+================ TIME: 03/01/2019-01:13:39.800519 PCAP PKT NUM: 59 PKT SRC: wire/pcap SRC IP: 172.28.128.9 DST IP: 172.28.128.10 PROTO: 6 SRC PORT: 8080 DST PORT: 50666 TCP SEQ: 3373388884 TCP ACK: 1197728138 FLOW: to_server: FALSE, to_client: TRUE FLOW Start TS: 03/01/2019-01:13:36.705786 FLOW PKTS TODST: 5 FLOW PKTS TOSRC: 5 FLOW Total Bytes: 832 FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE FLOW ACTION: DROP: FALSE FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE FLOW APP_LAYER: DETECTED: FALSE, PROTO 0 PACKET LEN: 69 PACKET: 0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E. 0010 00 37 C8 09 40 00 40 06 1A 6B AC 1C 80 09 AC 1C .7..@.@. .k...... 0020 80 0A 1F 90 C5 EA C9 11 D4 54 47 63 E1 8A 80 18 ........ .TGc.... 0030 00 E3 E4 B5 00 00 01 01 08 0A 00 CC 1F 58 00 CB ........ .....X.. 0040 F5 9A 6C 73 0A ..ls. ALERT CNT: 1 ALERT MSG [00]: EXAMPLE No App Layer Protocol Check ls ALERT GID [00]: 1 ALERT SID [00]: 6 ALERT REV [00]: 1 ALERT CLASS [00]: Misc activity ALERT PRIO [00]: 3 ALERT FOUND IN [00]: PACKET ALERT IN TX [00]: N/A PAYLOAD LEN: 3 PAYLOAD: 0000 6C 73 0A ls. +================ TIME: 03/01/2019-01:13:40.657199 PCAP PKT NUM: 71 PKT SRC: wire/pcap SRC IP: 172.28.128.9 DST IP: 172.28.128.10 PROTO: 6 SRC PORT: 8080 DST PORT: 50666 TCP SEQ: 3373388887 TCP ACK: 1197728219 FLOW: to_server: FALSE, to_client: TRUE FLOW Start TS: 03/01/2019-01:13:36.705786 FLOW PKTS TODST: 11 FLOW PKTS TOSRC: 11 FLOW Total Bytes: 1709 FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE FLOW ACTION: DROP: FALSE FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE FLOW APP_LAYER: DETECTED: FALSE, PROTO 0 PACKET LEN: 70 PACKET: 0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E. 0010 00 38 C8 0F 40 00 40 06 1A 64 AC 1C 80 09 AC 1C .8..@.@. .d...... 0020 80 0A 1F 90 C5 EA C9 11 D4 57 47 63 E1 DB 80 18 ........ .WGc.... 0030 00 E3 82 77 00 00 01 01 08 0A 00 CC 20 2E 00 CB ...w.... .... ... 0040 F8 9F 70 77 64 0A ..pwd. ALERT CNT: 1 ALERT MSG [00]: EXAMPLE No App Layer Protocol Check pwd ALERT GID [00]: 1 ALERT SID [00]: 4 ALERT REV [00]: 1 ALERT CLASS [00]: Misc activity ALERT PRIO [00]: 3 ALERT FOUND IN [00]: PACKET ALERT IN TX [00]: N/A PAYLOAD LEN: 4 PAYLOAD: 0000 70 77 64 0A pwd. +================ TIME: 03/01/2019-01:13:46.657290 PCAP PKT NUM: 82 PKT SRC: wire/pcap SRC IP: 172.28.128.9 DST IP: 172.28.128.10 PROTO: 6 SRC PORT: 8080 DST PORT: 50666 TCP SEQ: 3373388891 TCP ACK: 1197728275 FLOW: to_server: FALSE, to_client: TRUE FLOW Start TS: 03/01/2019-01:13:36.705786 FLOW PKTS TODST: 14 FLOW PKTS TOSRC: 15 FLOW Total Bytes: 2234 FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE FLOW ACTION: DROP: FALSE FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE FLOW APP_LAYER: DETECTED: FALSE, PROTO 0 PACKET LEN: 73 PACKET: 0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E. 0010 00 3B C8 13 40 00 40 06 1A 5D AC 1C 80 09 AC 1C .;..@.@. .]...... 0020 80 0A 1F 90 C5 EA C9 11 D4 5B 47 63 E2 13 80 18 ........ .[Gc.... 0030 00 E3 F1 D4 00 00 01 01 08 0A 00 CC 26 0A 00 CB ........ ....&... 0040 F9 75 77 68 6F 61 6D 69 0A .uwhoami . ALERT CNT: 1 ALERT MSG [00]: EXAMPLE No App Layer Protocol Check whoami ALERT GID [00]: 1 ALERT SID [00]: 5 ALERT REV [00]: 1 ALERT CLASS [00]: Misc activity ALERT PRIO [00]: 3 ALERT FOUND IN [00]: PACKET ALERT IN TX [00]: N/A PAYLOAD LEN: 7 PAYLOAD: 0000 77 68 6F 61 6D 69 0A whoami.