff:ffff::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:f7ff:fdff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:3a00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:0:ff40:ff00:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:29:69:7400:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a:2900:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:2100::8004:ef 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:5f70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:100:: 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:1:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:69:4:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff:3bff 0 4bf:8080:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:0:4ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63f4:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:0:400:2a29:2aff 0 3bbf:ff00:3a:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:637b:6929::6904:ff 0 3b00:40:ffbf:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:340:80:ffef:ffff:fffd:f7fb 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b300:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:ae74:6929:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:6929::6904:1 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ffff:ffff:ffff 0 ffbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ff01:1:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:4:0:80ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:0:40ff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ff7a:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:434f:4e54:454e:5453:5f44 0 4ebf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:ff:ff:fff7:ffff:fdff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:0:80::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:900 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3b01::ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:3a00:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::692a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:ffff:ffd8:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:40:8:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:bf 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:69a9::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:5265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::97fb:ff00 0 c440:108:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:8000 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 32.0.8.99 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:6980:ff 0 3bbf:8000:40:0:16ef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::693b:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.255.255.255 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.0.0.0 0 0.255.255.255 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6928:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:5049:415f:5544:5000:0:6904:5544 0 50bf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:1000:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:3c0:ffff::fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 fe:8d9a:948b:96d6:ff00:21:6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8014:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6301::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7421:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:d529:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff27:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff02:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 ffff:ffff:ffff:ff00:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 7200:65:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7263:692a:7429::6904:ff 0 3b:bf00:40ff:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6306:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffe:1ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 50ff:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6900:2900:0:6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6305:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 101.99.116.105 0 41.0.255.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 ::40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6900:0:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 2700:7265:6300:0:100:0:8004:ff00 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:101:3ffe:ff 0 ffff:0:ffff:ff3a:2000:f8d4:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:ff:ff00:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:637c:6900:0:400:2a29:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:e374:6929::6904:ff 0 3bbf:ff00:40:a:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:fd00:40:0:fffc:ffff:f720:fd3a 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:2374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ef 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ff01:0 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:fff2:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:40:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 6800:f265:6374:6929:11:27:c00:68 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:725f:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:0 0 5000:ff:ffff:ffff:fdf7:ff3a:2000:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:8000:0 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:4:0:ff69 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 7dbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8084:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:ffff:ffff:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:100:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ff00:ffff:3a20:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ff7d:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a22:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b300:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40::ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:80:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:3a 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff00:0:8080 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2008:2b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:3b00:ff:0:6929:0:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:9:0:9704:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:80fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ffcc:c219:aa00:0:c9:640d:eb3c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:a78b:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bff:4000:bf00:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:5265:6300::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7218:400:65:6327:fffe:bfff:ff 0 ffff:20:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 71.97.99.109 0 0.16.0.41 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 71.97.99.109 0 0.16.0.41 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7221:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:7fef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:d0d6:ffff:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:6:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:0:ecff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffef:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:e929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:27ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 3a00:7265:6374:6929::8004:ff 0 c540:fe:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:40:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 65:63b1:7274:6929::8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::2104:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6328:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - f100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6328:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:ffff:ffff:ffff:ffff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:fdff:ffff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:fb 0 3bbf:6500:6fd:188:4747:4747:61fd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:7fff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:27ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff4e:5654:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374::80:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:3b 0 ff:ffbf:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:91:6369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:ff3a:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:840:ff:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6301::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:ffff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:0:ff3b:bf:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:10ff 0 0:7265:6374:6929::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6329:ffff:2a74:ffff:ffff:ffff 0 3bbf:ff00:40:6e:756d:3b70:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 143.9.0.0 0 0.98.0.237 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 143.9.0.0 0 0.98.0.237 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:feff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 fffb:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:6365::8004:ff 0 3bbf:ff00:840:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:27:2800:ff 0 100:0:143:4f4e:5445:4e00:0:704c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ff02:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6909::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:100:0:4:ff 0 3bbf:ff00:40:0:feff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2a60 0 3bbf:ff00:40:21:ffff:ffff:ffbd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6127:ff 0 3bbf:ff00:8040:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 2a72:6300:b165:7429:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:639a:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff00:480 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:8:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b000:7265:63ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:21e6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6301:0:29:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:ff:ff40:0:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::3b04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8804:ff 0 3bbf:ff80:40:0:ffff:ffff:102:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 33bf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3b9f:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b13b:bfff:0:4000:ff:ffff:ffff:fdf7 0 ff3a:2000:800:1e04:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:0 0 ::80:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b165:6300:7274:6929::400:ff 0 3bbf:ff00:40:0:ffff:ffff:f7fd:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff3b 0 0:bfff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::3b:bfff 0 ff04:0:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:74a9:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bbf:ff00:40:0:ffff:2aff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6374:65:69:7229:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6377:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b128:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:2700:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:ff 0 3bbf:fd00:40:0:ffff:ffff:ffff:3af7 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6968:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:6904:ff 0 3bff:bf00:40:0:ffff:ffff:fffd:e7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7261:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:7929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:df00::80ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7263:65ce:69:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff::8004:ff 0 3bbf:ff01:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:f8:0:ff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:692d::6927:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:fd 0 c3bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:3b 0 bf:ffff:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:ec00:400:2a29:6aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 e21e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6928:ffff:fd00:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:40:0:ffff:ff3b:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff00:bfff 0 3b00:400:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:520:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ffff 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 3bbf:ff00:28:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::80fb:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c2a:7200:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:693a::6127:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c20:722a:6374:6929:800:0:6904:ff 0 3bbf:ff00:40:0:ffff:ff7f:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929:0:fffe:bfff:ff 0 ffff:ff68:0:4000:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:82b:0:f7ef 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:2700:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6904:ff 0 3bbf:ff00:40:27:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::2a:0 0 ::6a:ffff:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:a:400:2a29:3b2a 0 ffbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b1ff:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:3b00:690a:ff 0 3bbf:fb00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:: 0 ffff:ffff:ffff:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:2aff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29:ffff:ffff:ffff:ffff 0 3bbf:ff00:40:9500:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:63:65::8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:fc 0 ffff:0:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6900:0 0 80bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:2129:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2a29:0:690a:ff 0 3bbf:ff00:40:3a:ffef:ff:ffff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3bbf:ff00:c1:800:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:9265:6300:69:7429:0:690a:ff 0 40:3bff:bf:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:dffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:: 0 80:ff00:40:0:1ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:724a:6374:6929:: 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:f6 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:0 0 ffff:ff:ffff:ff3a:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6500:0:100:0:8004:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:0:a:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900::2900:0 0 80:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 68.80.95.104 0 109.115.117.0 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 68.80.95.104 0 109.115.117.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6374:692b::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6900:29:0:6914:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:e369:2a29:0:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 8:1e:400:ff00:0:3200:8004:ff 0 3bff:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:f7fd 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:8ba:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 48bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7365:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ff3a:5600:800:2b00:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:4021:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0:7265:6374:6929:ff:6:27ff:28 0 100:0:143:4f4e:5445:4e54:535f:524c 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 0:7265:6b74:6909::6904:ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::4:ff 0 3bbf:ff00:40:0:ffff:ff48:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:7400:2969:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:0:690a:ff 0 40:3bff:c5:0:ffff:ffff:fdff:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265::6904:2a3a 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:f9ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7261:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:9fd6:ffff:2:800 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:69:7429:8000:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffff:ffff:ffff:ffff:: 0 ::40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff80:40:400:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::ff00:ff 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:2aff 0 3bbf:ff00:40:21:fffe:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:ffff::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 4f00:7265:6374:6929::6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b1e:8000::6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:1:400:8004:ff 0 3bbf:ff80:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.255.255.0 0 0.0.0.0 0 ip_hdr_len_zero - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - 0.255.255.0 0 0.0.0.0 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:4:0:6904:ff 0 3b1e:400:ff:0:6929:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7200:400:65:6327:fffe:bfff:ff 0 ffff:0:ffff:ff3a:2000:342b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:400:0:4:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::6927:ff 0 3bbf:ffa8:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffdd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:1::69 0 c400:ff3b:bfff:0:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:400:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:ffff:ffff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1001:900:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::8004:ff 0 3bbf:ff00:40:0:40:0:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929::6904:eff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - ffdb:ffff:3b00::ff:ffff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:60:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ffff:ffff:8004:ff 0 3bbf:ff80:ffff:0:4000:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:669:7429:0:690a:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::693b:bdff 0 0:4000:ff:ffff:fdff:fff7:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 0.71.103.97 0 99.116.0.128 0 invalid_IP_header_size - F zeek IP
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300::8004:ff 0 3bbf:ff00:40:ff00:ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:0:690a:b1 0 3bbf:ff00:40:0:ffff:ffff:ffe6:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:63ce:69:7429:db00:690a:ff 0 3bbf:ff00:40:0:29ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 6500:0:6fd:188:4747:4747:6163:7400 0 0:2c29:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:8000:0:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:6500:72:6369:2900:2a00:690a:ff 0 3bbf:ff00:40:0:ffef:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:2a29::6904:ff 0 29bf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929::6904:ff 0 3b00:40:ffbf:10:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:6929::612f:fb 0 3bbf:ff00:40:0:ffff:ffff:fbfd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6300:2704:0:fffe:bfff:ff 0 ffff:0:ffff:ffc3:2000:82b:0:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:722a:6374:6929:1000:100:6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f728 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:6374:6929:ff:ffff:ff04:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - b100:7265:0:ff00:69:2980:0:69 0 c4ff:bf00:ff00:3b:40ff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
XXXXXXXXXX.XXXXXX - 9c00:7265:6374:69d1::6904:ff 0 3bbf:ff00:40:0:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-06-07-01-59-25
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1425182592.408334 - - - - - negative_packet_timestamp - F zeek
|
||||
#close 2019-06-07-01-59-25
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - - - - - negative_packet_timestamp - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,81 +1,82 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334160095.895421 - - - - - truncated_IP - F zeek
|
||||
#close 2020-10-14-19-20-15
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - - - - - truncated_IP - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334156241.519125 - - - - - truncated_IP - F zeek
|
||||
#close 2020-10-14-19-20-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - - - - - truncated_IP - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334094648.590126 - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:4f8:4:7:2e0:81ff:fe52:9a6b 0 truncated_IPv6 - F zeek
|
||||
#close 2020-10-14-19-20-16
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 2001:4f8:4:7:2e0:81ff:fe52:ffff 0 2001:4f8:4:7:2e0:81ff:fe52:9a6b 0 truncated_IPv6 - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-17
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1338328954.078361 - 10.0.0.1 0 192.0.43.10 0 internally_truncated_header - F zeek
|
||||
1338328954.099743 - 192.0.43.10 0 10.0.0.1 0 internally_truncated_header - F zeek
|
||||
#close 2020-10-14-19-20-17
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 10.0.0.1 0 192.0.43.10 0 internally_truncated_header - F zeek -
|
||||
XXXXXXXXXX.XXXXXX - 192.0.43.10 0 10.0.0.1 0 internally_truncated_header - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-18
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1404148886.981015 - - - - - truncated_ethernet_frame - F zeek
|
||||
#close 2020-10-14-19-20-18
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - - - - - truncated_ethernet_frame - F zeek ETHERNET
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 invalid_IP_header_size - F zeek
|
||||
#close 2020-10-14-19-20-19
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 163.253.48.183 0 192.150.187.43 0 invalid_IP_header_size - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 internally_truncated_header - F zeek
|
||||
#close 2020-10-14-19-20-19
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 163.253.48.183 0 192.150.187.43 0 internally_truncated_header - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-10-14-19-20-20
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - 0.255.0.255 0 15.254.2.1 0 invalid_IP_header_size_in_tunnel - F zeek
|
||||
#close 2020-10-14-19-20-20
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - 0.255.0.255 0 15.254.2.1 0 invalid_IP_header_size_in_tunnel - F zeek IP
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,20 +1,21 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-06-07-02-20-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - ff00:0:6929::6904:ff:3bbf 0 ffff:0:69:2900:0:69:400:ff3b 0 invalid_inner_IP_version_in_tunnel - F zeek
|
||||
#close 2019-06-07-02-20-03
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - ff00:0:6929::6904:ff:3bbf 0 ffff:0:69:2900:0:69:400:ff3b 0 invalid_inner_IP_version_in_tunnel - F zeek IPTUNNEL
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2019-06-07-02-20-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek
|
||||
#close 2019-06-07-02-20-03
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX - b100:7265::6904:2aff 0 3bbf:ff00:40:21:ffff:ffff:fffd:f7ff 0 invalid_inner_IP_version - F zeek IPTUNNEL
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,11 +1,12 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-06-17-36-24
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek
|
||||
1340127577.346849 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek
|
||||
#close 2020-07-06-17-36-24
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek TEREDO
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek TEREDO
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue