[Snort-users] attack hidden in path MTU discovery or snort 1.8.3 log weirdness? MISC Large ICMP Packet

Paul Keser pkeser at ...4934...
Mon Feb 11 09:19:03 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry for the long post.  I wanted to include the strange portion of the 
payload.

Environment:
Mandrake 8.0 hardened with bastille. masq internal net
Snort Version 1.8.3 (Build 88) with most recent rules as of 01/26/2002
	homenet is set to ext addr of firewall with /32 mask


I saw 2 packets in snort.  They came up as follows:

[**] [1:499:1] MISC Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
02/08-16:05:06.276877 213.77.140.132 -> mynet.184.141
ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF
Type:8  Code:0  ID:51090   Seq:706  ECHO
[Xref => http://www.whitehats.com/info/IDS246]

Researching this most of the sightings turned out to be path MTU discovery.  
several things make me question this:

1.	I didn't connect to a web server at this address (in Poland)
2.	the datestamp,  I worked from home 2/7/02, was in office 2/8/02
3.	payload of the packet contains text from an email received 2/7/02 (that's 
	where log weirdness ?? comes in)


Any suggestions/explanations would be greatly appreciated.

TIA

- -PaulK

- -- 
Paul D. Keser
Sr. Network Security Engineer
Raytheon, Inc. ITSS
NASA Ames Research Ctr.
MS 233-17
Moffett Field, CA  94035-1000

All opinions expressed are my own.  Not Raytheon's or NASA's...

I find that good security people are D&D players and tinkerers.  -B Schneier
See, I wasn't wasting time playing D&D & working on cars in high School.  -Me

- --

Here is the beginning of the payload, the remainder was nulls, both packets 
were identical:

[**] MISC Large ICMP Packet [**]
02/08-16:05:06.276877 213.77.140.132 -> 64.195.184.141
ICMP TTL:51 TOS:0x0 ID:0 IpLen:20 DgmLen:28 DF
Type:8  Code:0  ID:51090   Seq:706  ECHO
88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88  ................
88 88 17 EE 53 53 48 2D 31 2E 30 2D 53 53 48 5F  ....SSH-1.0-SSH_
56 65 72 73 69 6F 6E 5F 4D 61 70 70 65 72 0A 00  Version_Mapper..
90 CA 83 9F CE 3F 22 D7 3C 8A 04 95 CC 75 CC 5A  .....?".<....u.Z
68 39 8A 6B E6 16 4D 10 C5 A2 56 78 09 B7 E2 D0  h9.k..M...Vx....
A5 9E A8 33 71 0F DA BD 2F 8B EA 8A 27 3F E4 A3  ...3q.../...'?..
0D 81 F4 03 DA 1F D0 98 38 16 44 F7 23 4A 05 43  ........8.D.#J.C
B9 20 7B 8C 58 01 36 7E 80 6D 31 4A D1 3A 21 F8  . {.X.6~.m1J.:!.
4D 48 AE 24 BD A7 66 0D B3 4D 7C 38 F3 4E F4 2C  MH.$..f..M|8.N.,
9D BB 5C 3F E9 38 62 79 15 92 76 4F FB E9 95 AD  ..\?.8by..vO....
31 E8 C9 16 8E CC 8A 5A B2 33 B6 09 65 AE 00 DD  1......Z.3..e...
CF FC 43 2B 8F E7 20 CB 02 C4 4C 18 6D 45 D2 B7  ..C+.. ...L.mE..
27 06 A0 3A CD 79 EF 31 41 72 FE C8 60 14 4A 69  '..:.y.1Ar..`.Ji
CC DA 7E C9 9E 62 95 1F EE ED E9 C3 2E 15 48 F7  ..~..b........H.
4F A8 8F 2A B1 BE 39 89 74 5B 02 78 6E 95 A5 68  O..*..9.t[.xn..h
37 34 70 4C A3 6A B6 7C 7C 24 46 79 93 4B C3 28  74pL.j.||$Fy.K.(
23 AA 19 7E 0B 06 C5 A0 8C C1 FC 27 F2 B1 B9 47  #..~.......'...G
18 DF 51 13 7A CE 91 5C 6D 02 D2 27 0D 39 5D 08  ..Q.z..\m..'.9].
96 9E 05 1F 24 91 81 5D CA 15 8F 4F DA 30 18 6B  ....$..]...O.0.k
EF 25 F9 53 9C A3 B6 E9 45 93 45 07 12 47 33 5A  .%.S....E.E..G3Z
91 0B 3A 94 41 3E 2D 88 22 8E DD B4 9F 72 73 84  ..:.A>-."....rs.
64 D3 1D 15 13 5C DF 14 70 05 EA F3 80 0D 37 FA  d....\..p.....7.
7C AD 5D 05 17 8A 12 F7 DE 4E E8 79 8F 3A 0F F9  |.]......N.y.:..
0E 38 AA 87 26 97 F8 24 90 00 87 A9 25 49 C8 04  .8..&..$....%I..
CD 99 6E A1 A0 D5 C2 2E 53 8E 6E EB AE 56 67 2A  ..n.....S.n..Vg*
49 CE 3E 31 EA AB C7 52 12 9A D5 DE E9 9B 18 63  I.>1...R.......c
A7 85 2C 92 AA 76 83 25 F7 65 DE 01 92 0C E2 3B  ..,..v.%.e.....;
D7 14 46 D9 10 09 EF 15 A9 8D C6 72 C2 43 1C C4  ..F........r.C..
3B CF 1E 78 F1 C6 B5 38 22 2B 6F D2 89 B5 FE A3  ;..x...8"+o.....
2E D4 CA 70 5B 9D 45 29 0D 2B 58 DE 9D ED 11 45  ...p[.E).+X....E
19 D7 A8 DD 02 03 61 CC A2 FB 67 1D 83 3F B2 4A  ......a...g..?.J
1A A8 75 D4 A0 B7 F4 16 AD C7 5B D4 78 B4 B7 3E  ..u.......[.x..>
B0 60 3D 9A 9C 76 5E EE E5 84 DB 8B 9B 02 2F 27  .`=..v^......./'
33 98 BA 96 82 A9 11 EA 1E 62 1F FB 31 58 B5 CE  3........b..1X..
C3 74 C4 58 D2 E3 CD B1 00 00 00 CF F2 E6 E1 AB  .t.X............
25 D9 06 2E 71 F2 92 D7 3A 1D 63 C3 EB 79 37 76  %...q...:.c..y7v
0C D9 1E BA FF 7E F9 AC B8 14 22 82 4F DB 34 C0  .....~....".O.4.
D6 69 49 3C 01 28 B4 A2 7C F8 31 5D 42 8E EF DA  .iI<.(..|.1]B...
C5 51 2F 2F B6 90 7B 0F 3F 82 27 B7 DF 7B 00 2D  .Q//..{.?.'..{.-
1D 93 EE EE 12 36 8F F9 E3 67 F0 3B C4 5F 93 C2  .....6...g.;._..
97 B7 79 90 20 D7 FB B9 75 3F F7 4C 19 D4 9F 90  ..y. ...u?.L....
AF 0F 74 8A 7D 99 AA FF BE D9 6E 2E 08 88 5E D4  ..t.}.....n...^.
AB 3D BF E3 A1 90 05 1F A4 FA 7B 79 B9 09 1B 2A  .=........{y...*
81 91 A0 56 B8 86 40 79 B8 77 AC EC DC 88 B4 9D  ...V.. at ...4935...
9D B5 40 41 3F BF D3 B9 39 BB 69 07 E0 E0 17 FE  .. at ...2614...?...9.i.....
B1 28 C8 6A 05 44 19 DC FD FF 06 7C D8 C8 81 E5  .(.j.D.....|....
71 6B 32 6C 8B FB B4 78 28 69 1E 92 5B 33 8E DD  qk2l...x(i..[3..
C0 7E 63 B2 53 FA AE F0 9C 12 60 02 62 30 D5 62  .~c.S.....`.b0.b
28 2B 1C 20 89 5D BC DB F3 FC 7A 91 C5 F3 3E 4A  (+. .]....z...>J
8C 6D 78 14 A2 74 4C F1 2D 84 62 69 9C 44 B8 B5  .mx..tL.-.bi.D..
BD 60 64 51 22 A5 91 CF 4F 34 97 FE 07 26 1F 69  .`dQ"...O4...&.i
D5 16 E1 27 9F 28 5B 37 C7 1E 8C 1F 5E 0D 5C 79  ...'.([7....^.\y
6C A4 19 80 7D FF A5 83 77 37 DF 81 D7 E3 DE 14  l...}...w7......
0B 27 46 FE 93 28 74 87 0A 03 83 0F B9 73 3A 54  .'F..(t......s:T
81 86 05 B9 BD 30 73 9A 00 00 00 4F 1E 7A 11 36  .....0s....O.z.6
96 9D AB CF 18 B7 12 47 1A 6A BE 54 79 F3 CB 16  .......G.j.Ty...
F6 D6 58 5C 50 10 9F 77 06 9A AD A4 2C 36 35 43  ..X\P..w....,65C
4D 6D 70 98 47 99 E3 81 84 67 92 E3 FE 27 7B F6  Mmp.G....g...'{.
D1 CC 65 9E 73 2E FB A9 A2 4C 68 D5 09 63 D0 3F  ..e.s....Lh..c.?
81 6F FA ED 94 A6 56 47 DF 03 5D 86 72 6E 20 52  .o....VG..].rn R
69 67 68 74 20 6F 6E 20 42 61 73 63 6F 6D 0D 0A  ight on Bascom..
54 75 72 6E 20 52 69 67 68 74 20 61 74 20 50 72  Turn Right at Pr
75 6E 65 79 61 72 64 20 65 6E 74 72 61 6E 63 65  uneyard entrance
0D 0A 0D 0A 46 6F 72 20 6D 6F 72 65 20 69 6E 66  ....For more inf
6F 20 61 62 6F 75 74 20 74 68 69 73 20 70 72 6F  o about this pro
67 72 61 6D 2C 20 70 6C 65 61 73 65 20 76 69 73  gram, please vis
69 74 20 6F 75 72 20 77 65 62 73 69 74 65 20 6F  it our website o
72 20 63 6F 6E 74 61 63 74 3A 0D 0A 46 61 6E 6E  r contact:..Fann
79 20 41 2E 20 5A 75 6E 69 67 61 0D 0A 41 49 41  y A. Zuniga..AIA
41 2D 53 46 20 50 72 6F 67 72 61 6D 73 20 44 69  A-SF Programs Di
72 65 63 74 6F 72 0D 0A 45 6D 61 69 6C 3A 20 66  rector..Email: f
7A 75 6E 69 67 61 40 6D 61 69 6C 2E 61 72 63 2E  zuniga at ...4936...
6E 61 73 61 2E 67 6F 76 0D 0A 56 6F 69 63 65 3A  ####.gov..Voice:
20 28 36 35 30 29 20 36 30 34 2D 32 30 31 37 0D   (650) 604-2017.
0A 68 74 74 70 3A 2F 2F 77 77 77 2E 61 69 61 61  .http://www.aiaa
2D 73 66 2E 6F 72 67 0D 0A 0D 0A 0D 0A 49 66 20  -sf.org......If
79 6F 75 20 77 6F 75 6C 64 20 6C 69 6B 65 20 74  you would like t
6F 20 72 65 73 70 6F 6E 64 20 74 6F 20 74 68 69  o respond to thi
73 20 6D 65 6D 6F 20 65 6C 65 63 74 72 6F 6E 69  s memo electroni
63 61 6C 6C 79 2C 20 79 6F 75 20 6D 61 79 20 64  cally, you may d
6F 20 73 6F 20 62 79 0D 0A 64 6F 75 62 6C 65 2D  o so by..double-
63 6C 69 63 6B 69 6E 67 20 74 68 65 20 66 6F 6C  clicking the fol
6C 6F 77 69 6E 67 3A 20 6D 61 69 6C 74 6F 3A 66  lowing: mailto:f
7A 75 6E 69 67 61 40 6D 61 69 6C 2E 61 72 63 2E  zuniga at ...4936...
6E 61 73 61 2E 67 6F 76 2E 20 0D 0A 0D 0A 20 20  ####.gov. ....
20 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F   _______________
5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F  ________________
5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F  ________________
5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F  ________________
5F 5F 5F 5F 5F 5F 0D 0A 0D 0A 54 6F 20 73 65 61  ______....To sea
72 63 68 20 66 6F 72 20 70 61 73 74 20 43 65 6E  rch for past Cen
74 65 72 77 69 64 65 20 6D 61 69 6C 00 00 00 00  terwide mail....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00  ................
00 00 40 A5 0C 08 58 A5 0C 08 00 00 00 00 78 B5  .. at ...4937...
0C 08 70 B9 0C 08 19 00 00 00 65 74 68 30 5F 41  ..p.......eth0_A
44 44 52 45 53 53 00 00 00 00 00 00 00 00 29 00  DDRESS........).
00 00 36 34 2E 31 39 35 2E 31 38 34 2E 31 34 30  ..mynet.184.140
2F 32 35 35 2E 32 35 35 2E 32 35 35 2E 32 35 32  /255.255.255.252
00 00 00 00 00 00 11 00 00 00 06 00 00 00 EA 05  ................
00 00 10 00 00 00 19 00 00 00 2F 65 74 63 2F 6C  ........../etc/l
6F 63 61 6C 74 69 6D 65 00 00 48 6C 18 40 19 00  ocaltime..Hl. at ...846...
00 00 74 65 6C 6E 65 74 5F 64 65 63 6F 64 65 00  ..telnet_decode.
00 00 00 00 00 00 11 00 00 00 73 74 72 65 61 6D  ..........stream
34 00 00 00 00 00 11 00 00 00 E0 A5 0C 08 60 5D  4.............`]
07 08 F8 A5 0C 08 19 00 00 00 73 74 72 65 61 6D  ..........stream
34 5F 72 65 61 73 73 65 6D 62 6C 65 00 00 11 00  4_reassemble....
00 00 08 A6 0C 08 70 8E 07 08 18 A6 0C 08 11 00  ......p.........
00 00 66 72 61 67 32 00 00 00 00 00 00 00 11 00  ..frag2.........
00 00 28 A6 0C 08 E0 9E 07 08 38 A6 0C 08 11 00  ..(.......8.....
00 00 61 72 70 73 70 6F 6F 66 00 00 00 00 11 00  ..arpspoof......
00 00 48 A6 0C 08 F0 9F 07 08 00 00 00 00 21 00  ..H...........!.
00 00 61 72 70 73 70 6F 6F 66 5F 64 65 74 65 63  ..arpspoof_detec
74 5F 68 6F 73 74 00 00 00 00 00 00 00 00 11 00  t_host..........
00 00 78 A6 0C 08 E0 90 05 08 88 A6 0C 08 11 00  ..x.............
00 00 63 6F 6E 74 65 6E 74 00 00 00 00 00 11 00  ..content.......
00 00 98 A6 0C 08 60 90 05 08 B0 A6 0C 08 19 00  ......`.........
00 00 63 6F 6E 74 65 6E 74 2D 6C 69 73 74 00 00  ..content-list..
00 00 00 00 00 00 11 00 00 00 C0 A6 0C 08 60 91  ..............`.
05 08 D0 A6 0C 08 11 00 00 00 6F 66 66 73 65 74  ..........offset
00 00 00 00 00 00 11 00 00 00 E0 A6 0C 08 20 92  .............. .
05 08 F0 A6 0C 08 11 00 00 00 64 65 70 74 68 00  ..........depth.
00 00 00 00 00 00 11 00 00 00 00 A7 0C 08 E0 92  ................
05 08 D8 AD 0C 08 19 00 00 00 6E 6F 63 61 73 65  ..........nocase
00 00 00 00 00 00 00 00 00 00 00 00 00 00 C9 03  ................
00 00 A0 BD B8 9E 90 5B C0 9F A0 1A 89 CB 10 26  .......[.......&
61 D2 20 0F 76 D3 10 7D 53 D4 20 F1 55 D5 10 EA  a. .v..}S. .U...
20 D6 20 D3 35 D7 10 CC 00 D8 20 B5 15 D9 10 AE   . .5..... .....
E0 D9 A0 D1 FE DA 10 90 C0 DB A0 B3 DE DC 90 AC  ................
A9 DD A0 95 BE DE 90 8E 89 DF A0 77 9E E0 90 70  ...........w...p
69 E1 A0 59 7E E2 90 52 49 E3 A0 3B 5E E4 90 34  i..Y~..RI..;^..4
29 E5 20 58 47 E6 10 51 12 E7 20 3A 27 E8 10 33  ). XG..Q.. :'..3
F2 E8 20 1C 07 EA 10 15 D2 EA 20 FE E6 EB 10 F7  .. ....... .....
B1 EC 20 E0 C6 ED 10 D9 91 EE A0 FC AF EF 10 BB  .. .............
71 F0 A0 DE 8F F1 90 C1 7F F2 A0 C0 6F F3 90 A3  q...........o...
5F F4 A0 A2 4F F5 90 85 3F F6 A0 84 2F F7 10 A2  _...O...?.../...
28 F8 A0 66 0F F9 10 84 08 FA 20 83 F8 FA 10 66  (..f...... ....f
E8 FB 20 65 D8 FC 10 48 C8 FD 20 47 B8 FE 10 2A  .. e...H.. G...*
A8 FF 20 29 98 00 10 0C 88 01 20 0B 78 02 90 28  .. )...... .x..(
71 03 A0 27 61 04 90 0A 51 05 A0 09 41 06 90 EC  q..'a...Q...A...
30 07 A0 EB 20 08 90 CE 10 09 A0 CD 00 0A 90 B0  0... ...........
F0 0A A0 AF E0 0B 10 CD D9 0C A0 91 C0 0D 10 AF  ................
B9 0E 20 AE A9 0F 10 91 99 10 20 90 89 11 10 73  .. ....... ....s
79 12 20 72 69 13 10 55 59 14 20 54 49 15 10 37  y. ri..UY. TI..7
39 16 20 36 29 17 90 53 22 18 20 18 09 19 90 35  9. 6)..S". ....5
02 1A A0 34 F2 1A 90 17 E2 1B A0 16 D2 1C 90 F9  ...4............
C1 1D A0 F8 B1 1E 90 DB A1 1F 20 2B 76 20 90 BD  .......... +v ..
81 21 20 0D 56 22 10 DA 6A 23 20 EF 35 24 10 BC  .! .V"..j# .5$..
4A 25 20 D1 15 26 10 9E 2A 27 A0 ED FE 27 10 80  J% ..&..*'...'..
0A 29 A0 CF DE 29 10 62 EA 2A A0 B1 BE 2B 90 7E  .)...).b.*...+.~
D3 2C A0 93 9E 2D 90 60 B3 2E A0 75 7E 2F 90 42  .,...-.`...u~/.B
93 30 20 92 67 31 90 24 73 32 20 74 47 33 90 06  .0 .g1.$s2 tG3..
53 34 20 56 27 35 90 E8 32 36 20 38 07 37 10 05  S4 V'5..26 8.7..
1C 38 20 1A E7 38 10 E7 FB 39 20 FC C6 3A 10 C9  .8 ..8...9 ..:..
DB 3B A0 18 B0 3C 10 AB BB 3D A0 FA 8F 3E 10 8D  .;...<...=...>..
9B 3F A0 DC 6F 40 90 A9 84 41 A0 BE 4F 42 90 8B  .?..o at ...4938...
64 43 A0 A0 2F 44 90 6D 44 45 A0 82 0F 46 90 4F  dC../D.mDE...F.O
24 47 20 9F F8 47 90 31 04 49 20 81 D8 49 90 13  $G ..G.1.I ..I..
E4 4A 20 63 B8 4B 10 30 CD 4C 20 45 98 4D 10 12  .J c.K.0.L E.M..
AD 4E 20 27 78 4F 10 F4 8C 50 A0 43 61 51 10 D6  .N 'xO...P.CaQ..
6C 52 A0 25 41 53 10 B8 4C 54 A0 07 21 55 10 9A  lR.%AS..LT..!U..
2C 56 A0 E9 00 57 90 B6 15 58 A0 CB E0 58 90 98  ,V...W...X...X..
F5 59 A0 AD C0 5A 90 7A D5 5B 20 CA A9 5C 90 5C  .Y...Z.z.[ ..\.\
B5 5D 20 AC 89 5E 90 3E 95 5F 20 8E 69 60 10 5B  .] ..^.>._ .i`.[
7E 61 20 70 49 62 10 3D 5E 63 20 52 29 64 10 1F  ~a pIb.=^c R)d..
3E 65 A0 6E 12 66 10 01 1E 67 A0 50 F2 67 10 E3  >e.n.f...g.P.g..
FD 68 A0 32 D2 69 10 C5 DD 6A A0 14 B2 6B 90 E1  .h.2.i...j...k..
C6 6C A0 F6 91 6D 90 C3 A6 6E A0 D8 71 6F 90 A5  .l...m...n..qo..
86 70 20 F5 5A 71 90 87 66 72 20 D7 3A 73 90 69  .p .Zq..fr .:s.i
46 74 20 B9 1A 75 10 86 2F 76 20 9B FA 76 10 68  Ft ..u../v ..v.h
0F 78 20 7D DA 78 10 4A EF 79 20 5F BA 7A 10 2C  .x }.x.J.y _.z.,
CF 7B A0 7B A3 7C 10 0E AF 7D A0 5D 83 7E 10 F0  .{.{.|...}.].~..
8E 7F 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01  ................
00 01 00 01 00 01 00 01 00 01 00 01 00 01 90 9D  ................
FF FF 01 00 00 00 80 8F FF FF 00 04 00 00 50 44  ..............PD
54 00 50 53 54 00 11 00 00 00 F0 AA 0C 08 03 00  T.PST...........
00 00 50 44 54 00 11 00 00 00 00 00 00 00 03 00  ..PDT...........
00 00 50 53 54 00 11 00 00 00 10 AB 0C 08 10 AA  ..PST...........
05 08 20 AB 0C 08 11 00 00 00 68 74 74 70 5F 64  .. .......http_d
65 63 6F 64 65 00 11 00 00 00 30 AB 0C 08 50 AA  ecode.....0...P.
05 08 48 AB 0C 08 19 00 00 00 68 74 74 70 5F 64  ..H.......http_d
65 63 6F 64 65 5F 69 67 6E 6F 72 65 00 00 11 00  ecode_ignore....
00 00 58 AB 0C 08 E0 C2 05 08 68 AB 0C 08 11 00  ..X.......h.....
00 00 70 6F 72 74 73 63 61 6E 00 00 00 00 11 00  ..portscan......
00 00 78 AB 0C 08 F0 CC 05 08 98 AB 0C 08 21 00  ..x...........!.
00 00 70 6F 72 74 73 63 61 6E 2D 69 67 6E 6F 72  ..portscan-ignor
65 68 6F 73 74 73 00 00 00 00 00 00 00 00 11 00  ehosts..........
00 00 A8 AB 0C 08 C0 0A 06 08 B8 AB 0C 08 11 00  ................
00 00 64 65 66 72 61 67 00 00 00 00 00 00 11 00  ..defrag........
00 00 C8 AB 0C 08 C0 5B 06 08 D8 AB 0C 08 11 00  .......[........
00 00 73 74 72 65 61 6D 32 00 00 00 00 00 11 00  ..stream2.......
00 00 E8 AB 0C 08 A0 79 06 08 F8 AB 0C 08 11 00  .......y........
00 00 73 70 61 64 65 00 00 00 00 00 00 00 11 00  ..spade.........
00 00 08 AC 0C 08 C0 7D 06 08 20 AC 0C 08 19 00  .......}.. .....
00 00 73 70 61 64 65 2D 68 6F 6D 65 6E 65 74 00  ..spade-homenet.
00 00 00 00 00 00 11 00 00 00 30 AC 0C 08 C0 7F  ..........0.....
06 08 40 AC 0C 08 11 00 00 00 73 70 61 64 65 2D  .. at ...4939...
73 74 61 74 73 00 11 00 00 00 50 AC 0C 08 D0 80  stats.....P.....
06 08 68 AC 0C 08 19 00 00 00 73 70 61 64 65 2D  ..h.......spade-
74 68 72 65 73 68 6C 65 61 72 6E 00 00 00 11 00  threshlearn.....
00 00 78 AC 0C 08 60 83 06 08 88 AC 0C 08 11 00  ..x...`.........
00 00 73 70 61 64 65 2D 61 64 61 70 74 00 11 00  ..spade-adapt...
00 00 98 AC 0C 08 90 88 06 08 B0 AC 0C 08 19 00  ................
00 00 73 70 61 64 65 2D 61 64 61 70 74 32 00 00  ..spade-adapt2..
00 00 00 00 00 00 11 00 00 00 C0 AC 0C 08 50 95  ..............P.
06 08 D8 AC 0C 08 19 00 00 00 73 70 61 64 65 2D  ..........spade-
61 64 61 70 74 33 00 00 00 00 00 00 00 00 11 00  adapt3..........
00 00 E8 AC 0C 08 80 9C 06 08 00 AD 0C 08 19 00  ................
00 00 73 70 61 64 65 2D 73 75 72 76 65 79 00 00  ..spade-survey..
00 00 00 00 00 00 11 00 00 00 10 AD 0C 08 40 1D  .............. at ...843...
07 08 20 AD 0C 08 11 00 00 00 75 6E 69 64 65 63  .. .......unidec
6F 64 65 00 00 00 11 00 00 00 30 AD 0C 08 70 28  ode.......0...p(
07 08 40 AD 0C 08 11 00 00 00 72 70 63 5F 64 65  .. at ...4940...
63 6F 64 65 00 00 11 00 00 00 50 AD 0C 08 B0 2A  code......P....*
07 08 60 AD 0C 08 11 00 00 00 62 6F 00 00 00 00  ..`.......bo....
00 00 00 00 00 00 11 00 00 00 70 AD 0C 08 10 2F  ..........p..../
07 08 80 AD 0C 08 11 00 00 00 74 65 6C 6E 65 74  ..........telnet
5F 6E 65 67 00 00 11 00 00 00 90 AD 0C 08 10 2F  _neg.........../
07 08 A8 AD 0C 08 19 00 00 00 74 65 6C 6E 65 74  ..........telnet
5F 6E 65 67 6F 74 69 61 74 69 6F 6E 00 00 11 00  _negotiation....
00 00 A8 A5 0C 08 10 2F 07 08 B8 AD 0C 08 11 00  ......./........
00 00 C0 A5 0C 08 10 57 07 08 D0 A5 0C 08 11 00  .......W........
00 00 06 00 00 00 EA 05 00 00 00 00 00 00 11 00  ................
00 00 E8 AD 0C 08 80 93 05 08 F8 AD 0C 08 11 00  ................
00 00 72 65 67 65 78 00 00 00 00 00 00 00 11 00  ..regex.........
00 00 08 AE 0C 08 20 91 05 08 18 AE 0C 08 11 00  ...... .........
00 00 75 72 69 63 6F 6E 74 65 6E 74 00 00 11 00  ..uricontent....
00 00 28 AE 0C 08 A0 9D 05 08 38 AE 0C 08 11 00  ..(.......8.....
00 00 66 6C 61 67 73 00 00 00 00 00 00 00 11 00  ..flags.........
00 00 48 AE 0C 08 D0 9F 05 08 58 AE 0C 08 11 00  ..H.......X.....
00 00 69 74 79 70 65 00 00 00 00 00 00 00 11 00  ..itype.........
00 00 68 AE 0C 08 00 A1 05 08 78 AE 0C 08 11 00  ..h.......x.....
00 00 69 63 6F 64 65 00 00 00 00 00 00 00 11 00  ..icode.........
00 00 88 AE 0C 08 30 A2 05 08 98 AE 0C 08 11 00  ......0.........
00 00 74 74 6C 00 00 00 00 00 00 00 00 00 11 00  ..ttl...........
00 00 A8 AE 0C 08 20 A5 05 08 B8 AE 0C 08 11 00  ...... .........
00 00 69 64 00 00 00 00 00 00 00 00 00 00 11 00  ..id............
00 00 C8 AE 0C 08 10 A6 05 08 D8 AE 0C 08 11 00  ................
00 00 61 63 6B 00 00 00 00 00 00 00 00 00 11 00  ..ack...........
00 00 E8 AE 0C 08 20 A7 05 08 F8 AE 0C 08 11 00  ...... .........
00 00 73 65 71 00 00 00 00 00 00 00 00 00 11 00  ..seq...........
00 00 08 AF 0C 08 40 A8 05 08 18 AF 0C 08 11 00  ...... at ...4589...
00 00 64 73 69 7A 65 00 00 00 00 00 00 00 11 00  ..dsize.........
00 00 28 AF 0C 08 F0 D0 05 08 38 AF 0C 08 11 00  ..(.......8.....
00 00 69 70 6F 70 74 73 00 00 00 00 00 00 11 00  ..ipopts........
00 00 48 AF 0C 08 B0 D3 05 08 58 AF 0C 08 11 00  ..H.......X.....
00 00 72 70 63 00 00 00 00 00 00 00 00 00 11 00  ..rpc...........
00 00 68 AF 0C 08 20 D6 05 08 78 AF 0C 08 11 00  ..h... ...x.....
00 00 69 63 6D 70 5F 69 64 00 00 00 00 00 11 00  ..icmp_id.......
00 00 88 AF 0C 08 30 D7 05 08 98 AF 0C 08 11 00  ......0.........
00 00 69 63 6D 70 5F 73 65 71 00 00 00 00 11 00  ..icmp_seq......
00 00 A8 AF 0C 08 60 FF 05 08 B8 AF 0C 08 11 00  ......`.........
00 00 73 65 73 73 69 6F 6E 00 00 00 00 00 11 00  ..session.......
00 00 C8 AF 0C 08 B0 59 06 08 D8 AF 0C 08 11 00  .......Y........
00 00 74 6F 73 00 00 00 00 00 00 00 00 00 11 00  ..tos...........
00 00 E8 AF 0C 08 20 74 06 08 F8 AF 0C 08 11 00  ...... t........
00 00 72 65 66 65 72 65 6E 63 65 00 00 00 11 00  ..reference.....
00 00 08 B0 0C 08 00 77 06 08 18 B0 0C 08 11 00  .......w........
00 00 66 72 61 67 62 69 74 73 00 00 00 00 11 00  ..fragbits......
00 00 28 B0 0C 08 00 27 07 08 38 B0 0C 08 11 00  ..(....'..8.....
00 00 77 69 6E 64 6F 77 00 00 00 00 00 00 11 00  ..window........
00 00 48 B0 0C 08 A0 3D 07 08 58 B0 0C 08 11 00  ..H....=..X.....
00 00 69 70 5F 70 72 6F 74 6F 00 00 00 00 11 00  ..ip_proto......
00 00 68 B0 0C 08 50 3A 07 08 78 B0 0C 08 11 00  ..h...P:..x.....
00 00 73 61 6D 65 69 70 00 00 00 00 00 00 11 00  ..sameip........
00 00 88 B0 0C 08 10 3B 07 08 98 B0 0C 08 11 00  .......;........
00 00 63 6C 61 73 73 74 79 70 65 00 00 00 11 00  ..classtype.....
00 00 A8 B0 0C 08 40 3C 07 08 00 00 00 00 11 00  ......@<........
00 00 70 72 69 6F 72 69 74 79 00 00 00 00 19 00  ..priority......
00 00 D0 B0 0C 08 00 00 00 00 30 D8 05 08 E8 B0  ..........0.....
0C 08 00 00 00 00 19 00 00 00 61 6C 65 72 74 5F  ..........alert_
73 79 73 6C 6F 67 00 00 00 00 00 00 00 00 19 00  syslog..........
00 00 00 B1 0C 08 01 00 00 00 E0 DF 05 08 10 B1  ................
0C 08 00 00 00 00 11 00 00 00 6C 6F 67 5F 74 63  ..........log_tc
70 64 75 6D 70 00 19 00 00 00 28 B1 0C 08 00 00  pdump.....(.....
00 00 C0 E3 05 08 38 B1 0C 08 00 00 00 00 11 00  ......8.........
00 00 64 61 74 61 62 61 73 65 00 00 00 00 19 00  ..database......
00 00 50 B1 0C 08 00 00 00 00 50 2A 06 08 60 B1  ..P.......P*..`.
0C 08 00 00 00 00 11 00 00 00 61 6C 65 72 74 5F  ..........alert_
66 61 73 74 00 00 19 00 00 00 78 B1 0C 08 00 00  fast......x.....
00 00 B0 2B 06 08 88 B1 0C 08 00 00 00 00 11 00  ...+............
00 00 61 6C 65 72 74 5F 66 75 6C 6C 00 00 19 00  ..alert_full....
00 00 A0 B1 0C 08 00 00 00 00 30 2D 06 08 B0 B1  ..........0-....
0C 08 00 00 00 00 11 00 00 00 61 6C 65 72 74 5F  ..........alert_
73 6D 62 00 00 00 19 00 00 00 C8 B1 0C 08 00 00  smb.............
00 00 30 32 06 08 E0 B1 0C 08 00 00 00 00 19 00  ..02............
00 00 61 6C 65 72 74 5F 75 6E 69 78 73 6F 63 6B  ..alert_unixsock
00 00 00 00 00 00 19 00 00 00 F8 B1 0C 08 01 00  ................
00 00 50 34 06 08 08 B2 0C 08 00 00 00 00 11 00  ..P4............
00 00 78 6D 6C 00 00 00 00 00 00 00 00 00 19 00  ..xml...........
00 00 20 B2 0C 08 00 00 00 00 90 30 07 08 30 B2  .. ........0..0.
0C 08 00 00 00 00 11 00 00 00 43 53 56 00 00 00  ..........CSV...
00 00 00 00 00 00 19 00 00 00 48 B2 0C 08 01 00  ..........H.....
00 00 90 49 07 08 58 B2 0C 08 00 00 00 00 11 00  ...I..X.........
00 00 6C 6F 67 5F 75 6E 69 66 69 65 64 00 19 00  ..log_unified...
00 00 70 B2 0C 08 00 00 00 00 20 4A 07 08 88 B2  ..p....... J....
0C 08 00 00 00 00 19 00 00 00 61 6C 65 72 74 5F  ..........alert_
75 6E 69 66 69 65 64 00 00 00 00 00 00 00 19 00  unified.........
00 00 A0 B2 0C 08 01 00 00 00 90 A1 07 08 00 00  ................
00 00 00 00 00 00 11 00 00 00 6C 6F 67 5F 6E 75  ..........log_nu
6C 6C 00 00 00 00 19 00 00 00 10 75 0A 08 07 00  ll.........u....
00 00 01 00 00 00 C8 B2 0C 08 D8 B2 0C 08 11 00  ................
00 00 61 63 74 69 76 61 74 69 6F 6E 00 00 19 00  ..activation....
00 00 74 75 0A 08 08 00 00 00 01 00 00 00 F0 B2  ..tu............
0C 08 00 B3 0C 08 11 00 00 00 64 79 6E 61 6D 69  ..........dynami
63 00 00 00 00 00 19 00 00 00 58 75 0A 08 02 00  c.........Xu....
00 00 01 00 00 00 18 B3 0C 08 28 B3 0C 08 11 00  ..........(.....
00 00 61 6C 65 72 74 00 00 00 00 00 00 00 19 00  ..alert.........
00 00 30 75 0A 08 01 00 00 00 00 00 00 00 40 B3  ..0u.......... at ...843...
0C 08 50 B3 0C 08 11 00 00 00 70 61 73 73 00 00  ..P.......pass..
00 00 00 00 00 00 19 00 00 00 A4 75 0A 08 00 00  ...........u....
00 00 01 00 00 00 68 B3 0C 08 00 00 00 00 11 00  ......h.........
00 00 6C 6F 67 00 00 00 00 00 00 00 00 00 71 01  ..log.........q.
00 00 84 3C AD FB 00 90 01 40 00 90 01 40 00 90  ...<..... at ...979...@..
01 40 00 90 01 40 B0 90 01 40 00 A0 01 40 00 90  . at ...979...@... at ...979...@..
01 40 00 A0 01 40 00 00 00 00 00 00 00 00 00 00  . at ...979...@..........
00 00 00 00 00 00 50 0A 0F 08 06 00 00 00 00 00  ......P.........
00 00 00 00 00 00 00 00 00 08 10 B4 0C 08 F9 20  ...............
04 00 00 00 00 00 C2 AE CA A3 28 B4 0C 08 FF FF  ..........(.....
FF FF A0 16 00 00 06 00 00 00 1C 00 00 00 00 00  ................
00 00 20 53 07 08 00 00 00 00 00 00 00 00 E4 B3  .. S............
0C 08 1D 62 64 3C 1D 62 64 3C 07 00 00 00 09 01  ...bd<.bd<......
00 00 48 6C 18 40 C0 64 18 40 00 00 00 00 00 00  ..Hl. at ...4941...@......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 B1 00 00 00 F0 6C 18 40 F0 6C  ...........l. at ...4942...
18 40 12 3B 64 3C B0 E2 0A 00 2A 2A 2A 2A 2A 2A  . at ...843...;d<....******
53 2A 00 00 00 00 6C B4 0C 08 00 00 00 00 00 00  S*....l.........
00 00 88 00 00 00 81 00 00 00 C0 6C 18 40 C0 6C  ...........l. at ...4942...
18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  . at ...2924...
00 00 00 00 00 00 01 00 00 00 56 1F 64 3C 70 BB  ..........V.d<p.
02 00 56 1F 64 3C 70 BB 02 00 00 00 00 00 00 00  ..V.d<p.........
00 00 00 00 00 00 88 6C 18 40 66 6C 61 3C 00 00  .......l. at ...4943...<..
00 00 00 00 00 00 00 00 00 00 E0 61 18 40 29 00  ...........a.@).
00 00 68 6C 18 40 68 6C 18 40 60 6C 18 40 19 00  ..hl. at ...4944...@`l. at ...846...
00 00 58 6C 18 40 D0 63 4E 08 00 00 00 00 00 00  ..Xl. at ...4945...
00 00 28 00 00 00 30 00 00 00 40 B5 0C 08 50 B5  ..(...0... at ...4946...
0C 08 60 B5 0C 08 00 00 00 00 00 00 00 00 00 00  ..`.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00  ..........var...
00 00 00 00 00 00 11 00 00 00 48 4F 4D 45 5F 4E  ..........HOME_N
45 54 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39  ET........[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00  .184.141/32]...
00 00 90 B5 0C 08 A0 B5 0C 08 00 00 00 00 20 B6  .............. .
0C 08 28 A5 0C 08 11 00 00 00 48 4F 4D 45 5F 4E  ..(.......HOME_N
45 54 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39  ET........[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00  .184.141/32].1.
00 00 E8 B5 0C 08 F8 B5 0C 08 10 B6 0C 08 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00  ................
00 00 76 61 72 00 00 00 00 00 00 00 00 00 19 00  ..var...........
00 00 45 58 54 45 52 4E 41 4C 5F 4E 45 54 00 00  ..EXTERNAL_NET..
00 00 00 00 00 00 11 00 00 00 61 6E 79 00 00 00  ..........any...
00 00 00 00 00 00 19 00 00 00 38 B6 0C 08 50 B6  ..........8...P.
0C 08 00 00 00 00 C8 B6 0C 08 78 B5 0C 08 19 00  ..........x.....
00 00 45 58 54 45 52 4E 41 4C 5F 4E 45 54 00 00  ..EXTERNAL_NET..
00 00 00 00 00 00 11 00 00 00 61 6E 79 00 00 00  ..........any...
00 00 00 00 00 00 31 00 00 00 90 B6 0C 08 A0 B6  ......1.........
0C 08 B0 B6 0C 08 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00  ..........var...
00 00 00 00 00 00 11 00 00 00 53 4D 54 50 00 00  ..........SMTP..
00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39  ..........[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00  .184.141/32]...
00 00 E0 B6 0C 08 F0 B6 0C 08 00 00 00 00 78 B7  ..............x.
0C 08 20 B6 0C 08 11 00 00 00 53 4D 54 50 00 00  .. .......SMTP..
00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39  ..........[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00  .184.141/32].1.
00 00 38 B7 0C 08 48 B7 0C 08 60 B7 0C 08 00 00  ..8...H...`.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00  ................
00 00 76 61 72 00 00 00 00 00 00 00 00 00 19 00  ..var...........
00 00 48 54 54 50 5F 53 45 52 56 45 52 53 00 00  ..HTTP_SERVERS..
00 00 00 00 00 00 19 00 00 00 5B 36 34 2E 31 39  ..........[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00  .184.141/32]...
00 00 90 B7 0C 08 A8 B7 0C 08 00 00 00 00 28 B8  ..............(.
0C 08 C8 B6 0C 08 19 00 00 00 48 54 54 50 5F 53  ..........HTTP_S
45 52 56 45 52 53 00 00 00 00 00 00 00 00 19 00  ERVERS..........
00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34  ..[mynet.184.14
31 2F 33 32 5D 00 31 00 00 00 F0 B7 0C 08 00 B8  1/32].1.........
0C 08 10 B8 0C 08 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00  ..........var...
00 00 00 00 00 00 11 00 00 00 53 51 4C 5F 53 45  ..........SQL_SE
52 56 45 52 53 00 19 00 00 00 5B 36 34 2E 31 39  RVERS.....[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 19 00  .184.141/32]...
00 00 40 B8 0C 08 50 B8 0C 08 00 00 00 00 D0 B8  .. at ...4947...
0C 08 78 B7 0C 08 11 00 00 00 53 51 4C 5F 53 45  ..x.......SQL_SE
52 56 45 52 53 00 19 00 00 00 5B 36 34 2E 31 39  RVERS.....[mynet
35 2E 31 38 34 2E 31 34 31 2F 33 32 5D 00 31 00  .184.141/32].1.
00 00 98 B8 0C 08 A8 B8 0C 08 B8 B8 0C 08 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 00  ................
00 00 76 61 72 00 00 00 00 00 00 00 00 00 11 00  ..var...........
00 00 44 4E 53 5F 53 45 52 56 45 52 53 00 19 00  ..DNS_SERVERS...
00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34  ..[mynet.184.14
31 2F 33 32 5D 00 19 00 00 00 E8 B8 0C 08 F8 B8  1/32]...........
0C 08 00 00 00 00 70 B9 0C 08 28 B8 0C 08 11 00  ......p...(.....
00 00 44 4E 53 5F 53 45 52 56 45 52 53 00 19 00  ..DNS_SERVERS...
00 00 5B 36 34 2E 31 39 35 2E 31 38 34 2E 31 34  ..[mynet.184.14
31 2F 33 32 5D 00 31 00 00 00 40 B9 0C 08 50 B9  1/32].1... at ...4946...
0C 08 60 B9 0C 08 00 00 00 00 00 00 00 00 00 00  ..`.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 11 00 00 00 76 61 72 00 00 00  ..........var...
00 00 00 00 00 00 11 00 00 00 52 55 4C 45 5F 50  ..........RULE_P
41 54 48 00 00 00 11 00 00 00 2E 2E 2F 72 75 6C  ATH........./rul
65 73 00 00 00 00 19 00 00 00 88 B9 0C 08 98 B9  es..............
0C 08 00 00 00 00 28 A5 0C 08 D0 B8 0C 08 11 00  ......(.........
00 00 52 55 4C 45 5F 50 41 54 48 00 00 00 11 00  ..RULE_PATH.....
00 00 2E 2E 2F 72 75 6C 65 73 00 00 00 00 31 00  ..../rules....1.
00 00 D8 B9 0C 08 F0 B9 0C 08 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00  ................
00 00 70 72 65 70 72 6F 63 65 73 73 6F 72 00 00  ..preprocessor..
00 00 00 00 00 00 11 00 00 00 66 72 61 67 32 00  ..........frag2.
00 00 00 00 00 00 11 00 00 00 10 BA 0C 08 00 00  ................
00 00 00 00 00 00 19 00 00 00 70 72 65 70 72 6F  ..........prepro
63 65 73 73 6F 72 20 66 72 61 67 32 00 00 11 00  cessor frag2....
00 00 38 BA 0C 08 50 BA 0C 08 00 00 00 00 19 00  ..8...P.........
00 00 70 72 65 70 72 6F 63 65 73 73 6F 72 00 00  ..preprocessor..
00 00 00 00 00 00 11 00 00 00 66 72 61 67 32 00  ..........frag2.
00 00 00 00 00 00 79 04 00 00 D8 BE 0C 08 F0 BE  ......y.........
0C 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Z/zjtxLIMhQSDIERAigHAJ0Wkvt8uZ38mkM2AGV5XMq0pBQvcQCg5T1G
fXIXH7U/Gs7shp3F53pLYEo=
=L0yW
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list