[Snort-openappid] Snort IPS with openappid not able to block webpages

Navneet Singh navneet.singh2012 at ...8...
Thu Oct 29 10:26:08 EDT 2015


Thanks YM for your response
Sorry my fault its snort everywhere and no squid. I just switched from a
project on squid to snort, that's why :)

I have one doubt : Is pulledpork necessary to work snort in IPS mode?
If yes, i am just configuring it but having problem in deciding right
configuration for dropsid.conf & modifysid.conf. Please help

On Thu, Oct 29, 2015 at 7:38 PM, Y M <snort at ...46...> wrote:

> The text you are referring to is irrelevant. This was brought up a while
> back. If you look one line ahead of it, you will see that it is running in
> "inline operation" mode.
>
> I will take a look at the conf as soon as I can.
>
> I am not sure how/why you mentioned squid :)
>
> Sent from Mobile
>
> _____________________________
> From: Navneet Singh <navneet.singh2012 at ...8...>
> Sent: Thursday, October 29, 2015 5:03 PM
> Subject: Re: [Snort-openappid] Snort IPS with openappid not able to block
> webpages
> To: Y M <snort at ...46...>
> Cc: <snort-openappid at lists.sourceforge.net>, <
> snort-sigs at lists.sourceforge.net>, <snort-users at lists.sourceforge.net>
>
>
> I think i got what is the error but unable to solve it. I already pasted
> all logs in first mail. In the snort logs you can see
>
> *Snort logs:*
>> navneet at ...103...:~$ sudo snort -d -A console -u snort -g snort -c
>> /etc/snort/snort.conf -i eth0:wlan0 -Q
>> Enabling inline operation
>> Running in IDS mode
>
>
> *It is running in IDS mode even after enabling inline operations*
>
> I also pasted conf file there. I think it is now much simple for all of
> you now. I am new in squid and following documentation to install snort.
> Also giving link for those documentation
>
> https://www.snort.org/documents/snort-ips-tutorial
> https://www.snort.org/documents/snort-ips-using-daq-afpacket
>
> Waiting for help
>
> --
> Regards
> Navneet
>
>
>
> On Thu, Oct 29, 2015 at 12:51 PM, Navneet Singh <
> navneet.singh2012 at ...8...> wrote:
>
>> Hi Costas/Y M
>>
>> Thanks for your quick response.
>>
>> Costas I tried to run snort with -k option, but it was not working so I
>> think it is not related to checksum error.
>> Y M I added snort.conf in previous mail. I think i have configured daq
>> and afpacket as inline, and normalization support too. Also when I pasted
>> the logs here I was trying with a long appid rule, i tried with a single
>> filter for appid too, but was getting same result as i told in previous
>> mail
>>
>> --
>> Regards
>> Navneet
>>
>> On Wed, Oct 28, 2015 at 11:11 PM, Y M <snort at ...46...> wrote:
>>
>>> What are your Snort policy mode and afpacket daq configurations? Try
>>> settings these to support inline operations. Is normalization also
>>> configured?
>>>
>>> You also have a warning about exceeding the max. number of allowed
>>> appid's per rule. While this may be unrelated, it may be something to watch
>>> for.
>>>
>>> Sent from Mobile
>>>
>>>
>>>
>>>
>>> On Wed, Oct 28, 2015 at 7:19 AM -0700, "Navneet Singh" <
>>> navneet.singh2012 at ...8...> wrote:
>>>
>>> Hi All,
>>>
>>> I am testing snort 2.9.7.6 with openappid on ubuntu 14.04 amd64 system
>>> as IPS using daq afpacket inline mode. But when i add rule for dropping
>>> packets as per appid filter, some filters do block webpages such as https
>>> appid filter blocks all https, some don't block like nbc appid filter and
>>> some just block for sometime till i refresh the webpage.
>>>
>>> Here i tested with linkedin site, the log shows drop but i was able to
>>> browse it.
>>>
>>> Here are following logs:
>>> *Snort version:*
>>> navneet at ...103...:~/snort_src/snort-2.9.7.6$ snort -V
>>>
>>>    ,,_     -*> Snort! <*-
>>>   o"  )~   Version 2.9.7.6 GRE (Build 285)
>>>    ''''    By Martin Roesch & The Snort Team:
>>> http://www.snort.org/contact#team
>>>            Copyright (C) 2014-2015 Cisco and/or its affiliates. All
>>> rights reserved.
>>>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>>            Using libpcap version 1.5.3
>>>            Using PCRE version: 8.31 2012-07-06
>>>            Using ZLIB version: 1.2.8
>>>
>>> navneet at ...103...:~$ snort --daq-list
>>> Available DAQ modules:
>>> pcap(v3): readback live multi unpriv
>>> ipfw(v3): live inline multi unpriv
>>> dump(v3): readback live inline multi unpriv
>>> afpacket(v5): live inline multi unpriv
>>>
>>>
>>> *Rule in use:*
>>> navneet at ...103...:~/snort_src/snort-2.9.7.6$ cat
>>> /etc/snort/rules/local.rules
>>> drop tcp any any -> any any (msg:"No access"; appid: linkedin
>>> linkedin_jobs linked_profile linked_inbox linkedin_upload linkedin_contac;
>>> sid:1000006; rev:004;)
>>>
>>>
>>> *Snort logs:*
>>>
>>> navneet at ...103...:~$ sudo snort -d -A console -u snort -g snort -c
>>> /etc/snort/snort.conf -i eth0:wlan0 -Q
>>> Enabling inline operation
>>> Running in IDS mode
>>>
>>>         --== Initializing Snort ==--
>>> Initializing Output Plugins!
>>> Initializing Preprocessors!
>>> Initializing Plug-ins!
>>> Parsing Rules file "/etc/snort/snort.conf"
>>> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 383 591 593 901 1220 1414
>>> 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001
>>> 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123
>>> 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443
>>> 9999 <9091%209443%209999> 11371 34443:34444 41080 50002 55555 ]
>>> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
>>> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
>>> PortVar 'SSH_PORTS' defined :  [ 22 ]
>>> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
>>> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
>>> PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 383 591 593
>>> 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250
>>> 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088
>>> 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091
>>> 9443 9999 <9091%209443%209999> 11371 34443:34444 41080 50002 55555 ]
>>> PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
>>> Detection:
>>>    Search-Method = AC-Full-Q
>>>     Split Any/Any group = enabled
>>>     Search-Method-Optimizations = enabled
>>>     Maximum pattern length = 20
>>> Tagged Packet Limit: 256
>>> Loading dynamic engine
>>> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
>>> Loading all dynamic preprocessor libs from
>>> /usr/local/lib/snort_dynamicpreprocessor/...
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
>>> done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
>>> done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_appid_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>>>   Finished Loading all dynamic preprocessor libs from
>>> /usr/local/lib/snort_dynamicpreprocessor/
>>> Log directory = /var/log/snort
>>> Normalizer config:
>>>          ip4: on
>>>      ip4::df: off
>>>      ip4::rf: off
>>>     ip4::tos: off
>>>    ip4::trim: off
>>>     ip4::ttl: on (min=1, new=5)
>>> Normalizer config:
>>>          tcp: on
>>>     tcp::ecn: stream
>>>   tcp::block: off
>>>     tcp::rsv: off
>>>     tcp::pad: off
>>> tcp::req_urg: off
>>> tcp::req_pay: off
>>> tcp::req_urp: off
>>>     tcp::urp: off
>>>     tcp::opt: off
>>>     tcp::ips: on
>>> tcp::trim_syn: off
>>> tcp::trim_rst: off
>>> tcp::trim_win: off
>>> tcp::trim_mss: off
>>> Normalizer config:
>>>        icmp4: on
>>> Normalizer config:
>>>          ip6: on
>>>    ip6::hops: on (min=1, new=5)
>>> Normalizer config:
>>>        icmp6: on
>>> Frag3 global config:
>>>     Max frags: 65536
>>>     Fragment memory cap: 4194304 bytes
>>> Frag3 engine config:
>>>     Bound Address: default
>>>     Target-based policy: WINDOWS
>>>     Fragment timeout: 180 seconds
>>>     Fragment min_ttl:   1
>>>     Fragment Anomalies: Alert
>>>     Overlap Limit:     10
>>>     Min fragment Length:     100
>>>       Max Expected Streams: 768
>>> Stream global config:
>>>     Track TCP sessions: ACTIVE
>>>     Max TCP sessions: 262144
>>>     TCP cache pruning timeout: 30 seconds
>>>     TCP cache nominal timeout: 3600 seconds
>>>     Memcap (for reassembly packet storage): 8388608
>>>     Track UDP sessions: ACTIVE
>>>     Max UDP sessions: 131072
>>>     UDP cache pruning timeout: 30 seconds
>>>     UDP cache nominal timeout: 180 seconds
>>>     Track ICMP sessions: INACTIVE
>>>     Track IP sessions: INACTIVE
>>>     Log info if session memory consumption exceeds 1048576
>>>     Send up to 2 active responses
>>>     Wait at least 5 seconds between responses
>>>     Protocol Aware Flushing: ACTIVE
>>>         Maximum Flush Point: 16000
>>> Stream TCP Policy config:
>>>     Bound Address: default
>>>     Reassembly Policy: WINDOWS
>>>     Timeout: 180 seconds
>>>     Limit on TCP Overlaps: 10
>>>     Maximum number of bytes to queue per session: 1048576
>>>     Maximum number of segs to queue per session: 2621
>>>     Options:
>>>         Require 3-Way Handshake: YES
>>>         3-Way Handshake Timeout: 180
>>>         Detect Anomalies: YES
>>>     Reassembly Ports:
>>>       21 client (Footprint-IPS)
>>>       22 client (Footprint-IPS)
>>>       23 client (Footprint-IPS)
>>>       25 client (Footprint-IPS)
>>>       42 client (Footprint-IPS)
>>>       53 client (Footprint-IPS)
>>>       79 client (Footprint-IPS)
>>>       80 client (Footprint-IPS) server (Footprint-IPS)
>>>       81 client (Footprint-IPS) server (Footprint-IPS)
>>>       109 client (Footprint-IPS)
>>>       110 client (Footprint-IPS)
>>>       111 client (Footprint-IPS)
>>>       113 client (Footprint-IPS)
>>>       119 client (Footprint-IPS)
>>>       135 client (Footprint-IPS)
>>>       136 client (Footprint-IPS)
>>>       137 client (Footprint-IPS)
>>>       139 client (Footprint-IPS)
>>>       143 client (Footprint-IPS)
>>>       161 client (Footprint-IPS)
>>>       additional ports configured but not printed.
>>> Stream UDP Policy config:
>>>     Timeout: 180 seconds
>>> HttpInspect Config:
>>>     GLOBAL CONFIG
>>>       Detect Proxy Usage:       NO
>>>       IIS Unicode Map Filename: /etc/snort/unicode.map
>>>       IIS Unicode Map Codepage: 1252
>>>       Memcap used for logging URI and Hostname: 150994944
>>>       Max Gzip Memory: 104857600
>>>       Max Gzip Sessions: 225986
>>>       Gzip Compress Depth: 65535
>>>       Gzip Decompress Depth: 65535
>>>     DEFAULT SERVER CONFIG:
>>>       Server profile: All
>>>       Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301
>>> 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777
>>> 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280
>>> 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080
>>> 50002 55555
>>>       Server Flow Depth: 0
>>>       Client Flow Depth: 0
>>>       Max Chunk Length: 500000
>>>       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
>>>       Max Header Field Length: 750
>>>       Max Number Header Fields: 100
>>>       Max Number of WhiteSpaces allowed with header folding: 200
>>>       Inspect Pipeline Requests: YES
>>>       URI Discovery Strict Mode: NO
>>>       Allow Proxy Usage: NO
>>>       Disable Alerting: NO
>>>       Oversize Dir Length: 500
>>>       Only inspect URI: NO
>>>       Normalize HTTP Headers: NO
>>>       Inspect HTTP Cookies: YES
>>>       Inspect HTTP Responses: YES
>>>       Extract Gzip from responses: YES
>>>       Decompress response files:
>>>       Unlimited decompression of gzip data from responses: YES
>>>       Normalize Javascripts in HTTP Responses: YES
>>>       Max Number of WhiteSpaces allowed with Javascript Obfuscation in
>>> HTTP responses: 200
>>>       Normalize HTTP Cookies: NO
>>>       Enable XFF and True Client IP: NO
>>>       Log HTTP URI data: NO
>>>       Log HTTP Hostname data: NO
>>>       Extended ASCII code support in URI: NO
>>>       Ascii: YES alert: NO
>>>       Double Decoding: YES alert: NO
>>>       %U Encoding: YES alert: YES
>>>       Bare Byte: YES alert: NO
>>>       UTF 8: YES alert: NO
>>>       IIS Unicode: YES alert: NO
>>>       Multiple Slash: YES alert: NO
>>>       IIS Backslash: YES alert: NO
>>>       Directory Traversal: YES alert: NO
>>>       Web Root Traversal: YES alert: NO
>>>       Apache WhiteSpace: YES alert: NO
>>>       IIS Delimiter: YES alert: NO
>>>       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
>>>       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06
>>> 0x07
>>>       Whitespace Characters: 0x09 0x0b 0x0c 0x0d
>>> rpc_decode arguments:
>>>     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776
>>> 32777 32778 32779
>>>     alert_fragments: INACTIVE
>>>     alert_large_fragments: INACTIVE
>>>     alert_incomplete: INACTIVE
>>>     alert_multiple_requests: INACTIVE
>>> FTPTelnet Config:
>>>     GLOBAL CONFIG
>>>       Inspection Type: stateful
>>>       Check for Encrypted Traffic: YES alert: NO
>>>       Continue to check encrypted data: YES
>>>     TELNET CONFIG:
>>>       Ports: 23
>>>       Are You There Threshold: 20
>>>       Normalize: YES
>>>       Detect Anomalies: YES
>>>     FTP CONFIG:
>>>       FTP Server: default
>>>         Ports (PAF): 21 2100 3535
>>>         Check for Telnet Cmds: YES alert: YES
>>>         Ignore Telnet Cmd Operations: YES alert: YES
>>>         Ignore open data channels: NO
>>>       FTP Client: default
>>>         Check for Bounce Attacks: YES alert: YES
>>>         Check for Telnet Cmds: YES alert: YES
>>>         Ignore Telnet Cmd Operations: YES alert: YES
>>>         Max Response Length: 256
>>> SMTP Config:
>>>     Ports: 25 465 587 691
>>>     Inspection Type: Stateful
>>>     Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN
>>> EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND
>>> STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR
>>> XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT
>>> X-DRCP X-ERCP X-EXCH50
>>>     Ignore Data: No
>>>     Ignore TLS Data: No
>>>     Ignore SMTP Alerts: No
>>>     Max Command Line Length: 512
>>>     Max Specific Command Line Length:
>>>        ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
>>>        EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
>>>        ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
>>>        IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
>>>        QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
>>>        SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
>>>        TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
>>>        XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
>>>        XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
>>>        XUSR:246
>>>     Max Header Line Length: 1000
>>>     Max Response Line Length: 512
>>>     X-Link2State Alert: Yes
>>>     Drop on X-Link2State Alert: No
>>>     Alert on commands: None
>>>     Alert on unknown commands: No
>>>     SMTP Memcap: 838860
>>>     MIME Max Mem: 838860
>>>     Base64 Decoding: Enabled
>>>     Base64 Decoding Depth: Unlimited
>>>     Quoted-Printable Decoding: Enabled
>>>     Quoted-Printable Decoding Depth: Unlimited
>>>     Unix-to-Unix Decoding: Enabled
>>>     Unix-to-Unix Decoding Depth: Unlimited
>>>     Non-Encoded MIME attachment Extraction: Enabled
>>>     Non-Encoded MIME attachment Extraction Depth: Unlimited
>>>     Log Attachment filename: Enabled
>>>     Log MAIL FROM Address: Enabled
>>>     Log RCPT TO Addresses: Enabled
>>>     Log Email Headers: Enabled
>>>     Email Hdrs Log Depth: 1464
>>> SSH config:
>>>     Autodetection: ENABLED
>>>     Challenge-Response Overflow Alert: ENABLED
>>>     SSH1 CRC32 Alert: ENABLED
>>>     Server Version String Overflow Alert: ENABLED
>>>     Protocol Mismatch Alert: ENABLED
>>>     Bad Message Direction Alert: DISABLED
>>>     Bad Payload Size Alert: DISABLED
>>>     Unrecognized Version Alert: DISABLED
>>>     Max Encrypted Packets: 20
>>>     Max Server Version String Length: 100
>>>     MaxClientBytes: 19600 (Default)
>>>     Ports:
>>> 22
>>> DCE/RPC 2 Preprocessor Configuration
>>>   Global Configuration
>>>     DCE/RPC Defragmentation: Enabled
>>>     Memcap: 102400 KB
>>>     Events: co
>>>     SMB Fingerprint policy: Disabled
>>>   Server Default Configuration
>>>     Policy: WinXP
>>>     Detect ports (PAF)
>>>       SMB: 139 445
>>>       TCP: 135
>>>       UDP: 135
>>>       RPC over HTTP server: 593
>>>       RPC over HTTP proxy: None
>>>     Autodetect ports (PAF)
>>>       SMB: None
>>>       TCP: 1025-65535
>>>       UDP: 1025-65535
>>>       RPC over HTTP server: 1025-65535
>>>       RPC over HTTP proxy: None
>>>     Invalid SMB shares: C$ D$ ADMIN$
>>>     Maximum SMB command chaining: 3 commands
>>>     SMB file inspection: Disabled
>>> DNS config:
>>>     DNS Client rdata txt Overflow Alert: ACTIVE
>>>     Obsolete DNS RR Types Alert: INACTIVE
>>>     Experimental DNS RR Types Alert: INACTIVE
>>>     Ports: 53
>>> SSLPP config:
>>>     Encrypted packets: not inspected
>>>     Ports:
>>>       443      465      563      636      989
>>>       992      993      994      995     7801
>>>      7802     7900     7901     7902     7903
>>>      7904     7905     7906     7907     7908
>>>      7909     7910     7911     7912     7913
>>>      7914     7915     7916     7917     7918
>>>      7919     7920
>>>     Server side data is trusted
>>>     Maximum SSL Heartbeat length: 0
>>> Sensitive Data preprocessor config:
>>>     Global Alert Threshold: 25
>>>     Masked Output: DISABLED
>>> SIP config:
>>>     Max number of sessions: 40000
>>>     Max number of dialogs in a session: 4 (Default)
>>>     Status: ENABLED
>>>     Ignore media channel: DISABLED
>>>     Max URI length: 512
>>>     Max Call ID length: 80
>>>     Max Request name length: 20 (Default)
>>>     Max From length: 256 (Default)
>>>     Max To length: 256 (Default)
>>>     Max Via length: 1024 (Default)
>>>     Max Contact length: 512
>>>     Max Content length: 2048
>>>     Ports:
>>> 5060 5061 5600
>>>     Methods:
>>>  invite cancel ack bye register options refer subscribe update join info
>>> message notify benotify do qauth sprack publish service unsubscribe prack
>>> IMAP Config:
>>>     Ports: 143
>>>     IMAP Memcap: 838860
>>>     MIME Max Mem: 838860
>>>     Base64 Decoding: Enabled
>>>     Base64 Decoding Depth: Unlimited
>>>     Quoted-Printable Decoding: Enabled
>>>     Quoted-Printable Decoding Depth: Unlimited
>>>     Unix-to-Unix Decoding: Enabled
>>>     Unix-to-Unix Decoding Depth: Unlimited
>>>     Non-Encoded MIME attachment Extraction: Enabled
>>>     Non-Encoded MIME attachment Extraction Depth: Unlimited
>>> POP Config:
>>>     Ports: 110
>>>     POP Memcap: 838860
>>>     MIME Max Mem: 838860
>>>     Base64 Decoding: Enabled
>>>     Base64 Decoding Depth: Unlimited
>>>     Quoted-Printable Decoding: Enabled
>>>     Quoted-Printable Decoding Depth: Unlimited
>>>     Unix-to-Unix Decoding: Enabled
>>>     Unix-to-Unix Decoding Depth: Unlimited
>>>     Non-Encoded MIME attachment Extraction: Enabled
>>>     Non-Encoded MIME attachment Extraction Depth: Unlimited
>>> Modbus config:
>>>     Ports:
>>> 502
>>> DNP3 config:
>>>     Memcap: 262144
>>>     Check Link-Layer CRCs: ENABLED
>>>     Ports:
>>> 20000
>>> Reputation config:
>>> WARNING: Can't find any whitelist/blacklist entries. Reputation
>>> Preprocessor disabled.
>>> AppId Configuration
>>>     Detector Path:          /etc/snort/rules
>>>     appStats Files:         appstats-u2.log
>>>     appStats Period:        60 secs
>>>     appStats Rollover Size: 20971520 bytes
>>>     appStats Rollover time: 86400 secs
>>>
>>>     AppInfo read from /etc/snort/rules/odp/appMapping.data
>>> Loading configuration file /etc/snort/rules/odp/appid.conf
>>> AppId: adding appIds to list of referred web apps: 2032 1520 1306 1307
>>> 1308 1310 1311 1312 1313 1314 1315 1316 137 1318 1319 1336 1337 1362
>>> 1372 1373 1424 1425 1457 1491 1619 1656 1659 1720 1721 1722 1723 1724 1725
>>> 1726 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742
>>> 1743 1744 1745 1746 1747 1748 1750 1751 1752 1776 1778 1804 1850 1851 1852
>>> 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867
>>> 1869 1873 1874 1875 1876 1877 1878 1879 1881 1882 1883 1884 1885 1886 1888
>>> 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1903 1904 1905
>>> 1906 1907 1908 1909 1910 1912 1913 1919 1920 1921 1923 1924 1925 1926 1928
>>> 1929 1930 1931 1933 1934 1935 1936 1937 1938 1940 1941 1942 1943 1944 1945
>>> 1946 1947 1948 1949 1950 1951 1953 1955 1956 1957 1958 1959 1960
>>> AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966
>>> 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985 1986
>>> 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021 2129
>>> 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158 2159
>>> 2162 2019 2072 1508 1063 2261 2664 2690 3873 3867
>>> Could not read configuration file /etc/snort/rules/custom/userappid.conf
>>> LuaJIT: Version LuaJIT 2.0.2
>>>     Setting tracker size to 207
>>> AppInfo: AppId 151 is UNKNOWN
>>> AppInfo: AppId 3861 is UNKNOWN
>>> AppInfo: AppId 3970 is UNKNOWN
>>> AppInfo: AppId 939 is UNKNOWN
>>> AppInfo: AppId 939 is UNKNOWN
>>> AppInfo: AppId 1697 is UNKNOWN
>>> AppInfo: AppId 3971 is UNKNOWN
>>> AppInfo: AppId 3971 is UNKNOWN
>>>     TCP Port-Only Services
>>>             1 - 466
>>>             2 - 3208
>>>             3 - 97
>>>             5 - 397
>>>             7 - 954
>>>             9 - 614
>>>            11 - 463
>>>            13 - 955
>>>            17 - 385
>>>            19 - 586
>>>            27 - 3263
>>>            29 - 3231
>>>            31 - 305
>>>            33 - 128
>>>            37 - 470
>>>            38 - 388
>>>            39 - 399
>>>            41 - 3137
>>>            42 - 505
>>>            43 - 953
>>>            44 - 3229
>>>            45 - 300
>>>            47 - 332
>>>            48 - 41
>>>            50 - 3317
>>>            51 - 3167
>>>            52 - 519
>>>            54 - 517
>>>            55 - 244
>>>            56 - 516
>>>            58 - 518
>>>            61 - 333
>>>            62 - 5
>>>            64 - 3059
>>>            66 - 355
>>>            70 - 667
>>>            71 - 391
>>>            76 - 115
>>>            78 - 492
>>>            79 - 637
>>>            82 - 514
>>>            83 - 3224
>>>            84 - 3058
>>>            85 - 293
>>>            86 - 290
>>>            89 - 451
>>>            90 - 123
>>>            91 - 294
>>>            92 - 337
>>>            93 - 111
>>>            95 - 453
>>>            96 - 120
>>>            97 - 3384
>>>            98 - 715
>>>            99 - 289
>>>           101 - 671
>>>           102 - 3186
>>>           104 - 7
>>>           105 - 3075
>>>           106 - 2
>>>           107 - 392
>>>           108 - 438
>>>           109 - 370
>>>           112 - 282
>>>           113 - 956
>>>           116 - 26
>>>           118 - 3314
>>>           120 - 3055
>>>           121 - 142
>>>           122 - 433
>>>           124 - 27
>>>           125 - 269
>>>           126 - 342
>>>           127 - 3202
>>>           128 - 3133
>>>           129 - 381
>>>           130 - 77
>>>           131 - 81
>>>           132 - 80
>>>           133 - 449
>>>           134 - 232
>>>           135 - 3085
>>>           136 - 377
>>>           140 - 139
>>>           142 - 65
>>>           145 - 476
>>>           146 - 3188
>>>           147 - 3843
>>>           148 - 247
>>>           149 - 19
>>>           151 - 199
>>>           152 - 52
>>>           153 - 422
>>>           154 - 327
>>>           157 - 253
>>>           158 - 362
>>>           163 - 3054
>>>           164 - 94
>>>           165 - 520
>>>           166 - 439
>>>           167 - 318
>>>           168 - 404
>>>           169 - 418
>>>           170 - 3006
>>>           171 - 3247
>>>           172 - 91
>>>           173 - 521
>>>           174 - 275
>>>           175 - 493
>>>           176 - 174
>>>           177 - 513
>>>           178 - 343
>>>           180 - 396
>>>           181 - 485
>>>           182 - 42
>>>           183 - 344
>>>           184 - 345
>>>           185 - 3320
>>>           186 - 252
>>>           187 - 6
>>>           188 - 3297
>>>           189 - 383
>>>           190 - 170
>>>           191 - 378
>>>           192 - 358
>>>           193 - 445
>>>           197 - 121
>>>           199 - 437
>>>           200 - 444
>>>           201 - 3016
>>>           202 - 3015
>>>           203 - 3017
>>>           204 - 3014
>>>           205 - 3018
>>>           206 - 3022
>>>           207 - 3019
>>>           208 - 3020
>>>           209 - 384
>>>           210 - 525
>>>           211 - 4
>>>           212 - 3607
>>>           213 - 3178
>>>           214 - 494
>>>           215 - 441
>>>           216 - 3062
>>>           217 - 108
>>>           218 - 3241
>>>           219 - 477
>>>           222 - 3038
>>>           223 - 71
>>>           224 - 278
>>>           242 - 119
>>>           243 - 3383
>>>           244 - 228
>>>           245 - 263
>>>           246 - 127
>>>           247 - 3380
>>>           248 - 56
>>>           257 - 419
>>>           259 - 145
>>>           260 - 352
>>>           261 - 338
>>>           262 - 33
>>>           263 - 198
>>>           264 - 53
>>>           265 - 511
>>>           266 - 3345
>>>           267 - 472
>>>           268 - 3401
>>>           280 - 209
>>>           281 - 3290
>>>           282 - 67
>>>           283 - 393
>>>           284 - 3067
>>>           286 - 169
>>>           287 - 249
>>>           308 - 336
>>>           309 - 140
>>>           310 - 57
>>>           311 - 30
>>>           312 - 496
>>>           313 - 273
>>>           314 - 351
>>>           315 - 124
>>>           316 - 112
>>>           317 - 526
>>>           318 - 368
>>>           319 - 3298
>>>           320 - 3303
>>>           321 - 367
>>>           322 - 408
>>>           333 - 468
>>>           344 - 363
>>>           345 - 361
>>>           346 - 527
>>>           347 - 154
>>>           348 - 3045
>>>           349 - 291
>>>           350 - 279
>>>           352 - 130
>>>           353 - 322
>>>           354 - 54
>>>           355 - 107
>>>           356 - 93
>>>           357 - 55
>>>           358 - 424
>>>           359 - 339
>>>           360 - 412
>>>           361 - 417
>>>           362 - 446
>>>           363 - 3332
>>>           364 - 3032
>>>           365 - 131
>>>           366 - 347
>>>           367 - 297
>>>           368 - 382
>>>           369 - 401
>>>           370 - 95
>>>           371 - 92
>>>           372 - 481
>>>           373 - 262
>>>           375 - 197
>>>           376 - 334
>>>           377 - 147
>>>           378 - 147
>>>           379 - 3396
>>>           380 - 3397
>>>           381 - 206
>>>           383 - 3151
>>>           384 - 35
>>>           385 - 678
>>>           386 - 37
>>>           387 - 3021
>>>           388 - 484
>>>           390 - 480
>>>           391 - 3385
>>>           393 - 288
>>>           394 - 138
>>>           395 - 328
>>>           396 - 3259
>>>           397 - 302
>>>           398 - 254
>>>           399 - 3185
>>>           401 - 486
>>>           402 - 173
>>>           403 - 3090
>>>           404 - 320
>>>           405 - 321
>>>           406 - 227
>>>           408 - 3301
>>>           409 - 3300
>>>           410 - 113
>>>           411 - 400
>>>           413 - 436
>>>           414 - 230
>>>           416 - 425
>>>           417 - 350
>>>           418 - 211
>>>           419 - 34
>>>           420 - 435
>>>           421 - 3026
>>>           422 - 3027
>>>           423 - 1098
>>>           424 - 1098
>>>           425 - 215
>>>           426 - 434
>>>           427 - 3355
>>>           428 - 3265
>>>           429 - 346
>>>           430 - 3410
>>>           431 - 3409
>>>           432 - 212
>>>           433 - 335
>>>           434 - 296
>>>           435 - 3225
>>>           436 - 122
>>>           437 - 98
>>>           438 - 126
>>>           439 - 106
>>>           440 - 421
>>>           441 - 114
>>>           442 - 3077
>>>           444 - 440
>>>           446 - 3088
>>>           447 - 3087
>>>           448 - 3109
>>>           449 - 3028
>>>           450 - 3064
>>>           451 - 3069
>>>           452 - 3070
>>>           453 - 3073
>>>           455 - 3072
>>>           457 - 3344
>>>           460 - 3364
>>>           461 - 3083
>>>           462 - 3084
>>>           463 - 3005
>>>           464 - 3195
>>>           466 - 3100
>>>           467 - 3237
>>>           468 - 3294
>>>           469 - 3312
>>>           470 - 3346
>>>           471 - 3227
>>>           472 - 3201
>>>           473 - 3154
>>>           476 - 3694
>>>           477 - 3374
>>>           478 - 3373
>>>           479 - 3157
>>>           480 - 3156
>>>           482 - 3039
>>>           483 - 3406
>>>           484 - 3169
>>>           485 - 3676
>>>           486 - 3035
>>>           487 - 3358
>>>           488 - 3677
>>>           489 - 3239
>>>           490 - 3215
>>>           491 - 3138
>>>           492 - 3404
>>>           493 - 3404
>>>           494 - 3289
>>>           495 - 3168
>>>           496 - 3295
>>>           497 - 3082
>>>           498 - 3357
>>>           499 - 3184
>>>           501 - 3375
>>>           502 - 3029
>>>           503 - 3179
>>>           505 - 3206
>>>           506 - 3266
>>>           507 - 303
>>>           508 - 3443
>>>           509 - 3387
>>>           510 - 3124
>>>           511 - 3285
>>>           516 - 3417
>>>           517 - 857
>>>           518 - 766
>>>           519 - 3407
>>>           521 - 3836
>>>           522 - 3408
>>>           525 - 3398
>>>           526 - 1795
>>>           527 - 3376
>>>           528 - 3076
>>>           529 - 3183
>>>           530 - 3068
>>>           531 - 3049
>>>           532 - 3242
>>>           533 - 3678
>>>           535 - 176
>>>           536 - 3269
>>>           537 - 3253
>>>           538 - 3128
>>>           539 - 3012
>>>           540 - 490
>>>           542 - 3057
>>>           543 - 3193
>>>           544 - 3196
>>>           545 - 3013
>>>           546 - 3098
>>>           548 - 20
>>>           549 - 3164
>>>           550 - 3254
>>>           551 - 3079
>>>           553 - 3296
>>>           556 - 3321
>>>           557 - 3270
>>>           558 - 3347
>>>           559 - 3392
>>>           560 - 3329
>>>           561 - 3228
>>>           562 - 3050
>>>           563 - 3353
>>>           565 - 3437
>>>           566 - 3377
>>>           567 - 3037
>>>           568 - 3221
>>>           569 - 3220
>>>           570 - 3214
>>>           572 - 3370
>>>           573 - 3036
>>>           574 - 3126
>>>           575 - 3415
>>>           576 - 3180
>>>           577 - 3420
>>>           578 - 3181
>>>           579 - 3091
>>>           580 - 3359
>>>           581 - 3232
>>>           582 - 3339
>>>           583 - 3292
>>>           584 - 3192
>>>           586 - 3286
>>>           590 - 3400
>>>           592 - 3679
>>>           593 - 3153
>>>           594 - 3402
>>>           595 - 3044
>>>           596 - 3367
>>>           597 - 3302
>>>           598 - 3342
>>>           599 - 3007
>>>           600 - 3381
>>>           606 - 3071
>>>           607 - 3250
>>>           608 - 3354
>>>           609 - 3260
>>>           610 - 3262
>>>           611 - 3261
>>>           612 - 3148
>>>           613 - 3149
>>>           615 - 3173
>>>           616 - 3341
>>>           617 - 3340
>>>           618 - 3093
>>>           620 - 3343
>>>           621 - 3121
>>>           622 - 3056
>>>           624 - 3074
>>>           625 - 3089
>>>           627 - 3285
>>>           628 - 3308
>>>           629 - 3000
>>>           630 - 3316
>>>           631 - 1095
>>>           632 - 3040
>>>           633 - 3680
>>>           634 - 3130
>>>           635 - 3327
>>>           637 - 3198
>>>           638 - 3209
>>>           640 - 3117
>>>           641 - 3322
>>>           642 - 3681
>>>           643 - 3337
>>>           644 - 3111
>>>           646 - 3197
>>>           647 - 3096
>>>           648 - 402
>>>           650 - 3264
>>>           651 - 2313
>>>           652 - 3143
>>>           653 - 3323
>>>           654 - 3003
>>>           655 - 3399
>>>           656 - 3372
>>>           657 - 3313
>>>           658 - 3394
>>>           660 - 3204
>>>           661 - 3150
>>>           662 - 365
>>>           663 - 3305
>>>           665 - 3382
>>>           666 - 3110
>>>           667 - 3048
>>>           668 - 3211
>>>           669 - 3212
>>>           670 - 3413
>>>           671 - 3412
>>>           672 - 3423
>>>           673 - 3051
>>>           674 - 3024
>>>           675 - 3086
>>>           676 - 3421
>>>           677 - 3418
>>>           678 - 3132
>>>           679 - 3233
>>>           680 - 3118
>>>           681 - 3119
>>>           683 - 99
>>>           685 - 3210
>>>           686 - 3142
>>>           687 - 3030
>>>           688 - 3023
>>>           689 - 3248
>>>           690 - 3414
>>>           691 - 3230
>>>           692 - 3155
>>>           693 - 3009
>>>           694 - 3141
>>>           695 - 3165
>>>           696 - 3334
>>>           697 - 3411
>>>           698 - 3682
>>>           699 - 3001
>>>           704 - 3120
>>>           705 - 3008
>>>           706 - 3349
>>>           707 - 3041
>>>           709 - 3116
>>>           710 - 3115
>>>           711 - 3389
>>>           729 - 3161
>>>           730 - 3160
>>>           731 - 3160
>>>           741 - 3240
>>>           742 - 3245
>>>           744 - 3125
>>>           747 - 3127
>>>           748 - 3335
>>>           749 - 3191
>>>           751 - 3304
>>>           752 - 3306
>>>           753 - 3326
>>>           754 - 3393
>>>           758 - 3257
>>>           759 - 3065
>>>           760 - 3252
>>>           761 - 3336
>>>           762 - 3310
>>>           763 - 3080
>>>           764 - 3268
>>>           765 - 3693
>>>           767 - 3293
>>>           769 - 3416
>>>           770 - 3046
>>>           771 - 3333
>>>           772 - 3081
>>>           773 - 3379
>>>           775 - 3114
>>>           777 - 3234
>>>           780 - 3440
>>>           801 - 3095
>>>           828 - 3189
>>>           829 - 3683
>>>           847 - 3097
>>>           886 - 3162
>>>           887 - 3163
>>>           888 - 3002
>>>           900 - 3267
>>>           901 - 3366
>>>           911 - 3442
>>>           991 - 3243
>>>           994 - 3350
>>>           996 - 3422
>>>           997 - 3207
>>>           999 - 3025
>>>          1010 - 3371
>>>          1025 - 63
>>>          1026 - 70
>>>          1033 - 324
>>>          1034 - 9
>>>          1036 - 341
>>>          1046 - 499
>>>          1077 - 226
>>>          1078 - 46
>>>          1080 - 839
>>>          1098 - 3318
>>>          1099 - 3328
>>>          1112 - 221
>>>          1114 - 292
>>>          1124 - 207
>>>          1127 - 258
>>>          1132 - 257
>>>          1150 - 64
>>>          1155 - 330
>>>          1167 - 79
>>>          1168 - 491
>>>          1169 - 474
>>>          1187 - 23
>>>          1191 - 188
>>>          1194 - 353
>>>          1241 - 752
>>>          1270 - 3222
>>>          1321 - 367
>>>          1352 - 720
>>>          1366 - 329
>>>          1498 - 458
>>>          1512 - 505
>>>          1521 - 3238
>>>          1525 - 3277
>>>          1527 - 3272
>>>          1529 - 3273
>>>          1534 - 3217
>>>          1571 - 3684
>>>          1575 - 3274
>>>          1604 - 3053
>>>          1626 - 824
>>>          1630 - 3275
>>>          1677 - 190
>>>          1698 - 3938
>>>          1699 - 3948
>>>          1701 - 259
>>>          1755 - 735
>>>          1797 - 482
>>>          1801 - 306
>>>          1830 - 3276
>>>          1863 - 307
>>>          1970 - 3244
>>>          1971 - 3244
>>>          1974 - 76
>>>          1984 - 3388
>>>          1997 - 78
>>>          2000 - 2940
>>>          2048 - 498
>>>          2070 - 3886
>>>          2152 - 3140
>>>          2160 - 3010
>>>          2161 - 3010
>>>          2189 - 3122
>>>          2194 - 3122
>>>          2196 - 3122
>>>          2213 - 3182
>>>          2217 - 3136
>>>          2234 - 3103
>>>          2260 - 3010
>>>          2272 - 287
>>>          2282 - 309
>>>          2301 - 3061
>>>          2351 - 3291
>>>          2401 - 3078
>>>          2438 - 311
>>>          2478 - 416
>>>          2492 - 3139
>>>          2512 - 3053
>>>          2513 - 3053
>>>          2595 - 3439
>>>          2598 - 84
>>>          2629 - 3363
>>>          2630 - 3362
>>>          2631 - 3361
>>>          2639 - 3011
>>>          2698 - 283
>>>          2797 - 3886
>>>          2811 - 3131
>>>          2887 - 3438
>>>          2897 - 88
>>>          2948 - 3425
>>>          2949 - 3428
>>>          3050 - 3129
>>>          3052 - 3010
>>>          3075 - 3279
>>>          3076 - 3278
>>>          3077 - 3280
>>>          3088 - 3123
>>>          3200 - 3338
>>>          3211 - 3351
>>>          3218 - 3113
>>>          3260 - 3685
>>>          3268 - 3218
>>>          3300 - 3338
>>>          3305 - 348
>>>          3334 - 3106
>>>          3335 - 3101
>>>          3336 - 3102
>>>          3337 - 3105
>>>          3365 - 3066
>>>          3397 - 93
>>>          3460 - 3258
>>>          3461 - 3258
>>>          3462 - 3258
>>>          3463 - 3258
>>>          3464 - 3258
>>>          3465 - 3258
>>>          3502 - 3351
>>>          3506 - 3010
>>>          3600 - 3338
>>>          3632 - 3107
>>>          3690 - 2887
>>>          3817 - 3686
>>>          3868 - 3839
>>>          3871 - 3351
>>>          4035 - 3426
>>>          4036 - 3427
>>>          4045 - 3255
>>>          4159 - 340
>>>          4172 - 1189
>>>          4490 - 3158
>>>          4491 - 3158
>>>          4514 - 3203
>>>          4569 - 3687
>>>          4661 - 3112
>>>          4662 - 3112
>>>          4663 - 3112
>>>          4664 - 3112
>>>          4665 - 3112
>>>          4672 - 3112
>>>          4673 - 3112
>>>          4711 - 3112
>>>          4840 - 2042
>>>          4884 - 200
>>>          4899 - 3315
>>>          5013 - 155
>>>          5325 - 3135
>>>          5330 - 3436
>>>          5340 - 3436
>>>          5349 - 3378
>>>          5355 - 267
>>>          5454 - 3010
>>>          5455 - 3010
>>>          5456 - 3010
>>>          5662 - 3112
>>>          5723 - 3271
>>>          5773 - 3112
>>>          5783 - 3112
>>>          5999 - 3688
>>>          6073 - 3104
>>>          6085 - 3194
>>>          6090 - 3158
>>>          6305 - 3034
>>>          6343 - 3356
>>>          6499 - 3176
>>>          6502 - 3244
>>>          6547 - 3010
>>>          6548 - 3010
>>>          6549 - 3010
>>>          6582 - 3283
>>>          6619 - 349
>>>          6620 - 250
>>>          6621 - 251
>>>          6622 - 281
>>>          6665 - 3282
>>>          6666 - 3282
>>>          6667 - 3282
>>>          6668 - 3282
>>>          6669 - 3282
>>>          6714 - 3172
>>>          6800 - 3034
>>>          6891 - 3689
>>>          6997 - 3226
>>>          7100 - 919
>>>          7210 - 2327
>>>          7220 - 3144
>>>          7223 - 3144
>>>          7279 - 86
>>>          7631 - 3395
>>>          7648 - 3177
>>>          7649 - 3177
>>>          7845 - 3010
>>>          7846 - 3010
>>>          8182 - 3419
>>>          8801 - 3690
>>>          8880 - 3060
>>>          9022 - 29
>>>          9084 - 3837
>>>          9100 - 3287
>>>          9200 - 3424
>>>          9201 - 3431
>>>          9202 - 3429
>>>          9203 - 3430
>>>          9204 - 3434
>>>          9205 - 3432
>>>          9206 - 3435
>>>          9207 - 3433
>>>          9318 - 368
>>>          9703 - 3692
>>>          9704 - 3692
>>>          9950 - 3010
>>>          9951 - 3010
>>>          9952 - 3010
>>>         10000 - 1096
>>>         10080 - 3691
>>>         11010 - 3391
>>>         11020 - 3391
>>>         11965 - 3203
>>>         12975 - 1156
>>>         14247 - 3158
>>>         14248 - 3158
>>>         14249 - 3158
>>>         15868 - 2790
>>>         15988 - 3158
>>>         15989 - 3158
>>>         19150 - 3134
>>>         19880 - 3369
>>>         20016 - 3147
>>>         20500 - 3047
>>>         20510 - 3047
>>>         22125 - 109
>>>         24754 - 89
>>>         24800 - 3063
>>>         25999 - 2794
>>>         27665 - 3405
>>>         28960 - 3047
>>>         34572 - 3158
>>>         40001 - 3390
>>>         40002 - 3390
>>>         40003 - 3390
>>>         40004 - 3390
>>>         40011 - 3390
>>>         47808 - 3043
>>>         52300 - 3094
>>>     UDP Port-Only Services
>>>             1 - 466
>>>             2 - 3208
>>>             3 - 97
>>>             5 - 397
>>>             7 - 954
>>>             9 - 614
>>>            11 - 463
>>>            13 - 955
>>>            17 - 385
>>>            19 - 586
>>>            27 - 3263
>>>            29 - 3231
>>>            31 - 305
>>>            33 - 128
>>>            37 - 470
>>>            38 - 388
>>>            39 - 399
>>>            41 - 3137
>>>            42 - 505
>>>            44 - 3229
>>>            45 - 300
>>>            47 - 332
>>>            48 - 41
>>>            50 - 3317
>>>            51 - 3167
>>>            52 - 519
>>>            54 - 517
>>>            55 - 244
>>>            56 - 516
>>>            58 - 518
>>>            61 - 333
>>>            62 - 5
>>>            64 - 3059
>>>            66 - 355
>>>            70 - 667
>>>            71 - 391
>>>            76 - 115
>>>            78 - 492
>>>            79 - 637
>>>            82 - 514
>>>            83 - 3224
>>>            84 - 3058
>>>            85 - 293
>>>            86 - 290
>>>            89 - 451
>>>            90 - 123
>>>            91 - 294
>>>            92 - 337
>>>            93 - 111
>>>            95 - 453
>>>            96 - 120
>>>            97 - 3384
>>>            98 - 715
>>>            99 - 289
>>>           101 - 671
>>>           102 - 3186
>>>           104 - 7
>>>           105 - 3075
>>>           106 - 2
>>>           107 - 392
>>>           108 - 438
>>>           109 - 370
>>>           112 - 282
>>>           113 - 956
>>>           116 - 26
>>>           118 - 3314
>>>           120 - 3055
>>>           121 - 142
>>>           122 - 433
>>>           124 - 27
>>>           125 - 269
>>>           126 - 342
>>>           127 - 3202
>>>           128 - 3133
>>>           129 - 381
>>>           130 - 77
>>>           131 - 81
>>>           132 - 80
>>>           133 - 449
>>>           134 - 232
>>>           135 - 3085
>>>           136 - 377
>>>           140 - 139
>>>           142 - 65
>>>           145 - 476
>>>           146 - 3188
>>>           147 - 3843
>>>           148 - 247
>>>           149 - 19
>>>           151 - 199
>>>           152 - 52
>>>           153 - 422
>>>           154 - 327
>>>           157 - 253
>>>           158 - 362
>>>           163 - 3054
>>>           164 - 94
>>>           165 - 520
>>>           166 - 439
>>>           167 - 318
>>>           168 - 404
>>>           169 - 418
>>>           170 - 3006
>>>           171 - 3247
>>>           172 - 91
>>>           173 - 521
>>>           174 - 275
>>>           175 - 493
>>>           176 - 174
>>>           177 - 513
>>>           178 - 343
>>>           180 - 396
>>>           181 - 485
>>>           182 - 42
>>>           183 - 344
>>>           184 - 345
>>>           185 - 3320
>>>           186 - 252
>>>           187 - 6
>>>           188 - 3297
>>>           189 - 383
>>>           190 - 170
>>>           191 - 378
>>>           192 - 358
>>>           193 - 445
>>>           197 - 121
>>>           199 - 437
>>>           200 - 444
>>>           201 - 3016
>>>           202 - 3015
>>>           203 - 3017
>>>           204 - 3014
>>>           205 - 3018
>>>           206 - 3022
>>>           207 - 3019
>>>           208 - 3020
>>>           209 - 384
>>>           210 - 525
>>>           211 - 4
>>>           212 - 3607
>>>           213 - 3178
>>>           214 - 494
>>>           215 - 441
>>>           216 - 3062
>>>           217 - 108
>>>           218 - 3241
>>>           219 - 477
>>>           222 - 3038
>>>           223 - 71
>>>           224 - 278
>>>           242 - 119
>>>           243 - 3383
>>>           244 - 228
>>>           245 - 263
>>>           246 - 127
>>>           247 - 3380
>>>           248 - 56
>>>           257 - 419
>>>           259 - 145
>>>           260 - 352
>>>           261 - 338
>>>           262 - 33
>>>           263 - 198
>>>           264 - 53
>>>           265 - 511
>>>           266 - 3345
>>>           267 - 472
>>>           268 - 3401
>>>           270 - 177
>>>           280 - 209
>>>           281 - 3290
>>>           282 - 67
>>>           283 - 393
>>>           284 - 3067
>>>           286 - 169
>>>           287 - 249
>>>           308 - 336
>>>           309 - 140
>>>           310 - 57
>>>           311 - 30
>>>           312 - 496
>>>           313 - 273
>>>           314 - 351
>>>           315 - 124
>>>           316 - 112
>>>           317 - 526
>>>           318 - 368
>>>           319 - 3298
>>>           320 - 3303
>>>           321 - 367
>>>           322 - 408
>>>           333 - 468
>>>           344 - 363
>>>           345 - 361
>>>           346 - 527
>>>           347 - 154
>>>           348 - 3045
>>>           349 - 291
>>>           350 - 279
>>>           352 - 130
>>>           353 - 322
>>>           354 - 54
>>>           355 - 107
>>>           356 - 93
>>>           357 - 55
>>>           358 - 424
>>>           359 - 339
>>>           360 - 412
>>>           361 - 417
>>>           362 - 446
>>>           363 - 3332
>>>           364 - 3032
>>>           365 - 131
>>>           366 - 347
>>>           367 - 297
>>>           368 - 382
>>>           369 - 401
>>>           370 - 95
>>>           371 - 92
>>>           372 - 481
>>>           373 - 262
>>>           375 - 197
>>>           376 - 334
>>>           377 - 147
>>>           378 - 147
>>>           379 - 3396
>>>           380 - 3397
>>>           381 - 206
>>>           383 - 3151
>>>           384 - 35
>>>           385 - 678
>>>           386 - 37
>>>           387 - 3021
>>>           388 - 484
>>>           390 - 480
>>>           391 - 3385
>>>           393 - 288
>>>           394 - 138
>>>           395 - 328
>>>           396 - 3259
>>>           397 - 302
>>>           398 - 254
>>>           399 - 3185
>>>           401 - 486
>>>           402 - 173
>>>           403 - 3090
>>>           404 - 320
>>>           405 - 321
>>>           406 - 227
>>>           408 - 3301
>>>           409 - 3300
>>>           410 - 113
>>>           411 - 3319
>>>           412 - 3386
>>>           413 - 436
>>>           414 - 230
>>>           415 - 66
>>>           416 - 425
>>>           417 - 350
>>>           418 - 211
>>>           419 - 34
>>>           420 - 435
>>>           421 - 3026
>>>           422 - 3027
>>>           423 - 1098
>>>           424 - 1098
>>>           425 - 215
>>>           426 - 434
>>>           427 - 3355
>>>           428 - 3265
>>>           429 - 346
>>>           430 - 3410
>>>           431 - 3409
>>>           432 - 212
>>>           433 - 335
>>>           434 - 296
>>>           435 - 3225
>>>           436 - 122
>>>           437 - 98
>>>           438 - 126
>>>           439 - 106
>>>           440 - 421
>>>           441 - 114
>>>           442 - 3077
>>>           444 - 440
>>>           446 - 3088
>>>           447 - 3087
>>>           448 - 3109
>>>           449 - 3028
>>>           450 - 3064
>>>           451 - 3069
>>>           452 - 3070
>>>           453 - 3073
>>>           455 - 3072
>>>           457 - 3344
>>>           460 - 3364
>>>           461 - 3083
>>>           462 - 3084
>>>           463 - 3005
>>>           464 - 3195
>>>           466 - 3100
>>>           467 - 3237
>>>           468 - 3294
>>>           469 - 3312
>>>           470 - 3346
>>>           471 - 3227
>>>           472 - 3201
>>>           473 - 3154
>>>           476 - 3694
>>>           477 - 3374
>>>           478 - 3373
>>>           479 - 3157
>>>           480 - 3156
>>>           482 - 3039
>>>           483 - 3406
>>>           484 - 3169
>>>           485 - 3676
>>>           486 - 3035
>>>           487 - 3358
>>>           488 - 3677
>>>           489 - 3239
>>>           490 - 3215
>>>           491 - 3138
>>>           492 - 3404
>>>           493 - 3404
>>>           494 - 3289
>>>           495 - 3168
>>>           496 - 3295
>>>           497 - 3082
>>>           498 - 3357
>>>           499 - 3184
>>>           501 - 3375
>>>           502 - 3029
>>>           503 - 3179
>>>           505 - 3206
>>>           506 - 3266
>>>           507 - 303
>>>           508 - 3443
>>>           509 - 3387
>>>           510 - 3124
>>>           511 - 3285
>>>           514 - 462
>>>           516 - 3417
>>>           517 - 857
>>>           518 - 766
>>>           519 - 3407
>>>           520 - 395
>>>           521 - 3836
>>>           522 - 3408
>>>           525 - 3398
>>>           526 - 1795
>>>           527 - 3376
>>>           528 - 3076
>>>           529 - 3183
>>>           530 - 3068
>>>           531 - 3049
>>>           532 - 3242
>>>           533 - 3678
>>>           535 - 176
>>>           536 - 3269
>>>           537 - 3253
>>>           538 - 3128
>>>           539 - 3012
>>>           540 - 490
>>>           542 - 3057
>>>           543 - 3193
>>>           544 - 3196
>>>           545 - 3013
>>>           546 - 3098
>>>           548 - 20
>>>           549 - 3164
>>>           550 - 3254
>>>           551 - 3079
>>>           553 - 3296
>>>           556 - 3321
>>>           557 - 3270
>>>           558 - 3347
>>>           559 - 3392
>>>           560 - 3329
>>>           561 - 3228
>>>           562 - 3050
>>>           563 - 3353
>>>           565 - 3437
>>>           566 - 3377
>>>           567 - 3037
>>>           568 - 3221
>>>           569 - 3220
>>>           570 - 3214
>>>           572 - 3370
>>>           573 - 3036
>>>           574 - 3126
>>>           575 - 3415
>>>           576 - 3180
>>>           577 - 3420
>>>           578 - 3181
>>>           579 - 3091
>>>           580 - 3359
>>>           581 - 3232
>>>           582 - 3339
>>>           583 - 3292
>>>           584 - 3192
>>>           586 - 3286
>>>           587 - 3205
>>>           590 - 3400
>>>           592 - 3679
>>>           593 - 3153
>>>           594 - 3402
>>>           595 - 3044
>>>           596 - 3367
>>>           597 - 3302
>>>           598 - 3342
>>>           599 - 3007
>>>           600 - 3381
>>>           606 - 3071
>>>           607 - 3250
>>>           608 - 3354
>>>           609 - 3260
>>>           610 - 3262
>>>           611 - 3261
>>>           612 - 3148
>>>           613 - 3149
>>>           615 - 3173
>>>           616 - 3341
>>>           617 - 3340
>>>           618 - 3093
>>>           620 - 3343
>>>           621 - 3121
>>>           622 - 3056
>>>           624 - 3074
>>>           625 - 3089
>>>           627 - 3285
>>>           628 - 3308
>>>           629 - 3000
>>>           630 - 3316
>>>           631 - 1095
>>>           632 - 3040
>>>           633 - 3680
>>>           634 - 3130
>>>           635 - 3327
>>>           637 - 3198
>>>           638 - 3209
>>>           640 - 3117
>>>           641 - 3322
>>>           642 - 3681
>>>           643 - 3337
>>>           644 - 3111
>>>           646 - 3197
>>>           647 - 3096
>>>           648 - 402
>>>           650 - 3264
>>>           651 - 2313
>>>           652 - 3143
>>>           653 - 3323
>>>           654 - 3003
>>>           655 - 3399
>>>           656 - 3372
>>>           657 - 3313
>>>           658 - 3394
>>>           660 - 3204
>>>           661 - 3150
>>>           662 - 365
>>>           663 - 3305
>>>           665 - 3382
>>>           666 - 3110
>>>           667 - 3048
>>>           668 - 3211
>>>           669 - 3212
>>>           670 - 3413
>>>           671 - 3412
>>>           672 - 3423
>>>           673 - 3051
>>>           674 - 3024
>>>           675 - 3086
>>>           676 - 3421
>>>           677 - 3418
>>>           678 - 3132
>>>           679 - 3233
>>>           680 - 3118
>>>           681 - 3119
>>>           683 - 99
>>>           685 - 3210
>>>           686 - 3142
>>>           687 - 3030
>>>           688 - 3023
>>>           689 - 3248
>>>           690 - 3414
>>>           691 - 3230
>>>           692 - 3155
>>>           693 - 3009
>>>           694 - 3141
>>>           695 - 3165
>>>           696 - 3334
>>>           697 - 3411
>>>           698 - 3682
>>>           699 - 3001
>>>           704 - 3120
>>>           705 - 3008
>>>           706 - 3349
>>>           707 - 3041
>>>           709 - 3116
>>>           710 - 3115
>>>           711 - 3389
>>>           729 - 3161
>>>           730 - 3160
>>>           731 - 3160
>>>           741 - 3240
>>>           742 - 3245
>>>           744 - 3125
>>>           747 - 3127
>>>           748 - 3335
>>>           749 - 3191
>>>           751 - 3304
>>>           752 - 3306
>>>           753 - 3326
>>>           754 - 3393
>>>           758 - 3257
>>>           759 - 3065
>>>           760 - 3252
>>>           761 - 3336
>>>           762 - 3310
>>>           763 - 3080
>>>           764 - 3268
>>>           765 - 3693
>>>           767 - 3293
>>>           769 - 3416
>>>           770 - 3046
>>>           771 - 3333
>>>           772 - 3081
>>>           775 - 3114
>>>           777 - 3234
>>>           780 - 3440
>>>           801 - 3095
>>>           828 - 3189
>>>           829 - 3683
>>>           847 - 3097
>>>           886 - 3162
>>>           887 - 3163
>>>           888 - 3002
>>>           900 - 3267
>>>           901 - 3366
>>>           911 - 3442
>>>           991 - 3243
>>>           994 - 3350
>>>           996 - 3422
>>>           997 - 3207
>>>           999 - 3025
>>>          1010 - 3371
>>>          1025 - 63
>>>          1026 - 70
>>>          1033 - 324
>>>          1034 - 9
>>>          1036 - 341
>>>          1046 - 499
>>>          1077 - 226
>>>          1078 - 46
>>>          1080 - 839
>>>          1098 - 3318
>>>          1099 - 3328
>>>          1112 - 221
>>>          1114 - 292
>>>          1124 - 207
>>>          1127 - 258
>>>          1132 - 257
>>>          1150 - 64
>>>          1155 - 330
>>>          1167 - 79
>>>          1168 - 491
>>>          1169 - 474
>>>          1187 - 23
>>>          1191 - 188
>>>          1194 - 353
>>>          1241 - 752
>>>          1270 - 3222
>>>          1321 - 367
>>>          1352 - 720
>>>          1366 - 329
>>>          1498 - 458
>>>          1512 - 505
>>>          1521 - 3238
>>>          1525 - 3277
>>>          1527 - 3272
>>>          1529 - 3273
>>>          1534 - 3217
>>>          1571 - 3684
>>>          1575 - 3274
>>>          1604 - 3053
>>>          1626 - 824
>>>          1630 - 3275
>>>          1677 - 190
>>>          1698 - 3948
>>>          1699 - 3948
>>>          1701 - 259
>>>          1755 - 735
>>>          1797 - 482
>>>          1801 - 306
>>>          1830 - 3276
>>>          1863 - 307
>>>          1970 - 3244
>>>          1971 - 3244
>>>          1974 - 76
>>>          1984 - 3388
>>>          1997 - 78
>>>          2000 - 2940
>>>          2048 - 498
>>>          2070 - 3886
>>>          2152 - 3140
>>>          2160 - 3010
>>>          2161 - 3010
>>>          2213 - 3182
>>>          2217 - 3136
>>>          2234 - 3103
>>>          2260 - 3010
>>>          2272 - 287
>>>          2282 - 309
>>>          2301 - 3061
>>>          2351 - 3291
>>>          2401 - 3078
>>>          2438 - 311
>>>          2478 - 416
>>>          2492 - 3139
>>>          2512 - 3053
>>>          2513 - 3053
>>>          2595 - 3439
>>>          2598 - 84
>>>          2629 - 3363
>>>          2630 - 3362
>>>          2631 - 3361
>>>          2639 - 3011
>>>          2698 - 283
>>>          2797 - 3886
>>>          2811 - 3131
>>>          2887 - 3438
>>>          2897 - 88
>>>          2948 - 3425
>>>          2949 - 3428
>>>          3050 - 3129
>>>          3052 - 3010
>>>          3075 - 3279
>>>          3076 - 3278
>>>          3077 - 3280
>>>          3088 - 3123
>>>          3211 - 3351
>>>          3218 - 3113
>>>          3268 - 3218
>>>          3305 - 348
>>>          3334 - 3106
>>>          3335 - 3101
>>>          3336 - 3102
>>>          3337 - 3105
>>>          3365 - 3066
>>>          3397 - 93
>>>          3460 - 3258
>>>          3461 - 3258
>>>          3462 - 3258
>>>          3463 - 3258
>>>          3464 - 3258
>>>          3465 - 3258
>>>          3502 - 3351
>>>          3506 - 3010
>>>          3632 - 3107
>>>          3690 - 2887
>>>          3817 - 3686
>>>          3868 - 3839
>>>          3871 - 3351
>>>          4035 - 3426
>>>          4036 - 3427
>>>          4045 - 3255
>>>          4159 - 340
>>>          4172 - 1189
>>>          4490 - 3158
>>>          4491 - 3158
>>>          4569 - 3687
>>>          4661 - 3112
>>>          4662 - 3112
>>>          4663 - 3112
>>>          4664 - 3112
>>>          4665 - 3112
>>>          4672 - 3112
>>>          4673 - 3112
>>>          4711 - 3112
>>>          4840 - 2042
>>>          4884 - 200
>>>          4899 - 3315
>>>          5013 - 155
>>>          5325 - 3135
>>>          5349 - 3378
>>>          5355 - 267
>>>          5454 - 3010
>>>          5455 - 3010
>>>          5456 - 3010
>>>          5662 - 3112
>>>          5723 - 3271
>>>          5773 - 3112
>>>          5783 - 3112
>>>          5999 - 3688
>>>          6073 - 3104
>>>          6085 - 3194
>>>          6090 - 3158
>>>          6343 - 3356
>>>          6502 - 3244
>>>          6547 - 3010
>>>          6548 - 3010
>>>          6549 - 3010
>>>          6582 - 3283
>>>          6619 - 349
>>>          6620 - 250
>>>          6621 - 251
>>>          6622 - 281
>>>          6623 - 255
>>>          6665 - 3282
>>>          6666 - 3282
>>>          6667 - 3282
>>>          6668 - 3282
>>>          6669 - 3282
>>>          6714 - 3172
>>>          6997 - 3226
>>>          7100 - 919
>>>          7279 - 86
>>>          7648 - 3177
>>>          7649 - 3177
>>>          7845 - 3010
>>>          7846 - 3010
>>>          8182 - 3419
>>>          8211 - 3299
>>>          8880 - 3060
>>>          8905 - 3052
>>>          8906 - 3052
>>>          9022 - 29
>>>          9084 - 3837
>>>          9100 - 3287
>>>          9200 - 3424
>>>          9201 - 3431
>>>          9202 - 3429
>>>          9203 - 3430
>>>          9204 - 3434
>>>          9205 - 3432
>>>          9206 - 3435
>>>          9207 - 3433
>>>          9318 - 368
>>>          9950 - 3010
>>>          9951 - 3010
>>>          9952 - 3010
>>>         10080 - 3691
>>>         12222 - 3199
>>>         12223 - 3199
>>>         13991 - 3158
>>>         14247 - 3158
>>>         14248 - 3158
>>>         14249 - 3158
>>>         15871 - 2790
>>>         15988 - 3158
>>>         15989 - 3158
>>>         20500 - 3047
>>>         24032 - 3177
>>>         26137 - 3244
>>>         27444 - 3405
>>>         31335 - 3405
>>>         33435 - 3331
>>>         34572 - 3158
>>>         40001 - 3390
>>>         40002 - 3390
>>>         40003 - 3390
>>>         40004 - 3390
>>>         40011 - 3390
>>>         47808 - 3043
>>>
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Initializing rule chains...
>>> WARNING: /etc/snort/rules/local.rules(1) too many appids in rule. Max
>>> allowed 10
>>>
>>> 1 Snort rules read
>>>     1 detection rules
>>>     0 decoder rules
>>>     0 preprocessor rules
>>> 1 Option Chains linked into 1 Chain Headers
>>> 0 Dynamic rules
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>> +-------------------[Rule Port
>>> Counts]---------------------------------------
>>> |             tcp     udp    icmp      ip
>>> |     src       0       0       0       0
>>> |     dst       0       0       0       0
>>> |     any       1       0       0       0
>>> |      nc       1       0       0       0
>>> |     s+d       0       0       0       0
>>> +----------------------------------------------------------------------------
>>>
>>>
>>> +-----------------------[detection-filter-config]------------------------------
>>>
>>> | memory-cap : 1048576 bytes
>>> +-----------------------[detection-filter-rules]-------------------------------
>>>
>>> | none
>>> -------------------------------------------------------------------------------
>>>
>>>
>>> +-----------------------[rate-filter-config]-----------------------------------
>>>
>>> | memory-cap : 1048576 bytes
>>> +-----------------------[rate-filter-rules]------------------------------------
>>>
>>> | none
>>> -------------------------------------------------------------------------------
>>>
>>>
>>> +-----------------------[event-filter-config]----------------------------------
>>>
>>> | memory-cap : 1048576 bytes
>>> +-----------------------[event-filter-global]----------------------------------
>>>
>>> +-----------------------[event-filter-local]-----------------------------------
>>>
>>> | none
>>> +-----------------------[suppression]------------------------------------------
>>>
>>> | none
>>> -------------------------------------------------------------------------------
>>>
>>> Rule application order:
>>> activation->dynamic->pass->drop->sdrop->reject->alert->log
>>> Verifying Preprocessor Configurations!
>>>
>>> [ Port Based Pattern Matching Memory ]
>>> +- [ Aho-Corasick Summary ] -------------------------------------
>>> | Storage Format    : Full
>>> | Finite Automaton  : DFA
>>> | Alphabet Size     : 256 Chars
>>> | Sizeof State      : 4 bytes
>>> | Instances         : 2461
>>> | Characters        : 61657
>>> | States            : 46199
>>> | Transitions       : 1383457
>>> | State Density     : 11.7%
>>> | Patterns          : 7344
>>> | Match States      : 7568
>>> | Memory (MB)       : 48.51
>>> |   Patterns        : 0.68
>>> |   Match Lists     : 1.12
>>> |   DFA             : 45.82
>>> +----------------------------------------------------------------
>>> [ Number of patterns truncated to 20 bytes: 0 ]
>>> afpacket DAQ configured to inline.
>>> Acquiring network traffic from "eth0:wlan0".
>>> Reload thread starting...
>>> Reload thread started, thread 0x7f8ada54d700 (15335)
>>> Set gid to 1001
>>> Set uid to 999
>>>
>>>         --== Initialization Complete ==--
>>>
>>>    ,,_     -*> Snort! <*-
>>>   o"  )~   Version 2.9.7.6 GRE (Build 285)
>>>    ''''    By Martin Roesch & The Snort Team:
>>> http://www.snort.org/contact#team
>>>            Copyright (C) 2014-2015 Cisco and/or its affiliates. All
>>> rights reserved.
>>>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>>            Using libpcap version 1.5.3
>>>            Using PCRE version: 8.31 2012-07-06
>>>            Using ZLIB version: 1.2.8
>>>
>>>            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build
>>> 1>
>>>            Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
>>>            Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
>>>            Preprocessor Object: APPID  Version 1.1  <Build 4>
>>>            Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
>>>            Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
>>>            Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
>>>            Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
>>>            Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
>>>            Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
>>>            Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
>>>            Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
>>>            Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
>>>            Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
>>>            Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
>>>            Preprocessor Object: SF_POP  Version 1.0  <Build 1>
>>> Commencing packet processing (pid=15333)
>>> Decoding Ethernet
>>> 10/28-19:39:19.094832  [Drop] [**] [1:1000006:4] No access [**]
>>> [Priority: 0] [AppID: linkedin_contac] {TCP} 23.67.137.227:443 ->
>>> 192.168.6.114:39651
>>> ^C*** Caught Int-Signal
>>> ===============================================================================
>>>
>>> Run time for packet processing was 82.628417 seconds
>>> Snort processed 4188 packets.
>>> Snort ran for 0 days 0 hours 1 minutes 22 seconds
>>>    Pkts/min:         4188
>>>    Pkts/sec:           51
>>> *** Opening /var/log/snort/appstats-u2.log.1446041392 for output
>>> ===============================================================================
>>>
>>> Memory usage summary:
>>>   Total non-mmapped bytes (arena):       40943616
>>>   Bytes in mapped regions (hblkhd):      15011840
>>>   Total allocated space (uordblks):      13870944
>>>   Total free space (fordblks):           27072672
>>>   Topmost releasable block (keepcost):   133360
>>> ===============================================================================
>>>
>>> Packet I/O Totals:
>>>    Received:         4162
>>>    Analyzed:         4188 (100.625%)
>>>     Dropped:            0 (  0.000%)
>>>    Filtered:            0 (  0.000%)
>>> Outstanding:            0 (  0.000%)
>>>    Injected:            4
>>> ===============================================================================
>>>
>>> Breakdown by protocol (includes rebuilt packets):
>>>         Eth:         4203 (100.000%)
>>>        VLAN:            0 (  0.000%)
>>>         IP4:         2471 ( 58.791%)
>>>        Frag:            0 (  0.000%)
>>>        ICMP:            0 (  0.000%)
>>>         UDP:         1055 ( 25.101%)
>>>         TCP:         1368 ( 32.548%)
>>>         IP6:          255 (  6.067%)
>>>     IP6 Ext:          294 (  6.995%)
>>>    IP6 Opts:           39 (  0.928%)
>>>       Frag6:            0 (  0.000%)
>>>       ICMP6:           96 (  2.284%)
>>>        UDP6:          159 (  3.783%)
>>>        TCP6:            0 (  0.000%)
>>>      Teredo:            0 (  0.000%)
>>>     ICMP-IP:            0 (  0.000%)
>>>     IP4/IP4:            0 (  0.000%)
>>>     IP4/IP6:            0 (  0.000%)
>>>     IP6/IP4:            0 (  0.000%)
>>>     IP6/IP6:            0 (  0.000%)
>>>         GRE:            0 (  0.000%)
>>>     GRE Eth:            0 (  0.000%)
>>>    GRE VLAN:            0 (  0.000%)
>>>     GRE IP4:            0 (  0.000%)
>>>     GRE IP6:            0 (  0.000%)
>>> GRE IP6 Ext:            0 (  0.000%)
>>>    GRE PPTP:            0 (  0.000%)
>>>     GRE ARP:            0 (  0.000%)
>>>     GRE IPX:            0 (  0.000%)
>>>    GRE Loop:            0 (  0.000%)
>>>        MPLS:            0 (  0.000%)
>>>         ARP:         1419 ( 33.762%)
>>>         IPX:            0 (  0.000%)
>>>    Eth Loop:            0 (  0.000%)
>>>    Eth Disc:            0 (  0.000%)
>>>    IP4 Disc:            0 (  0.000%)
>>>    IP6 Disc:            0 (  0.000%)
>>>    TCP Disc:            0 (  0.000%)
>>>    UDP Disc:            0 (  0.000%)
>>>   ICMP Disc:            0 (  0.000%)
>>> All Discard:            0 (  0.000%)
>>>       Other:          106 (  2.522%)
>>> Bad Chk Sum:            0 (  0.000%)
>>>     Bad TTL:            0 (  0.000%)
>>>      S5 G 1:            7 (  0.167%)
>>>      S5 G 2:            8 (  0.190%)
>>>       Total:         4203
>>> ===============================================================================
>>>
>>> Action Stats:
>>>      Alerts:            1 (  0.024%)
>>>      Logged:            1 (  0.024%)
>>>      Passed:            0 (  0.000%)
>>> Limits:
>>>       Match:            0
>>>       Queue:            0
>>>         Log:            0
>>>       Event:            0
>>>       Alert:            0
>>> Verdicts:
>>>       Allow:         3996 ( 96.012%)
>>>       Block:            0 (  0.000%)
>>>     Replace:           83 (  1.994%)
>>>   Whitelist:           86 (  2.066%)
>>>   Blacklist:           23 (  0.553%)
>>>      Ignore:            0 (  0.000%)
>>>       Retry:            0 (  0.000%)
>>> ===============================================================================
>>>
>>> Normalizer statistics:
>>>               ip4::trim: 0
>>> Would         ip4::trim: 0
>>>                ip4::tos: 0
>>> Would          ip4::tos: 0
>>>                 ip4::df: 0
>>> Would           ip4::df: 0
>>>                 ip4::rf: 0
>>> Would           ip4::rf: 0
>>>                ip4::ttl: 0
>>> Would          ip4::ttl: 0
>>>               ip4::opts: 44
>>> Would         ip4::opts: 0
>>>             icmp4::echo: 0
>>> Would       icmp4::echo: 0
>>>                ip6::ttl: 0
>>> Would          ip6::ttl: 0
>>>               ip6::opts: 39
>>> Would         ip6::opts: 0
>>>             icmp6::echo: 0
>>> Would       icmp6::echo: 0
>>>            tcp::syn_opt: 0
>>> Would      tcp::syn_opt: 0
>>>                tcp::opt: 0
>>> Would          tcp::opt: 0
>>>                tcp::pad: 0
>>> Would          tcp::pad: 0
>>>                tcp::rsv: 0
>>> Would          tcp::rsv: 0
>>>                 tcp::ns: 0
>>> Would           tcp::ns: 0
>>>                tcp::urp: 0
>>> Would          tcp::urp: 0
>>>            tcp::ecn_pkt: 0
>>> Would      tcp::ecn_pkt: 0
>>>             tcp::ts_ecr: 0
>>> Would       tcp::ts_ecr: 0
>>>            tcp::req_urg: 0
>>> Would      tcp::req_urg: 0
>>>            tcp::req_pay: 0
>>> Would      tcp::req_pay: 0
>>>            tcp::req_urp: 0
>>> Would      tcp::req_urp: 0
>>>            tcp::ecn_ssn: 0
>>> Would      tcp::ecn_ssn: 0
>>>             tcp::ts_nop: 0
>>> Would       tcp::ts_nop: 0
>>>           tcp::ips_data: 0
>>> Would     tcp::ips_data: 0
>>>              tcp::block: 0
>>> Would        tcp::block: 0
>>>           tcp::trim_syn: 0
>>> Would     tcp::trim_syn: 0
>>>           tcp::trim_rst: 0
>>> Would     tcp::trim_rst: 0
>>>           tcp::trim_win: 0
>>> Would     tcp::trim_win: 0
>>>           tcp::trim_mss: 0
>>> Would     tcp::trim_mss: 0
>>> ===============================================================================
>>>
>>> Frag3 statistics:
>>>         Total Fragments: 0
>>>       Frags Reassembled: 0
>>>                Discards: 0
>>>           Memory Faults: 0
>>>                Timeouts: 0
>>>                Overlaps: 0
>>>               Anomalies: 0
>>>                  Alerts: 0
>>>                   Drops: 0
>>>      FragTrackers Added: 0
>>>     FragTrackers Dumped: 0
>>> FragTrackers Auto Freed: 0
>>>     Frag Nodes Inserted: 0
>>>      Frag Nodes Deleted: 0
>>> ===============================================================================
>>>
>>> ===============================================================================
>>>
>>> Stream statistics:
>>>             Total sessions: 168
>>>               TCP sessions: 26
>>>               UDP sessions: 142
>>>              ICMP sessions: 0
>>>                IP sessions: 0
>>>                 TCP Prunes: 0
>>>                 UDP Prunes: 0
>>>                ICMP Prunes: 0
>>>                  IP Prunes: 0
>>> TCP StreamTrackers Created: 26
>>> TCP StreamTrackers Deleted: 26
>>>               TCP Timeouts: 0
>>>               TCP Overlaps: 0
>>>        TCP Segments Queued: 625
>>>      TCP Segments Released: 625
>>>        TCP Rebuilt Packets: 312
>>>          TCP Segments Used: 613
>>>               TCP Discards: 0
>>>                   TCP Gaps: 0
>>>       UDP Sessions Created: 142
>>>       UDP Sessions Deleted: 142
>>>               UDP Timeouts: 0
>>>               UDP Discards: 0
>>>                     Events: 1
>>>            Internal Events: 0
>>>            TCP Port Filter
>>>                   Filtered: 0
>>>                  Inspected: 0
>>>                    Tracked: 1331
>>>            UDP Port Filter
>>>                   Filtered: 0
>>>                  Inspected: 0
>>>                    Tracked: 142
>>> ===============================================================================
>>>
>>> ===============================================================================
>>>
>>> SMTP Preprocessor Statistics
>>>   Total sessions                                    : 0
>>>   Max concurrent sessions                           : 0
>>> ===============================================================================
>>>
>>> dcerpc2 Preprocessor Statistics
>>>   Total sessions: 0
>>> ===============================================================================
>>>
>>> SSL Preprocessor:
>>>    SSL packets decoded: 96
>>>           Client Hello: 30
>>>           Server Hello: 30
>>>            Certificate: 28
>>>            Server Done: 14
>>>    Client Key Exchange: 2
>>>    Server Key Exchange: 7
>>>          Change Cipher: 8
>>>               Finished: 0
>>>     Client Application: 2
>>>     Server Application: 5
>>>                  Alert: 0
>>>   Unrecognized records: 22
>>>   Completed handshakes: 0
>>>         Bad handshakes: 0
>>>       Sessions ignored: 4
>>>     Detection disabled: 1
>>> ===============================================================================
>>>
>>> SIP Preprocessor Statistics
>>>   Total sessions: 0
>>> ===============================================================================
>>>
>>> Reputation Preprocessor Statistics
>>>   Total Memory Allocated: 0
>>> ===============================================================================
>>>
>>> Application Identification Preprocessor:
>>>    Total packets received : 4500
>>>   Total packets processed : 2567
>>>     Total packets ignored : 1933
>>> Service State:
>>> Lua detector StatsLua Stats total memory usage 0
>>> kb===============================================================================
>>>
>>> Snort exiting
>>>
>>>
>>> *snort.conf:*
>>> navneet at ...103...:~$ cat /etc/snort/snort.conf |grep -v ^#|grep -v ^$
>>> ipvar HOME_NET 192.168.6.0/24
>>> ipvar EXTERNAL_NET !$HOME_NET
>>> ipvar DNS_SERVERS $HOME_NET
>>> ipvar SMTP_SERVERS $HOME_NET
>>> ipvar HTTP_SERVERS $HOME_NET
>>> ipvar SQL_SERVERS $HOME_NET
>>> ipvar TELNET_SERVERS $HOME_NET
>>> ipvar SSH_SERVERS $HOME_NET
>>> ipvar FTP_SERVERS $HOME_NET
>>> ipvar SIP_SERVERS $HOME_NET
>>> portvar HTTP_PORTS
>>> [80,81,311,383,591,593,901,1220,1414,1741,1830,2301,2381,2809,3037,3128,3702,4343,4848,5250,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8243,8280,8300,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555]
>>>
>>> portvar SHELLCODE_PORTS !80
>>> portvar ORACLE_PORTS 1024:
>>> portvar SSH_PORTS 22
>>> portvar FTP_PORTS [21,2100,3535]
>>> portvar SIP_PORTS [5060,5061,5600]
>>> portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
>>> portvar GTP_PORTS [2123,2152,3386]
>>> ipvar AIM_SERVERS [
>>> 64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
>>>
>>> var RULE_PATH /etc/snort/rules
>>> var SO_RULE_PATH /etc/snort/so_rules
>>> var PREPROC_RULE_PATH /etc/snort/preproc_rules
>>> var WHITE_LIST_PATH /etc/snort/rules
>>> var BLACK_LIST_PATH /etc/snort/rules
>>> config disable_decode_alerts
>>> config disable_tcpopt_experimental_alerts
>>> config disable_tcpopt_obsolete_alerts
>>> config disable_tcpopt_ttcp_alerts
>>> config disable_tcpopt_alerts
>>> config disable_ipopt_alerts
>>> config checksum_mode: all
>>> config daq:afpacket
>>> config daq_dir:/usr/local/lib/daq
>>> config daq_mode:inline
>>> config daq_var:buffer_size_mb=1024
>>> config policy_mode:inline
>>> config pcre_match_limit: 3500
>>> config pcre_match_limit_recursion: 1500
>>> config detection: search-method ac-split search-optimize max-pattern-len
>>> 20
>>> config event_queue: max_queue 8 log 5 order_events content_length
>>> config paf_max: 16000
>>> dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
>>> dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
>>> preprocessor normalize_ip4
>>> preprocessor normalize_tcp: ips ecn stream
>>> preprocessor normalize_icmp4
>>> preprocessor normalize_ip6
>>> preprocessor normalize_icmp6
>>> preprocessor frag3_global: max_frags 65536
>>> preprocessor frag3_engine: policy windows detect_anomalies overlap_limit
>>> 10 min_fragment_length 100 timeout 180
>>> preprocessor stream5_global: track_tcp yes, \
>>>    track_udp yes, \
>>>    track_icmp no, \
>>>    max_tcp 262144, \
>>>    max_udp 131072, \
>>>    max_active_responses 2, \
>>>    min_response_seconds 5
>>> preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs
>>> 180, \
>>>    overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
>>>     ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137
>>> 139 143 \
>>>         161 445 513 514 587 593 691 1433 1521 1741 2100 3306 6070 6665
>>> 6666 6667 6668 6669 \
>>>         7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778
>>> 32779, \
>>>     ports both 80 81 311 383 443 465 563 591 593 636 901 989 992 993 994 995
>>> 1220 1414 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7907
>>> 7000 7001 7144 7145 7510 7802 7777 7779 \
>>>         7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912
>>> 7913 7914 7915 7916 \
>>>         7917 7918 7919 7920 8000 8008 8014 8028 8080 8085 8088 8090 8118
>>> 8123 8180 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443
>>> 9999 11371 34443 34444 41080 50002 55555
>>> preprocessor stream5_udp: timeout 180
>>> preprocessor http_inspect: global iis_unicode_map unicode.map 1252
>>> compress_depth 65535 decompress_depth 65535 max_gzip_mem 104857600
>>> preprocessor http_inspect_server: server default \
>>>     http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK
>>> NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK
>>> CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND
>>> BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST
>>> RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
>>>     chunk_length 500000 \
>>>     server_flow_depth 0 \
>>>     client_flow_depth 0 \
>>>     post_depth 65495 \
>>>     oversize_dir_length 500 \
>>>     max_header_length 750 \
>>>     max_headers 100 \
>>>     max_spaces 200 \
>>>     small_chunk_length { 10 5 } \
>>>     ports { 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381
>>> 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779
>>> 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300
>>> 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080
>>> 50002 55555 } \
>>>     non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
>>>     enable_cookie \
>>>     extended_response_inspection \
>>>     inspect_gzip \
>>>     normalize_utf \
>>>     unlimited_decompress \
>>>     normalize_javascript \
>>>     apache_whitespace no \
>>>     ascii no \
>>>     bare_byte no \
>>>     directory no \
>>>     double_decode no \
>>>     iis_backslash no \
>>>     iis_delimiter no \
>>>     iis_unicode no \
>>>     multi_slash no \
>>>     utf_8 no \
>>>     u_encode yes \
>>>     webroot no
>>> preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776
>>> 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments
>>> no_alert_incomplete
>>> preprocessor bo
>>> preprocessor ftp_telnet: global inspection_type stateful
>>> encrypted_traffic no check_encrypted
>>> preprocessor ftp_telnet_protocol: telnet \
>>>     ayt_attack_thresh 20 \
>>>     normalize ports { 23 } \
>>>     detect_anomalies
>>> preprocessor ftp_telnet_protocol: ftp server default \
>>>     def_max_param_len 100 \
>>>     ports { 21 2100 3535 } \
>>>     telnet_cmds yes \
>>>     ignore_telnet_erase_cmds yes \
>>>     ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
>>>     ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
>>>     ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
>>>     ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
>>>     ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
>>>     ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
>>>     ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
>>>     ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
>>>     ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
>>>     ftp_cmds { XSEN XSHA1 XSHA256 } \
>>>     alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD
>>> QUIT REIN STOU SYST XCUP XPWD } \
>>>     alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU
>>> XMKD } \
>>>     alt_max_param_len 256 { CWD RNTO } \
>>>     alt_max_param_len 400 { PORT } \
>>>     alt_max_param_len 512 { SIZE } \
>>>     chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
>>>     chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
>>>     chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
>>>     chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
>>>     chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
>>>     chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
>>>     chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
>>>     chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
>>>     cmd_validity ALLO < int [ char R int ] > \
>>>     cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
>>>     cmd_validity MACB < string > \
>>>     cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
>>>     cmd_validity MODE < char ASBCZ > \
>>>     cmd_validity PORT < host_port > \
>>>     cmd_validity PROT < char CSEP > \
>>>     cmd_validity STRU < char FRPO [ string ] > \
>>>     cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [
>>> number ] } >
>>> preprocessor ftp_telnet_protocol: ftp client default \
>>>     max_resp_len 256 \
>>>     bounce yes \
>>>     ignore_telnet_erase_cmds yes \
>>>     telnet_cmds yes
>>> preprocessor smtp: ports { 25 465 587 691 } \
>>>     inspection_type stateful \
>>>     b64_decode_depth 0 \
>>>     qp_decode_depth 0 \
>>>     bitenc_decode_depth 0 \
>>>     uu_decode_depth 0 \
>>>     log_mailfrom \
>>>     log_rcptto \
>>>     log_filename \
>>>     log_email_hdrs \
>>>     normalize cmds \
>>>     normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM
>>> ESND ESOM ETRN EVFY } \
>>>     normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT
>>> RSET SAML SEND SOML } \
>>>     normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT
>>> X-DRCP X-ERCP X-EXCH50 } \
>>>     normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN
>>> XLICENSE XQUE XSTA XTRN XUSR } \
>>>     max_command_line_len 512 \
>>>     max_header_line_len 1000 \
>>>     max_response_line_len 512 \
>>>     alt_max_command_line_len 260 { MAIL } \
>>>     alt_max_command_line_len 300 { RCPT } \
>>>     alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
>>>     alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL
>>> ESAM ESND ESOM EVFY IDENT NOOP RSET } \
>>>     alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA
>>> RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR
>>> XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
>>>     valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND
>>> ESOM ETRN EVFY } \
>>>     valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET
>>> SAML SEND SOML } \
>>>     valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP
>>> X-ERCP X-EXCH50 } \
>>>     valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN
>>> XLICENSE XQUE XSTA XTRN XUSR } \
>>>     xlink2state { enabled }
>>> preprocessor ssh: server_ports { 22 } \
>>>                   autodetect \
>>>                   max_client_bytes 19600 \
>>>                   max_encrypted_packets 20 \
>>>                   max_server_version_len 100 \
>>>                   enable_respoverflow enable_ssh1crc32 \
>>>                   enable_srvoverflow enable_protomismatch
>>> preprocessor dcerpc2: memcap 102400, events [co ]
>>> preprocessor dcerpc2_server: default, policy WinXP, \
>>>     detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593],
>>> \
>>>     autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
>>>     smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"]
>>> preprocessor dns: ports { 53 } enable_rdata_overflow
>>> preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802
>>> 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914
>>> 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted
>>> preprocessor sensitive_data: alert_threshold 25
>>> preprocessor sip: max_sessions 40000, \
>>>    ports { 5060 5061 5600 }, \
>>>    methods { invite \
>>>              cancel \
>>>              ack \
>>>              bye \
>>>              register \
>>>              options \
>>>              refer \
>>>              subscribe \
>>>              update \
>>>              join \
>>>              info \
>>>              message \
>>>              notify \
>>>              benotify \
>>>              do \
>>>              qauth \
>>>              sprack \
>>>              publish \
>>>              service \
>>>              unsubscribe \
>>>              prack }, \
>>>    max_uri_len 512, \
>>>    max_call_id_len 80, \
>>>    max_requestName_len 20, \
>>>    max_from_len 256, \
>>>    max_to_len 256, \
>>>    max_via_len 1024, \
>>>    max_contact_len 512, \
>>>    max_content_len 2048
>>> preprocessor imap: \
>>>    ports { 143 } \
>>>    b64_decode_depth 0 \
>>>    qp_decode_depth 0 \
>>>    bitenc_decode_depth 0 \
>>>    uu_decode_depth 0
>>> preprocessor pop: \
>>>    ports { 110 } \
>>>    b64_decode_depth 0 \
>>>    qp_decode_depth 0 \
>>>    bitenc_decode_depth 0 \
>>>    uu_decode_depth 0
>>> preprocessor modbus: ports { 502 }
>>> preprocessor dnp3: ports { 20000 } \
>>>    memcap 262144 \
>>>    check_crc
>>> preprocessor reputation: \
>>>    memcap 500, \
>>>    priority whitelist, \
>>>    nested_ip inner, \
>>>    whitelist $WHITE_LIST_PATH/white_list.rules, \
>>>    blacklist $BLACK_LIST_PATH/black_list.rules
>>> preprocessor appid: app_stats_filename appstats-u2.log, \
>>>    app_stats_period 60, \
>>>    app_detector_dir /etc/snort/rules
>>> output unified2: filename snort.log, limit 128, appid_event_types
>>> include classification.config
>>> include reference.config
>>> include rules/local.rules
>>> include rules/snort.rules
>>> include threshold.conf
>>>
>>>
>>> Please help me with understanding the issue causing such behaviour.
>>>
>>> --
>>> Regards
>>> Navneet
>>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20151029/ba7b044e/attachment.html>


More information about the Snort-openappid mailing list