⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
Download (351 KB)
Support #2956
» eve.json
Hanif Prasetiyo
, 06/11/2019 08:50 PM
{
"timestamp"
:
"2019-06-11T13:33:06.926884Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
9
,
"capture"
:{
"kernel_packets"
:
8
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
8
,
"bytes"
:
756
,
"invalid"
:
0
,
"ipv4"
:
7
,
"ipv6"
:
1
,
"ethernet"
:
8
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
4
,
"udp"
:
4
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
94
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
1
,
"udp"
:
3
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
3
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:14.973788Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
17
,
"capture"
:{
"kernel_packets"
:
11
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
11
,
"bytes"
:
1019
,
"invalid"
:
0
,
"ipv4"
:
10
,
"ipv6"
:
1
,
"ethernet"
:
11
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7
,
"udp"
:
4
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
92
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
1
,
"udp"
:
3
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755840
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
3
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:23.004518Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
26
,
"capture"
:{
"kernel_packets"
:
22
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
22
,
"bytes"
:
2003
,
"invalid"
:
0
,
"ipv4"
:
21
,
"ipv6"
:
2
,
"ethernet"
:
22
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
15
,
"udp"
:
7
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
91
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
4
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756608
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:30.004457Pacific Daylight Time"
,
"flow_id"
:
1858999552783256
,
"event_type"
:
"flow"
,
"src_ip"
:
"fe80:0000:0000:0000:58b4:8426:d923:009a"
,
"src_port"
:
52669
,
"dest_ip"
:
"ff02:0000:0000:0000:0000:0000:0001:0003"
,
"dest_port"
:
5355
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
86
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:32:59.013208Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:32:59.013208Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:33:30.004457Pacific Daylight Time"
,
"flow_id"
:
1908597835117811
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
52669
,
"dest_ip"
:
"224.0.0.252"
,
"dest_port"
:
5355
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
66
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:32:59.013555Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:32:59.013555Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:33:31.004515Pacific Daylight Time"
,
"flow_id"
:
1332007065555829
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
137
,
"dest_ip"
:
"10.0.2.255"
,
"dest_port"
:
137
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
184
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:32:59.332661Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:00.083169Pacific Daylight Time"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:33:31.020538Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
34
,
"capture"
:{
"kernel_packets"
:
26
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
26
,
"bytes"
:
2393
,
"invalid"
:
0
,
"ipv4"
:
25
,
"ipv6"
:
2
,
"ethernet"
:
26
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
19
,
"udp"
:
7
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
92
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
5
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
2
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
3
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
2
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
2
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65533
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:39.036008Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
42
,
"capture"
:{
"kernel_packets"
:
26
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
26
,
"bytes"
:
2393
,
"invalid"
:
0
,
"ipv4"
:
25
,
"ipv6"
:
2
,
"ethernet"
:
26
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
19
,
"udp"
:
7
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
92
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
5
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756096
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
3
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:47.051391Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
50
,
"capture"
:{
"kernel_packets"
:
26
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
26
,
"bytes"
:
2393
,
"invalid"
:
0
,
"ipv4"
:
25
,
"ipv6"
:
2
,
"ethernet"
:
26
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
19
,
"udp"
:
7
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
92
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
5
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756096
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
0
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
3
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:33:52.019967Pacific Daylight Time"
,
"flow_id"
:
262817908261350
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
52835
,
"dest_ip"
:
"224.0.0.253"
,
"dest_port"
:
3544
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
82
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:33:20.655846Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:20.655846Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:33:55.066688Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
58
,
"capture"
:{
"kernel_packets"
:
30
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
30
,
"bytes"
:
2767
,
"invalid"
:
0
,
"ipv4"
:
29
,
"ipv6"
:
2
,
"ethernet"
:
30
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
21
,
"udp"
:
9
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
92
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
7
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
4
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:00.004196Pacific Daylight Time"
,
"flow_id"
:
558569354887403
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49671
,
"dest_ip"
:
"52.139.250.253"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
2
,
"bytes_toserver"
:
181
,
"bytes_toclient"
:
239
,
"start"
:
"2019-06-11T13:32:59.786667Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:32:59.863632Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:34:03.082706Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
66
,
"capture"
:{
"kernel_packets"
:
32
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
32
,
"bytes"
:
2869
,
"invalid"
:
0
,
"ipv4"
:
29
,
"ipv6"
:
2
,
"ethernet"
:
32
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
21
,
"udp"
:
9
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
89
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
7
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
5
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
1
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
1
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:11.113428Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
74
,
"capture"
:{
"kernel_packets"
:
36
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
36
,
"bytes"
:
3289
,
"invalid"
:
0
,
"ipv4"
:
33
,
"ipv6"
:
2
,
"ethernet"
:
36
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
25
,
"udp"
:
9
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
91
,
"max_pkt_size"
:
179
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
5
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
5
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
5
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:13.019180Pacific Daylight Time"
,
"flow_id"
:
1116509229828092
,
"event_type"
:
"flow"
,
"src_ip"
:
"117.18.232.200"
,
"src_port"
:
443
,
"dest_ip"
:
"10.0.2.15"
,
"dest_port"
:
49725
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
209
,
"bytes_toclient"
:
54
,
"start"
:
"2019-06-11T13:33:12.739324Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:12.739419Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:34:14.004369Pacific Daylight Time"
,
"flow_id"
:
1618794917770402
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49734
,
"dest_ip"
:
"40.77.226.250"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
2
,
"bytes_toserver"
:
108
,
"bytes_toclient"
:
120
,
"start"
:
"2019-06-11T13:33:13.504994Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:13.739812Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:34:19.144836Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
82
,
"capture"
:{
"kernel_packets"
:
42
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
47
,
"bytes"
:
4611
,
"invalid"
:
0
,
"ipv4"
:
44
,
"ipv6"
:
2
,
"ethernet"
:
47
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
33
,
"udp"
:
12
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
98
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
6
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756096
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
6
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
7
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:27.160344Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
90
,
"capture"
:{
"kernel_packets"
:
49
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
49
,
"bytes"
:
4969
,
"invalid"
:
0
,
"ipv4"
:
46
,
"ipv6"
:
2
,
"ethernet"
:
49
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
33
,
"udp"
:
14
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
101
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
7
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:35.175113Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
98
,
"capture"
:{
"kernel_packets"
:
52
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
52
,
"bytes"
:
5506
,
"invalid"
:
0
,
"ipv4"
:
49
,
"ipv6"
:
2
,
"ethernet"
:
52
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
33
,
"udp"
:
17
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
105
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
7
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:43.190713Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
106
,
"capture"
:{
"kernel_packets"
:
53
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
53
,
"bytes"
:
5685
,
"invalid"
:
0
,
"ipv4"
:
50
,
"ipv6"
:
2
,
"ethernet"
:
53
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
33
,
"udp"
:
18
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
107
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
7
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:45.003384Pacific Daylight Time"
,
"flow_id"
:
1352006585711573
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
138
,
"dest_ip"
:
"10.0.2.255"
,
"dest_port"
:
138
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
258
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:34:14.424917Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:34:14.424917Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:34:49.003338Pacific Daylight Time"
,
"flow_id"
:
964828167148874
,
"event_type"
:
"flow"
,
"src_ip"
:
"52.114.158.52"
,
"src_port"
:
443
,
"dest_ip"
:
"10.0.2.15"
,
"dest_port"
:
49732
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
60
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:33:48.333130Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:48.333130Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:34:51.019098Pacific Daylight Time"
,
"flow_id"
:
1437476433299329
,
"event_type"
:
"flow"
,
"src_ip"
:
"52.114.158.52"
,
"src_port"
:
443
,
"dest_ip"
:
"10.0.2.15"
,
"dest_port"
:
49733
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
60
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:33:50.657281Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:33:50.657281Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:34:51.190966Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
114
,
"capture"
:{
"kernel_packets"
:
57
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
57
,
"bytes"
:
6041
,
"invalid"
:
0
,
"ipv4"
:
52
,
"ipv6"
:
2
,
"ethernet"
:
57
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
33
,
"udp"
:
20
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
105
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755840
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
9
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
1
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
1
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:34:59.206016Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
122
,
"capture"
:{
"kernel_packets"
:
61
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
61
,
"bytes"
:
6431
,
"invalid"
:
0
,
"ipv4"
:
56
,
"ipv6"
:
2
,
"ethernet"
:
61
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
37
,
"udp"
:
20
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
105
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
8
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755584
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
10
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:03.007311Pacific Daylight Time"
,
"flow_id"
:
558569359071570
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49671
,
"dest_ip"
:
"52.139.250.253"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
2
,
"bytes_toserver"
:
181
,
"bytes_toclient"
:
239
,
"start"
:
"2019-06-11T13:34:02.317778Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:34:02.394124Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:35:07.011261Pacific Daylight Time"
,
"flow_id"
:
880790691754785
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
55235
,
"dest_ip"
:
"239.255.255.250"
,
"dest_port"
:
1900
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
1074
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:34:21.635681Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:34:36.690780Pacific Daylight Time"
,
"age"
:
15
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:35:07.221924Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
130
,
"capture"
:{
"kernel_packets"
:
61
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
61
,
"bytes"
:
6431
,
"invalid"
:
0
,
"ipv4"
:
56
,
"ipv6"
:
2
,
"ethernet"
:
61
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
37
,
"udp"
:
20
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
105
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755584
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
11
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:15.222684Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
138
,
"capture"
:{
"kernel_packets"
:
67
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
67
,
"bytes"
:
7105
,
"invalid"
:
0
,
"ipv4"
:
62
,
"ipv6"
:
2
,
"ethernet"
:
67
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
41
,
"udp"
:
22
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
106
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:23.237151Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
146
,
"capture"
:{
"kernel_packets"
:
73
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
73
,
"bytes"
:
7627
,
"invalid"
:
0
,
"ipv4"
:
66
,
"ipv6"
:
2
,
"ethernet"
:
73
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
45
,
"udp"
:
22
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
104
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
7
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
7
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:31.253059Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
154
,
"capture"
:{
"kernel_packets"
:
75
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
75
,
"bytes"
:
7985
,
"invalid"
:
0
,
"ipv4"
:
68
,
"ipv6"
:
2
,
"ethernet"
:
75
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
45
,
"udp"
:
24
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
106
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
8
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755584
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
8
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:39.268492Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
162
,
"capture"
:{
"kernel_packets"
:
80
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
80
,
"bytes"
:
8776
,
"invalid"
:
0
,
"ipv4"
:
73
,
"ipv6"
:
2
,
"ethernet"
:
80
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
45
,
"udp"
:
29
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
109
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
8
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755584
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
8
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:47.284416Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
170
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
9
,
"udp"
:
9
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755840
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
0
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
98304
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:35:53.420244Pacific Daylight Time"
,
"flow_id"
:
1181453440870804
,
"in_iface"
:
"
\\
Device
\\
NPF_{16A8E7C7-29BE-4F91-8834-9C018CA5CC3E}"
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49391
,
"dest_ip"
:
"192.168.100.1"
,
"dest_port"
:
53
,
"proto"
:
"UDP"
,
"dns"
:{
"type"
:
"query"
,
"id"
:
64807
,
"rrname"
:
"v10.vortex-win.data.microsoft.com"
,
"rrtype"
:
"A"
,
"tx_id"
:
0
}}
{
"timestamp"
:
"2019-06-11T13:35:53.438499Pacific Daylight Time"
,
"flow_id"
:
1181453440870804
,
"in_iface"
:
"
\\
Device
\\
NPF_{16A8E7C7-29BE-4F91-8834-9C018CA5CC3E}"
,
"event_type"
:
"dns"
,
"src_ip"
:
"192.168.100.1"
,
"src_port"
:
53
,
"dest_ip"
:
"10.0.2.15"
,
"dest_port"
:
49391
,
"proto"
:
"UDP"
,
"dns"
:{
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
64807
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"rcode"
:
"NOERROR"
,
"rrname"
:
"v10.vortex-win.data.microsoft.com"
,
"rrtype"
:
"A"
,
"answers"
:[{
"rrname"
:
"v10.vortex-win.data.microsoft.com"
,
"rrtype"
:
"CNAME"
,
"ttl"
:
1500
,
"rdata"
:
"v10-win.vortex.data.microsoft.com.akadns.net"
},{
"rrname"
:
"v10-win.vortex.data.microsoft.com.akadns.net"
,
"rrtype"
:
"CNAME"
,
"ttl"
:
84
,
"rdata"
:
"geo.vortex.data.microsoft.com.akadns.net"
},{
"rrname"
:
"geo.vortex.data.microsoft.com.akadns.net"
,
"rrtype"
:
"CNAME"
,
"ttl"
:
53
,
"rdata"
:
"hk2.vortex.data.microsoft.com.akadns.net"
},{
"rrname"
:
"hk2.vortex.data.microsoft.com.akadns.net"
,
"rrtype"
:
"A"
,
"ttl"
:
53
,
"rdata"
:
"111.221.29.254"
}],
"grouped"
:{
"A"
:[
"111.221.29.254"
],
"CNAME"
:[
"v10-win.vortex.data.microsoft.com.akadns.net"
,
"geo.vortex.data.microsoft.com.akadns.net"
,
"hk2.vortex.data.microsoft.com.akadns.net"
]}}}
{
"timestamp"
:
"2019-06-11T13:35:53.589388Pacific Daylight Time"
,
"flow_id"
:
64957364950217
,
"in_iface"
:
"
\\
Device
\\
NPF_{16A8E7C7-29BE-4F91-8834-9C018CA5CC3E}"
,
"event_type"
:
"tls"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49737
,
"dest_ip"
:
"111.221.29.254"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"tls"
:{
"subject"
:
"C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.vortex-win.data.microsoft.com"
,
"issuerdn"
:
"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011"
,
"serial"
:
"33:00:00:01:3F:C5:5E:FC:61:54:A9:1B:3A:00:00:00:00:01:3F"
,
"fingerprint"
:
""
,
"sni"
:
"v10.vortex-win.data.microsoft.com"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2019-01-09T23:29:16"
,
"notafter"
:
"2020-04-09T23:29:16"
,
"ja3"
:{}}}
{
"timestamp"
:
"2019-06-11T13:35:55.318616Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
178
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
2
,
"flows_notimeout"
:
2
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65534
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:03.330467Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
186
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6756352
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
12
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:06.006080Pacific Daylight Time"
,
"flow_id"
:
558569363134421
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49671
,
"dest_ip"
:
"52.139.250.253"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
2
,
"bytes_toserver"
:
181
,
"bytes_toclient"
:
239
,
"start"
:
"2019-06-11T13:35:04.841685Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:04.924194Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:36:09.002668Pacific Daylight Time"
,
"flow_id"
:
880790695822986
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
55235
,
"dest_ip"
:
"239.255.255.250"
,
"dest_port"
:
1900
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
1074
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:35:23.640650Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:38.721676Pacific Daylight Time"
,
"age"
:
15
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:36:11.033377Pacific Daylight Time"
,
"flow_id"
:
1352006591348030
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
138
,
"dest_ip"
:
"10.0.2.255"
,
"dest_port"
:
138
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
0
,
"bytes_toserver"
:
243
,
"bytes_toclient"
:
0
,
"start"
:
"2019-06-11T13:35:40.949566Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:40.949566Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:36:11.367415Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
194
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755840
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
14
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65534
,
"rows_empty"
:
1
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:15.022822Pacific Daylight Time"
,
"flow_id"
:
401669905616119
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49675
,
"dest_ip"
:
"52.139.250.253"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
6
,
"bytes_toserver"
:
543
,
"bytes_toclient"
:
717
,
"start"
:
"2019-06-11T13:33:14.429303Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:14.580731Pacific Daylight Time"
,
"age"
:
120
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:36:19.392530Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
202
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
16
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:27.416291Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
210
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
16
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:35.184914Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
218
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
16
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:42.439852Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
225
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755328
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
16
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:43.004592Pacific Daylight Time"
,
"flow_id"
:
2160925018138030
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49693
,
"dest_ip"
:
"40.90.189.152"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
8
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
604
,
"bytes_toclient"
:
956
,
"start"
:
"2019-06-11T13:33:27.239022Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:42.393339Pacific Daylight Time"
,
"age"
:
135
,
"state"
:
"new"
,
"reason"
:
"timeout"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2019-06-11T13:36:50.367495Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
233
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:36:58.949724Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
241
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:08.171166Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
251
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:17.469591Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
260
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:26.061122Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
269
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:33.848224Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
276
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:40.988793Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
283
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:47.591540Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
290
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:37:54.107205Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
297
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:01.102667Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
304
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:08.797582Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
311
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:17.078005Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
320
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:25.973229Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
328
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:35.570240Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
338
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:45.618496Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
348
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:38:54.741068Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
357
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:03.111169Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
366
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:10.866671Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
373
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:18.141282Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
381
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:24.758432Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
387
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:30.812192Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
393
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:37.333504Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
400
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:44.325062Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
407
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:51.859700Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
414
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:39:59.984313Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
422
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:08.759878Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
431
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:18.324188Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
441
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:28.562637Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
451
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6755072
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:37.164059Pacific Daylight Time"
,
"flow_id"
:
114620061761236
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
52835
,
"dest_ip"
:
"40.81.120.44"
,
"dest_port"
:
3544
,
"proto"
:
"UDP"
,
"app_proto"
:
"failed"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
6
,
"bytes_toserver"
:
618
,
"bytes_toclient"
:
906
,
"start"
:
"2019-06-11T13:33:20.442068Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:36.007237Pacific Daylight Time"
,
"age"
:
136
,
"state"
:
"established"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:40:38.771836Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
461
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754816
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:48.208381Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
471
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754816
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
1
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
88
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:40:54.068207Pacific Daylight Time"
,
"flow_id"
:
1181453440870804
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49391
,
"dest_ip"
:
"192.168.100.1"
,
"dest_port"
:
53
,
"proto"
:
"UDP"
,
"app_proto"
:
"dns"
,
"flow"
:{
"pkts_toserver"
:
1
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
93
,
"bytes_toclient"
:
203
,
"start"
:
"2019-06-11T13:35:53.420244Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:53.438499Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"established"
,
"reason"
:
"timeout"
,
"alerted"
:
false
}}
{
"timestamp"
:
"2019-06-11T13:40:56.789515Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
479
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10001
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
1
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
1
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:04.630668Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
487
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:11.888830Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
494
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:18.682623Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
501
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:24.970299Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
507
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:30.671155Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
513
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:36.791643Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
519
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:43.634269Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
526
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:50.972353Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
533
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:41:58.609371Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
541
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:06.976042Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
549
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:16.006017Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
559
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:25.737629Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
568
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:36.169150Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
579
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:46.924533Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
589
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:42:56.803077Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
599
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:43:05.753605Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
608
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:43:14.036938Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
617
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:43:21.689735Pacific Daylight Time"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
624
,
"capture"
:{
"kernel_packets"
:
86
,
"kernel_drops"
:
0
,
"kernel_ifdrops"
:
0
},
"decoder"
:{
"pkts"
:
86
,
"bytes"
:
9588
,
"invalid"
:
0
,
"ipv4"
:
79
,
"ipv6"
:
2
,
"ethernet"
:
86
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
49
,
"udp"
:
31
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
1
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
111
,
"max_pkt_size"
:
258
,
"erspan"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
}},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"tcp"
:
10
,
"udp"
:
10
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6754560
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
2
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
3
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"insert_list_fail"
:
0
,
"memuse"
:
573440
,
"reassembly_memuse"
:
104448
},
"detect"
:{
"engines"
:[{
"id"
:
0
,
"last_reload"
:
"2019-06-11T13:32:57.949662Pacific Daylight Time"
,
"rules_loaded"
:
291
,
"rules_failed"
:
0
}],
"alert"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
1
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
,
"failed_udp"
:
9
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"ftp-data"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
1
},
"expectations"
:
0
},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
17
,
"est_pruned"
:
2
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65536
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
0
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
{
"timestamp"
:
"2019-06-11T13:43:27.202049Pacific Daylight Time"
,
"flow_id"
:
64957364950217
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.0.2.15"
,
"src_port"
:
49737
,
"dest_ip"
:
"111.221.29.254"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
10
,
"bytes_toserver"
:
2762
,
"bytes_toclient"
:
4631
,
"start"
:
"2019-06-11T13:35:53.447689Pacific Daylight Time"
,
"end"
:
"2019-06-11T13:35:53.892464Pacific Daylight Time"
,
"age"
:
0
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
« Previous
1
…
6
7
8
Next »
(8-8/8)
Loading...