"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log" between
zeek-3.2.2.tar.gz and zeek-3.2.4.tar.gz

About: Zeek (formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.

all-events.log  (zeek-3.2.2):all-events.log  (zeek-3.2.4)
skipping to change at line 70 skipping to change at line 70
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<unin itialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<unin itialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
[4] msg: string = xc90.websitewelcome.com ESMTP Exim 4. 69 #1 Mon, 05 Oct 2009 01:05:54 -0500 [4] msg: string = xc90.websitewelcome.com ESMTP Exim 4. 69 #1 Mon, 05 Oct 2009 01:05:54 -0500
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM 2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_ p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto =<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized> , cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply _to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , pat h=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_receive d_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[ helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM 2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_ p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto =<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized> , cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply _to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , pat h=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_receive d_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity= <uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferr ed=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ss h=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
[4] msg: string = We do not authorize the use of this s ystem to transport unsolicited, [4] msg: string = We do not authorize the use of this s ystem to transport unsolicited,
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.219663 smtp_reply 1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM 2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_ p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto =<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized> , cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply _to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74. 53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from =T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=< uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=< uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_ backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl= <uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm =<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM 2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_ p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto =<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized> , cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply _to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74. 53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from =T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<unini tialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
[4] msg: string = and/or bulk e-mail. [4] msg: string = and/or bulk e-mail.
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.224809 protocol_confirmation 1254722768.224809 protocol_confirmation
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0a\x0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitiali zed>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=< uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds =<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rp c_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<unin itialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ss l=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninit ialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, nt lm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitiali zed>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp= <uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEk JM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, res p_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22 0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize d>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized >, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_ messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitializ ed>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0a\x0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitiali zed>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=< uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds =<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rp c_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<unin itialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ss l=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninit ialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, nt lm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitiali zed>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp= <uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEk JM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, res p_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22 0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize d>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers= T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitia lized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] atype: enum = Analyzer::ANALYZER_SMTP [1] atype: enum = Analyzer::ANALYZER_SMTP
[2] aid: count = 7 [2] aid: count = 7
1254722768.224809 smtp_request 1254722768.224809 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x 0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninit ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=< uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F , ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized> , ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s nmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid= ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitia lized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in _reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitiali zed>, first_received=<uninitialized>, second_received=<uninitialized>, last_repl y=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia lized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitial ized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pend ing_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uniniti alized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_ bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x 0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninit ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=< uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F , ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized> , ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s nmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid= ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitia lized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in _reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitiali zed>, first_received=<uninitialized>, second_received=<uninitialized>, last_repl y=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia lized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_head ers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<unin itialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth =0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = EHLO [2] command: string = EHLO
[3] arg: string = GP [3] arg: string = GP
1254722768.565386 Broker::log_flush 1254722768.565386 Broker::log_flush
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22 0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize d>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized >, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uni nitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=< uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22 0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize d>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers= T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messa ges_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<unini tialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = xc90.websitewelcome.com Hello GP [122 .162.143.157] [4] msg: string = xc90.websitewelcome.com Hello GP [122 .162.143.157]
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10 .1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ac tivity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10 .1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ac tivity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids= []], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = SIZE 52428800 [4] msg: string = SIZE 52428800
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl s=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fui ds=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl s=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, ent ity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = PIPELINING [4] msg: string = PIPELINING
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F , process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids= []], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F , process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity _count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = AUTH PLAIN LOGIN [4] msg: string = AUTH PLAIN LOGIN
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninit ialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uni nitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages _transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitia lized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = STARTTLS [4] msg: string = STARTTLS
[5] cont_resp: bool = T [5] cont_resp: bool = T
1254722768.566183 smtp_reply 1254722768.566183 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_ bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x 0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized> , dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp= F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized> , irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219 663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53 .140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized> , first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25 0 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_c ount=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = HELP [4] msg: string = HELP
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.568729 smtp_request 1254722768.568729 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num _bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4 , num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2 50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, m ime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized> ] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num _bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4 , num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2 50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_coun t=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferre d=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh =<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = AUTH [2] command: string = AUTH
[3] arg: string = LOGIN [3] arg: string = LOGIN
1254722768.911081 smtp_reply 1254722768.911081 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num _bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4 , num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2 50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, m ime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized> ] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num _bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4 , num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2 50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_coun t=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferre d=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh =<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 334 [2] code: count = 334
[3] cmd: string = AUTH [3] cmd: string = AUTH
[4] msg: string = VXNlcm5hbWU6 [4] msg: string = VXNlcm5hbWU6
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722768.911655 smtp_request 1254722768.911655 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num _bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4 , num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num _bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4 , num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = ** [2] command: string = **
[3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu
1254722769.253544 smtp_reply 1254722769.253544 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num _bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4 , num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num _bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4 , num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 334 [2] code: count = 334
[3] cmd: string = AUTH_ANSWER [3] cmd: string = AUTH_ANSWER
[4] msg: string = UGFzc3dvcmQ6 [4] msg: string = UGFzc3dvcmQ6
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.254118 smtp_request 1254722769.254118 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num _bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4 , num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3 34 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl s=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fui ds=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num _bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4 , num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21 9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5 3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3 34 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl s=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, ent ity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = ** [2] command: string = **
[3] arg: string = cHVuamFiQDEyMw== [3] arg: string = cHVuamFiQDEyMw==
1254722769.613798 Broker::log_flush 1254722769.613798 Broker::log_flush
1254722769.613798 smtp_reply 1254722769.613798 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num _bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4 , num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num _bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4 , num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ time=1254722767.529046, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={ \x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2 19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74. 53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 235 [2] code: count = 235
[3] cmd: string = AUTH_ANSWER [3] cmd: string = AUTH_ANSWER
[4] msg: string = Authentication succeeded [4] msg: string = Authentication succeeded
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.614414 smtp_request 1254722769.614414 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, nu m_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state= 4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 85.0 msecs 367.918015 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768. 219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74 .53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, r cptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitial ized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_ reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitializ ed>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply =235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<unin itialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<unini tialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, nu m_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state= 4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 85.0 msecs 367.918015 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768. 219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74 .53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, r cptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitial ized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_ reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitializ ed>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply =235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<unin itialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_ headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=G P, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = MAIL [2] command: string = MAIL
[3] arg: string = FROM: <gurpartap@patriots.in> [3] arg: string = FROM: <gurpartap@patriots.in>
1254722769.956765 smtp_reply 1254722769.956765 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, nu m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state= 4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 427.0 msecs 718.877792 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las t_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity =<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, nu m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state= 4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 427.0 msecs 718.877792 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las t_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = MAIL [3] cmd: string = MAIL
[4] msg: string = OK [4] msg: string = OK
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722769.957250 smtp_request 1254722769.957250 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, nu m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state= 4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 428.0 msecs 204.059601 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las t_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls =F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuid s=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitiali zed>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti alized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, nu m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state= 4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 428.0 msecs 204.059601 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las t_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls =F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, enti ty_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tra nsferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO: <raj_deol2002in@yahoo.co.in> [3] arg: string = TO: <raj_deol2002in@yahoo.co.in>
1254722770.319708 smtp_reply 1254722770.319708 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 790.0 msecs 662.050247 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent =<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity= <uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending _messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitiali zed>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 790.0 msecs 662.050247 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent =<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process _smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[ helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0] , socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
[4] msg: string = Accepted [4] msg: string = Accepted
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722770.320203 smtp_request 1254722770.320203 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, e ntity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, p ending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<unin itialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, p rocess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_s tate=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_de pth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = DATA [2] command: string = DATA
[3] arg: string = [3] arg: string =
1254722770.320203 mime_begin_entity 1254722770.320203 mime_begin_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, e ntity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, p ending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<unin itialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp _data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized> , rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768 .219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7 4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, p rocess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_s tate=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_de pth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722770.661679 Broker::log_flush 1254722770.661679 Broker::log_flush
1254722770.661679 smtp_reply 1254722770.661679 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, nu m_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=3.0 secs 132.0 msecs 632.97081 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768. 219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74 .53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots .in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<un initialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_ originating_ip=<uninitialized>, first_received=<uninitialized>, second_received= <uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_ agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, en tity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transf erred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, nu m_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state= 4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start _time=1254722767.529046, duration=3.0 secs 132.0 msecs 632.97081 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768. 219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74 .53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots .in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<un initialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_ originating_ip=<uninitialized>, first_received=<uninitialized>, second_received= <uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_ agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, pr ocess_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[ ]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized >, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali zed>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 354 [2] code: count = 354
[3] cmd: string = DATA [3] cmd: string = DATA
[4] msg: string = Enter message, ending with "." on a l ine by itself [4] msg: string = Enter message, ending with "." on a l ine by itself
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= <uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized >, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, proce ss_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fu ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= <uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized >, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, proce ss_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count= 1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=From, name=FROM, value ="Gurpartap Singh" <gurpartap@patriots.in>] [1] h: mime_header_rec = [original_name=From, name=FROM, value ="Gurpartap Singh" <gurpartap@patriots.in>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, cc=<uninitialized >, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized> , subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uni nitialized>, second_received=<uninitialized>, last_reply=354 Enter message, endi ng with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<un initialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[fil ename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to=<uninitialized>, cc=<uninitialized >, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized> , subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uni nitialized>, second_received=<uninitialized>, last_reply=354 Enter message, endi ng with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<un initialized>, tls=F, process_received_from=T, has_client_activity=T, process_smt p_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_ state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=To, name=TO, value=<ra j_deol2002in@yahoo.co.in>] [1] h: mime_header_rec = [original_name=To, name=TO, value=<ra j_deol2002in@yahoo.co.in>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\ x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10. 10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, m essages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<u ninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\ x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply= 354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10. 10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitiali zed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages= <uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, sysl og=<uninitialized>]
[1] h: mime_header_rec = [original_name=Subject, name=SUBJECT, value=SMTP] [1] h: mime_header_rec = [original_name=Subject, name=SUBJECT, value=SMTP]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\ x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_r eceived=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter m essage, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], us er_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_tra nsferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from= "Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\ x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r eply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_r eceived=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter m essage, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], us er_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuid s=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitiali zed>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti alized>]
[1] h: mime_header_rec = [original_name=Date, name=DATE, value =Mon, 5 Oct 2009 11:36:07 +0530] [1] h: mime_header_rec = [original_name=Date, name=DATE, value =Mon, 5 Oct 2009 11:36:07 +0530]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unini tialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitia lized>, first_received=<uninitialized>, second_received=<uninitialized>, last_re ply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=G P, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unini tialized>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitia lized>, first_received=<uninitialized>, second_received=<uninitialized>, last_re ply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninit ialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Message-ID, name=MESSA GE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>] [1] h: mime_header_rec = [original_name=Message-ID, name=MESSA GE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, ent ity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=MIME-Version, name=MIM E-VERSION, value=1.0] [1] h: mime_header_rec = [original_name=MIME-Version, name=MIM E-VERSION, value=1.0]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, ent ity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=multipart/mixed;\x09boundary="----=_NextPart_000_0004_01CA45B0. 095693F0"] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=multipart/mixed;\x09boundary="----=_NextPart_000_0004_01CA45B0. 095693F0"]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_rec eived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, ent ity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=X-Mailer, name=X-MAILE R, value=Microsoft Office Outlook 12.0] [1] h: mime_header_rec = [original_name=X-Mailer, name=X-MAILE R, value=Microsoft Office Outlook 12.0]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entit y_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Thread-Index, name=THR EAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==] [1] h: mime_header_rec = [original_name=Thread-Index, name=THR EAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entit y_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Language, name =CONTENT-LANGUAGE, value=en-us] [1] h: mime_header_rec = [original_name=Content-Language, name =CONTENT-LANGUAGE, value=en-us]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entit y_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=x-cr-hashedpuzzle, nam e=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnY J JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwB vAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHI AcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT; UwBNAFQAUAA=] [1] h: mime_header_rec = [original_name=x-cr-hashedpuzzle, nam e=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnY J JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwB vAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHI AcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT; UwBNAFQAUAA=]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entit y_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=x-cr-puzzleid, name=X- CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}] [1] h: mime_header_rec = [original_name=x-cr-puzzleid, name=X- CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}]
1254722770.692743 mime_begin_entity 1254722770.692743 mime_begin_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entit y_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=2, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=multipart/alternative;\x09boundary="----=_NextPart_001_0005_01C A45B0.095693F0"] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=multipart/alternative;\x09boundary="----=_NextPart_001_0005_01C A45B0.095693F0"]
1254722770.692743 mime_begin_entity 1254722770.692743 mime_begin_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=2], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=2, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=2], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain;\x09charset="us-ascii"] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain;\x09charset="us-ascii"]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=7bit] [1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=7bit]
1254722770.692743 get_file_handle 1254722770.692743 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslo g=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692743 file_new 1254722770.692743 file_new
[0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[fi lename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_ bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout _interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<unin itialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=< uninitialized>] [0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_sm tp_headers=F, entity_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp _state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0 a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, mi ssing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096 , bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<u ninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1254722770.692743 file_over_new_connection 1254722770.692743 file_over_new_connection
[0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un [0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un
initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=
1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=
1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk
ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462
, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6
0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs
, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un
initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp
d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig
=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc
_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d
np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit
ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat
e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ
ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u
ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si
p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[
ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/
tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp
artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5
Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0
a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali
zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>,
subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>,
second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o
n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office
Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[fi Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_sm
lename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, tp_headers=F, entity_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp
pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<un _state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_
initialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743, seen_ depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0
bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<uninitialized>, mi
_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1 ssing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096
254722770.692743, fuid=FmFp351N5nhsMmAfQg, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x , bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=FmFp351N5nhsMmAfQ
0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type g, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP,
=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uniniti depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialize
alized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, d>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_
overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fui
sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<u d=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitiali
ninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>] zed>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uniniti
, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitiali alized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitializ
zed>] ed>, irc=<uninitialized>, pe=<uninitialized>]
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n
um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state
=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta
rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi
ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized
>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia
lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract
_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni
nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit
ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f
tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia
lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=
<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize
d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un
initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227
68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h
=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri
ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:
07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i
n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030
1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori
ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un
initialized>, last_reply=354 Enter message, ending with "." on a line by itself, initialized>, last_reply=354 Enter message, ending with "." on a line by itself,
path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=
F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit
ed>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=< y_count=3, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, me
uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslo ssages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<un
g=<uninitialized>] initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692743 mime_end_entity 1254722770.692743 mime_end_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_ state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722770.692743 get_file_handle 1254722770.692743 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids =[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_mes sages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized> , syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo =GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], so cks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692743 file_sniff 1254722770.692743 file_sniff
[0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<un initialized>, fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743 , seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x 0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x 0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=FmFp351N5nhsMmAfQg, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974. 53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=3, a nalyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, durati on=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uni nitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uniniti alized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509 =<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, e xtracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=< uninitialized>, pe=<uninitialized>] [0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_sm tp_headers=F, entity_count=3, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitiali zed>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_s ize=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap fi le \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x 0a\x0d\x0a, info=[ts=1254722770.692743, fuid=FmFp351N5nhsMmAfQg, tx_hosts={\x0a\ x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2V m5giqnMf4h\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=<uninitia lized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, i s_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_b ytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<unin itialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitializ ed>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uni nitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T] [1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T]
1254722770.692743 file_state_remove 1254722770.692743 file_state_remove
[0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<un initialized>, fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692743 , seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello\x0d\x0a\x0d\x 0a \x0d\x0a\x0d\x0aI send u smtp pcap file \x0d\x0a\x0d\x0aFind the attachment\x 0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=FmFp351N5nhsMmAfQg, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974. 53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=3, a nalyzers={\x0a\x0a}, mime_type=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=77, total_bytes=<uniniti alized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitializ ed>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<un initialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extra cted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<unin itialized>, pe=<uninitialized>] [0] f: fa_file = [id=FmFp351N5nhsMmAfQg, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pk ts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462 , state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:6 0], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs , service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<un initialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dp d=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig =F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc _state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, d np3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninit ialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_stat e=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitializ ed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<u ninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, si p_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/ tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurp artap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0 a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." o n a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_sm tp_headers=F, entity_count=3, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg] ], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized> , mime_depth=3], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>]\x0a}, last_active=1254722770.692743, seen_bytes=77, total_bytes=<uninitiali zed>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_s ize=4096, bof_buffer=Hello\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aI send u smtp pcap fi le \x0d\x0a\x0d\x0aFind the attachment\x0d\x0a\x0d\x0a \x0d\x0a\x0d\x0aGPS\x0d\x 0a\x0d\x0a, info=[ts=1254722770.692743, fuid=FmFp351N5nhsMmAfQg, tx_hosts={\x0a\ x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2V m5giqnMf4h\x0a}, source=SMTP, depth=3, analyzers={\x0a\x0a}, mime_type=text/plai n, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_ori g=T, seen_bytes=77, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes =0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitia lized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uniniti alized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1254722770.692743 get_file_handle 1254722770.692743 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids =[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_mes sages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized> , syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo =GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], so cks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722770.692743 mime_begin_entity 1254722770.692743 mime_begin_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids =[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_mes sages=<uninitialized>, mime_depth=3], socks=<uninitialized>, ssh=<uninitialized> , syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=3, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo =GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=3], so cks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_ state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/html;\x09charset="us-ascii"] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/html;\x09charset="us-ascii"]
1254722770.692743 mime_one_header 1254722770.692743 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_ state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=quoted-printable] [1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
1254722770.692743 get_file_handle 1254722770.692743 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ ed>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uni nitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un initialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit y_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_ state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d epth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692743 file_new 1254722770.692743 file_new
[0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkt s=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60 ], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uni nitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd =<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig= F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_ state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dn p3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uniniti alized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state =<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialize d>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<un initialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip _state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[t s=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/t cp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpa rtap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 O ct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a <raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitializ ed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, s ubject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, s econd_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[fil ename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messag es_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninit ialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722 770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow _bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitial ized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uni nitialized>, pe=<uninitialized>] [0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkt s=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60 ], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uni nitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd =<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig= F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_ state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dn p3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uniniti alized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state =<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialize d>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<un initialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip _state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[t s=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/t cp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpa rtap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 O ct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a <raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitializ ed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, s ubject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, s econd_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smt p_headers=F, entity_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5 nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<unin itialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<u ninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<u ninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof _buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninit ialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1254722770.692743 file_over_new_connection 1254722770.692743 file_over_new_connection
[0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni [0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni
nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1
470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1
470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkt 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkt
s=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462,
state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60 state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60
], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, ], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs,
service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uni service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uni
nitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd nitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd
=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig= =<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=
F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_ F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_
state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dn state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dn
p3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uniniti p3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uniniti
alized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state alized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state
=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialize =<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialize
d>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<un d>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<un
initialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip initialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip
_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[t _state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[t
s=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/t s=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/t
cp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpa cp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpa
rtap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 O rtap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 O
ct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a ct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a
<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitializ <raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitializ
ed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, s ed>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, s
ubject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, s ubject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, s
econd_received=<uninitialized>, last_reply=354 Enter message, ending with "." on econd_received=<uninitialized>, last_reply=354 Enter message, ending with "." on
a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office
Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[fil Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smt
ename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messag p_headers=F, entity_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5
es_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninit nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<unin
ialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722 itialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<u
770.692743, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow ninitialized>]\x0a}, last_active=1254722770.692743, seen_bytes=0, total_bytes=<u
_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitial ninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof
ized>, info=[ts=1254722770.692743, fuid=Fqrb1K5DWEfgy4WU2, tx_hosts={\x0a\x0a}, _buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1254722770.692743, fuid=
rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a Fqrb1K5DWEfgy4WU2, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a
\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, loc }, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filena
al_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, m me=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen
issing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=< _bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedo
uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialize ut=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sh
d>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size= a256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extracted
<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized> _cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitialized>, h
, pe=<uninitialized>] ttp=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, n
um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state um_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state
=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta =4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], sta
rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi rt_time=1254722767.529046, duration=3.0 secs 163.0 msecs 697.004318 usecs, servi
ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized ce={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized
>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia >, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitia
lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract lized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract
_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni _resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uni
nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit nitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninit
ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f ialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, f
tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia tp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitia
lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql= lized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=
<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize <uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialize
d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un d>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<un
initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227 initialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12547227
68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h 68.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h
=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri =74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patri
ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36: ots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:
07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i 07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002i
n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030 n@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<00030
1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori 1ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_ori
ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un ginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<un
initialized>, last_reply=354 Enter message, ending with "." on a line by itself, initialized>, last_reply=354 Enter message, ending with "." on a line by itself,
path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls= path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=
F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitializ F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entit
ed>], fuids=[FmFp351N5nhsMmAfQg]], smtp_state=[helo=GP, messages_transferred=0, y_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg]], smtp_
pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uni state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_d
nitialized>, syslog=<uninitialized>] epth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692804 mime_end_entity 1254722770.692804 mime_end_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitial ized>], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, mes sages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uni nitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg, Fqrb1 K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<u ninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog =<uninitialized>]
1254722770.692804 get_file_handle 1254722770.692804 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692804 file_sniff 1254722770.692804 file_sniff
[0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkt s=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=46 2, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81: 60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usec s, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<u ninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, d pd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_ori g=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rp c_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unini tialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_sta te=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitiali zed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=< uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, s ip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp= [ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470 /tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gur partap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x 0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitial ized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offic e Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<u ninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo= GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], soc ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_acti ve=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_byte s=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buff er=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft- com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http ://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-ht ml40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="tex t/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 1 2 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\ x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\ x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.Mso Normal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bo ttom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","san s-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x 0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, s pan.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:pur ple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09 {mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif"; \x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type: export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09ma rgin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x 0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaul ts v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><x ml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<bo dy lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0 a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNorm al><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap fi le <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o :p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a< p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body >\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fqrb1 K5DWEfgy4WU2, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\ x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=4, analyzers={\ x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized> , missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md 5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitial ized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_si ze=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitializ ed>, pe=<uninitialized>] [0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkt s=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=46 2, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81: 60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usec s, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<u ninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, d pd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_ori g=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rp c_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unini tialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_sta te=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitiali zed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=< uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, s ip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp= [ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470 /tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gur partap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x 0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitial ized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offic e Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_s mtp_headers=F, entity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg , Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_mess ages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, t otal_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval= 2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft- com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas- microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/ omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<MET A HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d \x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-fami ly:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x 0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x 0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\ x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0p t;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperl ink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-de coration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso -style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underlin e;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0 a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.M soChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\ x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adi v.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0 a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit"> \x0d\x0a <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![end if]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0 d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></ o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a <p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p cla ss=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNorma l><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d \x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a , info=[ts=1254722770.692743, fuid=Fqrb1K5DWEfgy4WU2, tx_hosts={\x0a\x0910.10.1. 4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\ x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=<uninitialized>, fil ename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, s een_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, tim edout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extrac ted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitialized> , http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] meta: fa_metadata = [mime_type=text/html, mime_types=[[st rength=100, mime=text/html], [strength=20, mime=text/html], [strength=-20, mime= text/plain]], inferred=T] [1] meta: fa_metadata = [mime_type=text/html, mime_types=[[st rength=100, mime=text/html], [strength=20, mime=text/html], [strength=-20, mime= text/plain]], inferred=T]
1254722770.692804 file_state_remove 1254722770.692804 file_state_remove
[0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkt s=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=46 2, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81: 60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usec s, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<u ninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, d pd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_ori g=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rp c_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unini tialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_sta te=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitiali zed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=< uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, s ip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp= [ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470 /tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gur partap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x 0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitial ized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offic e Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<u ninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo= GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=4], soc ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_acti ve=1254722770.692804, seen_bytes=1868, total_bytes=<uninitialized>, missing_byte s=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buff er=<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft- com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http ://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-ht ml40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<META HTTP-EQUIV="Content-Type" CONTENT="tex t/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 1 2 (filtered medium)">\x0d\x0a<style>\x0d\x0a<!--\x0d\x0a /* Font Definitions */\ x0d\x0a @font-face\x0d\x0a\x09{font-family:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x0d\x0a\x09{font-family:Calibri;\x0d\x0a\ x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x0a /* Style Definitions */\x0d\x0a p.Mso Normal, li.MsoNormal, div.MsoNormal\x0d\x0a\x09{margin:0in;\x0d\x0a\x09margin-bo ttom:.0001pt;\x0d\x0a\x09font-size:11.0pt;\x0d\x0a\x09font-family:"Calibri","san s-serif";}\x0d\x0aa:link, span.MsoHyperlink\x0d\x0a\x09{mso-style-priority:99;\x 0d\x0a\x09color:blue;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aa:visited, s pan.MsoHyperlinkFollowed\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:pur ple;\x0d\x0a\x09text-decoration:underline;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09 {mso-style-type:personal-compose;\x0d\x0a\x09font-family:"Calibri","sans-serif"; \x0d\x0a\x09color:windowtext;}\x0d\x0a.MsoChpDefault\x0d\x0a\x09{mso-style-type: export-only;}\x0d\x0a@page Section1\x0d\x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09ma rgin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adiv.Section1\x0d\x0a\x09{page:Section1;}\x 0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaul ts v:ext="edit" spidmax="1026" />\x0d\x0a</xml><![endif]--><!--[if gte mso 9]><x ml>\x0d\x0a <o:shapelayout v:ext="edit">\x0d\x0a <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![endif]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<bo dy lang=EN-US link=blue vlink=purple>\x0d\x0a\x0d\x0a<div class=Section1>\x0d\x0 a\x0d\x0a<p class=MsoNormal>Hello<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNorm al><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>I send u smtp pcap fi le <o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>Find the attachment<o:p></o :p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a< p class=MsoNormal>GPS<o:p></o:p></p>\x0d\x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body >\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a, info=[ts=1254722770.692743, fuid=Fqrb1 K5DWEfgy4WU2, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\ x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=4, analyzers={\ x0a\x0a}, mime_type=text/html, filename=<uninitialized>, duration=61.035156 usec s, local_orig=<uninitialized>, is_orig=T, seen_bytes=1868, total_bytes=<uninitia lized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialize d>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uni nitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extrac ted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<unini tialized>, pe=<uninitialized>] [0] f: fa_file = [id=Fqrb1K5DWEfgy4WU2, parent_id=<uni nitialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1 470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkt s=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=46 2, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81: 60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usec s, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<u ninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, d pd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_ori g=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rp c_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unini tialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_sta te=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitiali zed>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=< uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, s ip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp= [ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470 /tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gur partap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x 0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitial ized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offic e Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_s mtp_headers=F, entity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg , Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_mess ages=<uninitialized>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=1868, t otal_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval= 2.0 mins, bof_buffer_size=4096, bof_buffer=<html xmlns:v="urn:schemas-microsoft- com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas- microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/ omml" xmlns="http://www.w3.org/TR/REC-html40">\x0d\x0a\x0d\x0a<head>\x0d\x0a<MET A HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">\x0d\x0a<meta name=Generator content="Microsoft Word 12 (filtered medium)">\x0d\x0a<style>\x0d \x0a<!--\x0d\x0a /* Font Definitions */\x0d\x0a @font-face\x0d\x0a\x09{font-fami ly:"Cambria Math";\x0d\x0a\x09panose-1:2 4 5 3 5 4 6 3 2 4;}\x0d\x0a@font-face\x 0d\x0a\x09{font-family:Calibri;\x0d\x0a\x09panose-1:2 15 5 2 2 2 4 3 2 4;}\x0d\x 0a /* Style Definitions */\x0d\x0a p.MsoNormal, li.MsoNormal, div.MsoNormal\x0d\ x0a\x09{margin:0in;\x0d\x0a\x09margin-bottom:.0001pt;\x0d\x0a\x09font-size:11.0p t;\x0d\x0a\x09font-family:"Calibri","sans-serif";}\x0d\x0aa:link, span.MsoHyperl ink\x0d\x0a\x09{mso-style-priority:99;\x0d\x0a\x09color:blue;\x0d\x0a\x09text-de coration:underline;}\x0d\x0aa:visited, span.MsoHyperlinkFollowed\x0d\x0a\x09{mso -style-priority:99;\x0d\x0a\x09color:purple;\x0d\x0a\x09text-decoration:underlin e;}\x0d\x0aspan.EmailStyle17\x0d\x0a\x09{mso-style-type:personal-compose;\x0d\x0 a\x09font-family:"Calibri","sans-serif";\x0d\x0a\x09color:windowtext;}\x0d\x0a.M soChpDefault\x0d\x0a\x09{mso-style-type:export-only;}\x0d\x0a@page Section1\x0d\ x0a\x09{size:8.5in 11.0in;\x0d\x0a\x09margin:1.0in 1.0in 1.0in 1.0in;}\x0d\x0adi v.Section1\x0d\x0a\x09{page:Section1;}\x0d\x0a-->\x0d\x0a</style>\x0d\x0a<!--[if gte mso 9]><xml>\x0d\x0a <o:shapedefaults v:ext="edit" spidmax="1026" />\x0d\x0 a</xml><![endif]--><!--[if gte mso 9]><xml>\x0d\x0a <o:shapelayout v:ext="edit"> \x0d\x0a <o:idmap v:ext="edit" data="1" />\x0d\x0a </o:shapelayout></xml><![end if]-->\x0d\x0a</head>\x0d\x0a\x0d\x0a<body lang=EN-US link=blue vlink=purple>\x0 d\x0a\x0d\x0a<div class=Section1>\x0d\x0a\x0d\x0a<p class=MsoNormal>Hello<o:p></ o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a <p class=MsoNormal>I send u smtp pcap file <o:p></o:p></p>\x0d\x0a\x0d\x0a<p cla ss=MsoNormal>Find the attachment<o:p></o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNorma l><o:p>&nbsp;</o:p></p>\x0d\x0a\x0d\x0a<p class=MsoNormal>GPS<o:p></o:p></p>\x0d \x0a\x0d\x0a</div>\x0d\x0a\x0d\x0a</body>\x0d\x0a\x0d\x0a</html>\x0d\x0a\x0d\x0a , info=[ts=1254722770.692743, fuid=Fqrb1K5DWEfgy4WU2, tx_hosts={\x0a\x0910.10.1. 4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\ x0a}, source=SMTP, depth=4, analyzers={\x0a\x0a}, mime_type=text/html, filename= <uninitialized>, duration=61.035156 usecs, local_orig=<uninitialized>, is_orig=T , seen_bytes=1868, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes= 0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitial ized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitia lized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1254722770.692804 get_file_handle 1254722770.692804 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722770.692804 mime_end_entity 1254722770.692804 mime_end_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
1254722770.692804 get_file_handle 1254722770.692804 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692804 get_file_handle 1254722770.692804 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722770.692804 mime_begin_entity 1254722770.692804 mime_begin_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fui ds=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=4], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=4, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU 2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=4], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
1254722770.692804 mime_one_header 1254722770.692804 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitial ized>], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, mes sages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uni nitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=5, entity=[filename=<uninitialized>], fuids=[FmFp351N5nhsMmAfQg, Fqrb1 K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<u ninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog =<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain;\x09name="NEWS.txt"] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain;\x09name="NEWS.txt"]
1254722770.692804 mime_one_header 1254722770.692804 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>]
[1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=quoted-printable] [1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=quoted-printable]
1254722770.692804 mime_one_header 1254722770.692804 mime_one_header
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>]
[1] h: mime_header_rec = [original_name=Content-Disposition, n ame=CONTENT-DISPOSITION, value=attachment;\x09filename="NEWS.txt"] [1] h: mime_header_rec = [original_name=Content-Disposition, n ame=CONTENT-DISPOSITION, value=attachment;\x09filename="NEWS.txt"]
1254722770.692804 get_file_handle 1254722770.692804 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent ity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.692804 file_new 1254722770.692804 file_new
[0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4 62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81 :60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=< uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius= <uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp =[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147 0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\ x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized> , subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized> , second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[ filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[ helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5] , socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last _active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_by tes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_bu ffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitial ized>, irc=<uninitialized>, pe=<uninitialized>] [0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4 62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81 :60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=< uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius= <uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp =[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147 0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\ x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized> , subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized> , second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_ smtp_headers=F, entity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsM mAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending _messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitiali zed>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interva l=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialize d>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitia lized>]
1254722770.692804 file_over_new_connection 1254722770.692804 file_over_new_connection
[0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un [0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un
initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p=
1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=
1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk
ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4 ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4
62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81 62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81
:60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use :60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use
cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=< cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<
uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T,
dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or
ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r
pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>,
dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin
itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st
ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial
ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius= ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=
<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, <uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>,
sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp
=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147 =[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147
0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu 0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu
rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon,
5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\ 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\
x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia
lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized> lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>
, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized> , subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>
, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." , second_received=<uninitialized>, last_reply=354 Enter message, ending with "."
on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi
ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[ ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_
filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[ smtp_headers=F, entity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsM
helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5] mAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending
, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last _messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitiali
_active=1254722770.692804, seen_bytes=0, total_bytes=<uninitialized>, missing_by zed>, syslog=<uninitialized>]\x0a}, last_active=1254722770.692804, seen_bytes=0,
tes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_bu total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interva
ffer=<uninitialized>, info=[ts=1254722770.692804, fuid=FEFYSd1s8Onn9LynKj, tx_ho l=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=125472277
sts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, 0.692804, fuid=FEFYSd1s8Onn9LynKj, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, con
analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitialized>, dura n_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninit
tion=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<u ialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>,
ninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<unini is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow
tialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x5 _bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<un
09=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, initialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitial
extracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc ized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<u
=<uninitialized>, pe=<uninitialized>] ninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11,
num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, sta
te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s te=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81:60], s
tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser tart_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 usecs, ser
vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ vice={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitializ
ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit ed>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninit
ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra ialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extra
ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u ct_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<u
ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin ninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<unin
itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, itialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>,
ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninit
ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq ialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysq
l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali l=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitiali
zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=< zed>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<
uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472 uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=125472
2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp 2768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp
_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat _h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@pat
riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3 riots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:3
6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200 6:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol200
2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000 2in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000
301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o 301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_o
riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=< riginating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<
uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel uninitialized>, last_reply=354 Enter message, ending with "." on a line by itsel
f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl f, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tl
s=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], s=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, ent
fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2]], smtp_state=[helo=GP, messages_t ity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg
ransferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitiali y4WU2]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia
zed>, ssh=<uninitialized>, syslog=<uninitialized>] lized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini
tialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722770.695115 new_connection 1254722770.695115 new_connection
[0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_byte s_ip=0, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, num_pkt s=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time=125472 2770.695115, duration=0 secs, service={\x0a\x0a}, history=, uid=C4J4Th3PJpwUYZZ6 gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, su ccessful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized> , extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitial ized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uni nitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized >, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitializ ed>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbu s=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitializ ed>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<unin itialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitia lized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_byte s_ip=0, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, num_pkt s=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time=125472 2770.695115, duration=0 secs, service={\x0a\x0a}, history=, uid=C4J4Th3PJpwUYZZ6 gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, su ccessful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized> , extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitial ized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uni nitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized >, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitializ ed>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbu s=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitializ ed>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<unin itialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitia lized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1254722771.494181 file_sniff 1254722771.494181 file_sniff
[0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4 62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81 :60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=< uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius= <uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp =[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147 0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\ x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized> , subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized> , second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[ filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9L ynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>]\x0a}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=<uni nitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_b uffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Imp roved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw co mpiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x0 d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" keyw ord\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\ x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a * Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is nee ded\x0d\x0a* Added new compiler/linker options: \x0d\x0a - Strip executable\x0d \x0a - Generate instructions for a specific machine (i386, i486, i586, i686, pe ntium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a k6, k6 -2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winc hip2, k8, c3 and c3-2)\x0d\x0a - Enable use of processor specific built-in func tions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Option s is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x0 d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a var iable during debugging (right click on a watch variable and select "Modify value ")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to speci fy an include directory for the code completion cache to be created at Dev-C++ f irst startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ f irst time configuration dialog, a code completion cache of all the standard \x0d \x0a include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0d \x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature f or DLLs: attach to a running process\x0d\x0a* New project option: Use custom Mak efile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an altern ate configuration file in Environment Options \x0d\x0a (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x 0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Imp roved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resou rce errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x0 a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating inst ead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7 \x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "wa tch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\x 0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressource s)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x 0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an ext ra definition is passed to the\x0d\x0a compiler: -D__DEBUG__\x0d\x0a* Each proj ect creates a <project_name>_private.h file containing version\x0d\x0a informat ion definitions\x0d\x0a* When compiling the current file only, no dependency che cks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "Extern al programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Added "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d\ x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added ne w file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp. cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3 \x0d\x0a* When adding debugging symbols on request, remove "-s" option from link er\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show progr ess window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FEFYSd1s 8Onn9LynKj, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x0 a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=5, analyzers={\x0 a\x0a}, mime_type=<uninitialized>, filename=NEWS.txt, duration=0 secs, local_ori g=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing _bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninit ialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, ex tracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<unini tialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=< uninitialized>] [0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pk ts=11, num_bytes_ip=3518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=4 62, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0, l2_addr=00:1f:33:d9:81 :60], start_time=1254722767.529046, duration=3.0 secs 163.0 msecs 758.039474 use cs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=< uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_or ig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_r pc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<unin itialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_st ate=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitial ized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius= <uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp =[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=147 0/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gu rpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\ x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<uninitia lized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized> , subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized> , second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Offi ce Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_ smtp_headers=F, entity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsM mAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.4 94181, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_b ytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9. 9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9. 9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes\ x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improv ed Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0a * Added support for the "interface" keyword\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d\x0a* New splash screen and association i cons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now re sent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker o ptions: \x0d\x0a - Strip executable\x0d\x0a - Generate instructions for a spec ific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2 , pentium3, pentium4, \x0d\x0a k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4 , athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d\ x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsin g improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time CO nfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4 \x0d\x0a* Added the possibility to specify an include directory for the code com pletion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code comp letion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\Pa ckages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\ x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code c ompletion cache of all the standard \x0d\x0a include files can now be generated .\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVers ion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d \x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module.\ x0d\x0a* Allow user to specify an alternate configuration file in Environment Op tions \x0d\x0a (still can be overriden by using "-c" command line parameter).\x 0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory \x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker par ameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\x 0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Resou rce sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made w hole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now save d\x0d\x0a* New environment options : "watch variable under mouse" and "Report wa tch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug var iable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class browse r pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0a Version 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h f ile containing version\x0d\x0a information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed-u p in class parser\x0d\x0a* Added "External programs" in Tools/Environment Option s (for units "Open with")\x0d\x0a* Added "Open with" in project units context me nu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency ch ecks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\x 0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x0 d\x0a* Environment options : "Show progress window" and "Auto-close progress , i nfo=[ts=1254722770.692804, fuid=FEFYSd1s8Onn9LynKj, tx_hosts={\x0a\x0910.10.1.4\ x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0 a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filen ame=NEWS.txt, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes =0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=< uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutof f=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<u ninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T] [1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T]
1254722771.834595 Broker::log_flush 1254722771.834595 Broker::log_flush
1254722771.858334 mime_end_entity 1254722771.858334 mime_end_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.t xt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_st ate=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_dep th=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=[filename=NEWS.txt], fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5D WEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pe nding_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<unini tialized>, syslog=<uninitialized>]
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722771.858334 file_state_remove 1254722771.858334 file_state_remove
[0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_p kts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size =462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9 :81:60], start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunn el=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful =T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extrac t_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, d ce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitializ ed>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=< uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, htt p_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<unini tialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, rad ius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialize d>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p =1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfro m=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=M on, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, t o={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<unin itialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitiali zed>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitiali zed>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, enti ty=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9L ynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>]\x0a}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=<un initialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_ buffer_size=4096, bof_buffer=Version 4.9.9.1\x0d\x0a* Many bug fixes\x0d\x0a* Im proved editor\x0d\x0a\x0d\x0aVersion 4.9.9.0\x0d\x0a* Support for latest Mingw c ompiler system builds\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Improved Indent/Unindent and Remove Comment\x 0d\x0a* Improved automatic indent\x0d\x0a* Added support for the "interface" key word\x0d\x0a* WebUpdate should now report installation problems from PackMan\x0d \x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0 a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now resent during next debug session\x0d\x0a* Watched Variables not in correct context are now kept and updated when it is ne eded\x0d\x0a* Added new compiler/linker options: \x0d\x0a - Strip executable\x0 d\x0a - Generate instructions for a specific machine (i386, i486, i586, i686, p entium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, \x0d\x0a k6, k 6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, win chip2, k8, c3 and c3-2)\x0d\x0a - Enable use of processor specific built-in fun ctions (mmmx, sse, sse2, pni, 3dnow)\x0d\x0a* "Default" button in Compiler Optio ns is back\x0d\x0a* Error messages parsing improved\x0d\x0a* Bug fixes\x0d\x0a\x 0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a va riable during debugging (right click on a watch variable and select "Modify valu e")\x0d\x0a* During Dev-C++ First Time COnfiguration window, users can now choos e between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.4\x0d\x0a* Added the possibility to spec ify an include directory for the code completion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code completion cache\x0d\x0a* WebUpdate will no w backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executabl e in devcpp.exe.BACKUP\x0d\x0a* Big speed up in function parameters listing whil e editing\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0 d\x0a include files can now be generated.\x0d\x0a* Improved WebUpdate module\x0 d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0d\x0a* New project option: Use custom Ma kefile. \x0d\x0a* New WebUpdater module.\x0d\x0a* Allow user to specify an alter nate configuration file in Environment Options \x0d\x0a (still can be overriden by using "-c" command line parameter).\x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\ x0aVersion 4.9.8.1\x0d\x0a* When creating a DLL, the created static lib respects now the project-defined output directory\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a * Changed position of compiler/linker parameters in Project Options.\x0d\x0a* Im proved help file\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Reso urce errors are now reported in the Resource sheet\x0d\x0a* Many bug fixes\x0d\x 0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating ins tead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7. 7\x0d\x0a* Printing settings are now saved\x0d\x0a* New environment options : "w atch variable under mouse" and "Report watch errors"\x0d\x0a* Bug fixes\x0d\x0a\ x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug variable browser\x0d\x0a* Added possibilit y to include in a Template the Project's directories (include, libs and ressourc es)\x0d\x0a* Changed tint of Class browser pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\ x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an ex tra definition is passed to the\x0d\x0a compiler: -D__DEBUG__\x0d\x0a* Each pro ject creates a <project_name>_private.h file containing version\x0d\x0a informa tion definitions\x0d\x0a* When compiling the current file only, no dependency ch ecks are performed\x0d\x0a* ~300% Speed-up in class parser\x0d\x0a* Added "Exter nal programs" in Tools/Environment Options (for units "Open with")\x0d\x0a* Adde d "Open with" in project units context menu\x0d\x0a* Added "Classes" toolbar\x0d \x0a* Fixed pre-compilation dependency checks to work correctly\x0d\x0a* Added n ew file menu entry: Save Project As\x0d\x0a* Bug-fix for double quotes in devcpp .cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7. 3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from lin ker\x0d\x0a* Compiling progress window\x0d\x0a* Environment options : "Show prog ress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FEFYSd1 s8Onn9LynKj, tx_hosts={\x0a\x0910.10.1.4\x0a}, rx_hosts={\x0a\x0974.53.140.153\x 0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x0a}, source=SMTP, depth=5, analyzers={\x 0a\x0a}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.81961 1 usecs, local_orig=<uninitialized>, is_orig=T, seen_bytes=4027, total_bytes=<un initialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninit ialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x50 9=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc= <uninitialized>, pe=<uninitialized>] [0] f: fa_file = [id=FEFYSd1s8Onn9LynKj, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p= 1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_p kts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size =462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9 :81:60], start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunn el=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful =T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extrac t_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, d ce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitializ ed>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=< uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, htt p_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<unini tialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, rad ius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialize d>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p =1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfro m=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a\x09}, date=M on, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, t o={\x0a<raj_deol2002in@yahoo.co.in>\x0a\x09}, cc=<uninitialized>, reply_to=<unin itialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitiali zed>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitiali zed>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, proc ess_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsM mAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1254722771.8 58316, seen_bytes=10809, total_bytes=<uninitialized>, missing_bytes=0, overflow_ bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9 .9.1\x0d\x0a* Many bug fixes\x0d\x0a* Improved editor\x0d\x0a\x0d\x0aVersion 4.9 .9.0\x0d\x0a* Support for latest Mingw compiler system builds\x0d\x0a* Bug fixes \x0d\x0a\x0d\x0aVersion 4.9.8.9\x0d\x0a* New code tooltip display\x0d\x0a* Impro ved Indent/Unindent and Remove Comment\x0d\x0a* Improved automatic indent\x0d\x0 a* Added support for the "interface" keyword\x0d\x0a* WebUpdate should now repor t installation problems from PackMan\x0d\x0a* New splash screen and association icons\x0d\x0a* Improved installer\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.7\x0d\x0a* Added support for GCC > 3.2\x0d\x0a* Debug variables are now r esent during next debug session\x0d\x0a* Watched Variables not in correct contex t are now kept and updated when it is needed\x0d\x0a* Added new compiler/linker options: \x0d\x0a - Strip executable\x0d\x0a - Generate instructions for a spe cific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium 2, pentium3, pentium4, \x0d\x0a k6, k6-2, k6-3, athlon, athlon-tbird, athlon- 4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)\x0d\x0a - Enabl e use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)\x0d \x0a* "Default" button in Compiler Options is back\x0d\x0a* Error messages parsi ng improved\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8.5\x0d\x0a* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")\x0d\x0a* During Dev-C++ First Time C Onfiguration window, users can now choose between using or not class browser and code completion features.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.8. 4\x0d\x0a* Added the possibility to specify an include directory for the code co mpletion cache to be created at Dev-C++ first startup\x0d\x0a* Improved code com pletion cache\x0d\x0a* WebUpdate will now backup downloaded DevPaks in Dev-C++\P ackages directory, and Dev-C++ executable in devcpp.exe.BACKUP\x0d\x0a* Big spee d up in function parameters listing while editing\x0d\x0a* Bug fixes\x0d\x0a\x0d \x0aVersion 4.9.8.3\x0d\x0a* On Dev-C++ first time configuration dialog, a code completion cache of all the standard \x0d\x0a include files can now be generate d.\x0d\x0a* Improved WebUpdate module\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVer sion 4.9.8.2\x0d\x0a* New debug feature for DLLs: attach to a running process\x0 d\x0a* New project option: Use custom Makefile. \x0d\x0a* New WebUpdater module. \x0d\x0a* Allow user to specify an alternate configuration file in Environment O ptions \x0d\x0a (still can be overriden by using "-c" command line parameter).\ x0d\x0a* Lots of bug fixes.\x0d\x0a\x0d\x0aVersion 4.9.8.1\x0d\x0a* When creatin g a DLL, the created static lib respects now the project-defined output director y\x0d\x0a\x0d\x0aVersion 4.9.8.0\x0d\x0a* Changed position of compiler/linker pa rameters in Project Options.\x0d\x0a* Improved help file\x0d\x0a* Bug fixes\x0d\ x0a\x0d\x0aVersion 4.9.7.9\x0d\x0a* Resource errors are now reported in the Reso urce sheet\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.8\x0d\x0a* Made whole bottom report control floating instead of only debug output.\x0d\x0a* Many bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.7\x0d\x0a* Printing settings are now sav ed\x0d\x0a* New environment options : "watch variable under mouse" and "Report w atch errors"\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.6\x0d\x0a* Debug va riable browser\x0d\x0a* Added possibility to include in a Template the Project's directories (include, libs and ressources)\x0d\x0a* Changed tint of Class brows er pictures colors to match the New Look style\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0 aVersion 4.9.7.5\x0d\x0a* Bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.4\x0d\x0a* When compiling with debugging symbols, an extra definition is passed to the\x0d\x0a compiler: -D__DEBUG__\x0d\x0a* Each project creates a <project_name>_private.h file containing version\x0d\x0a information definitions\x0d\x0a* When compiling the current file only, no dependency checks are performed\x0d\x0a* ~300% Speed- up in class parser\x0d\x0a* Added "External programs" in Tools/Environment Optio ns (for units "Open with")\x0d\x0a* Added "Open with" in project units context m enu\x0d\x0a* Added "Classes" toolbar\x0d\x0a* Fixed pre-compilation dependency c hecks to work correctly\x0d\x0a* Added new file menu entry: Save Project As\x0d\ x0a* Bug-fix for double quotes in devcpp.cfg file read by vUpdate\x0d\x0a* Other bug fixes\x0d\x0a\x0d\x0aVersion 4.9.7.3\x0d\x0a* When adding debugging symbols on request, remove "-s" option from linker\x0d\x0a* Compiling progress window\x 0d\x0a* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FEFYSd1s8Onn9LynKj, tx_hosts={\x0a\x0910.10.1.4 \x0a}, rx_hosts={\x0a\x0974.53.140.153\x0a}, conn_uids={\x0aClEkJM2Vm5giqnMf4h\x 0a}, source=SMTP, depth=5, analyzers={\x0a\x0a}, mime_type=text/plain, filename= NEWS.txt, duration=801.0 msecs 376.819611 usecs, local_orig=<uninitialized>, is_ orig=T, seen_bytes=4027, total_bytes=<uninitialized>, missing_bytes=0, overflow_ bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uni nitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitiali zed>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>], ftp=<un initialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722771.858334 mime_end_entity 1254722771.858334 mime_end_entity
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1254722771.858334 get_file_handle 1254722771.858334 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1254722771.858334 smtp_request 1254722771.858334 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = . [2] command: string = .
[3] arg: string = . [3] arg: string = .
1254722772.248789 smtp_reply 1254722772.248789 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s tate=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state= [helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5 ], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s tate=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap @patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id= <000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0 , tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial ized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = . [3] cmd: string = .
[4] msg: string = OK id=1Mugho-0003Dg-Un [4] msg: string = OK id=1Mugho-0003Dg-Un
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722774.763825 Broker::log_flush 1254722774.763825 Broker::log_flush
1254722774.763825 smtp_request 1254722774.763825 smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitia lized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=< uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitiali zed>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<un initialized>, first_received=<uninitialized>, second_received=<uninitialized>, l ast_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia lized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitial ized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages= <uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, sysl og=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=< uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12 54722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitia lized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=< uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitiali zed>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<un initialized>, first_received=<uninitialized>, second_received=<uninitialized>, l ast_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia lized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_head ers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, m essages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<u ninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = QUIT [2] command: string = QUIT
[3] arg: string = [3] arg: string =
1254722775.105467 smtp_reply 1254722775.105467 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninit ialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<u ninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_sta te=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3= <uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitiali zed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<u ninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unini tialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_st ate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1 254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uniniti alized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to= <uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitial ized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<u ninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uniniti alized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitia lized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages =<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, sys log=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninit ialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<u ninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_sta te=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3= <uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitiali zed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<u ninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unini tialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_st ate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1 254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uniniti alized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to= <uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitial ized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<u ninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uniniti alized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_hea ders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=< uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 221 [2] code: count = 221
[3] cmd: string = QUIT [3] cmd: string = QUIT
[4] msg: string = xc90.websitewelcome.com closing conne ction [4] msg: string = xc90.websitewelcome.com closing conne ction
[5] cont_resp: bool = F [5] cont_resp: bool = F
1254722776.690444 Broker::log_flush 1254722776.690444 Broker::log_flush
1254722776.690444 new_connection 1254722776.690444 new_connection
[0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/ud p, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_b ytes_ip=0, flow_label=0, l2_addr=00:02:3f:ec:61:11], resp=[size=0, state=0, num_ pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=ff:ff:ff:ff:ff:ff], start_time=125 4722776.690444, duration=0 secs, service={\x0a\x0a}, history=, uid=CtPZjS20MLrsM UOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitializ ed>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninit ialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=< uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitiali zed>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitia lized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, mo dbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitia lized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<u ninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<unini tialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/ud p, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_b ytes_ip=0, flow_label=0, l2_addr=00:02:3f:ec:61:11], resp=[size=0, state=0, num_ pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=ff:ff:ff:ff:ff:ff], start_time=125 4722776.690444, duration=0 secs, service={\x0a\x0a}, history=, uid=CtPZjS20MLrsM UOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitializ ed>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninit ialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=< uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitiali zed>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitia lized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, mo dbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitia lized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<u ninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<unini tialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831776.764391 ChecksumOffloading::check 1437831776.764391 ChecksumOffloading::check
1437831776.764391 connection_state_remove 1437831776.764391 connection_state_remove
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/u dp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_by tes_ip=62, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=100, state=1, nu m_pkts=1, num_bytes_ip=128, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time =1254722767.49206, duration=34.0 msecs 24.953842 usecs, service={\x0aDNS\x0a}, h istory=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninit ialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<unin itialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_back ing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitiali zed>, dns_state=[pending_query=<uninitialized>, pending_queries=<uninitialized>, pending_replies=<uninitialized>], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<u ninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitiali zed>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=< uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized> , rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uni nitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninit ialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/u dp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_by tes_ip=62, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=100, state=1, nu m_pkts=1, num_bytes_ip=128, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time =1254722767.49206, duration=34.0 msecs 24.953842 usecs, service={\x0aDNS\x0a}, h istory=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninit ialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<unin itialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_back ing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitiali zed>, dns_state=[pending_query=<uninitialized>, pending_queries=<uninitialized>, pending_replies=<uninitialized>], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<u ninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitiali zed>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=< uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized> , rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uni nitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninit ialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831776.764391 successful_connection_remove 1437831776.764391 successful_connection_remove
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/u dp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_by tes_ip=62, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=100, state=1, nu m_pkts=1, num_bytes_ip=128, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time =1254722767.49206, duration=34.0 msecs 24.953842 usecs, service={\x0aDNS\x0a}, h istory=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninit ialized>, conn=[ts=1254722767.49206, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4 , orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, service=dns, du ration=34.0 msecs 24.953842 usecs, orig_bytes=34, resp_bytes=100, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history =Dd, orig_pkts=1, orig_ip_bytes=62, resp_pkts=1, resp_ip_bytes=128, tunnel_paren ts=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninit ialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_s tate=[pending_query=<uninitialized>, pending_queries=<uninitialized>, pending_re plies=<uninitialized>], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialize d>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=< uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitializ ed>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<unin itialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized> , smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, s ocks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/u dp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_by tes_ip=62, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=100, state=1, nu m_pkts=1, num_bytes_ip=128, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time =1254722767.49206, duration=34.0 msecs 24.953842 usecs, service={\x0aDNS\x0a}, h istory=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninit ialized>, conn=[ts=1254722767.49206, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4 , orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, service=dns, du ration=34.0 msecs 24.953842 usecs, orig_bytes=34, resp_bytes=100, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history =Dd, orig_pkts=1, orig_ip_bytes=62, resp_pkts=1, resp_ip_bytes=128, tunnel_paren ts=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninit ialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_s tate=[pending_query=<uninitialized>, pending_queries=<uninitialized>, pending_re plies=<uninitialized>], ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialize d>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=< uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitializ ed>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<unin itialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized> , smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, s ocks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831776.764391 Broker::log_flush 1437831776.764391 Broker::log_flush
1437831776.764391 connection_state_remove 1437831776.764391 connection_state_remove
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=5, num_pkts=25, num_bytes_ip=1546, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 952.934265 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTFf, uid=ClEkJM2Vm5giqnMf4h, tunnel=<unini tialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=< uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_st ate=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3 =<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitial ized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=< uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized> , mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unin itialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_s tate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts= 1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp , resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninit ialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to =<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitia lized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=< uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages _transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitia lized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=5, num_pkts=25, num_bytes_ip=1546, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 952.934265 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTFf, uid=ClEkJM2Vm5giqnMf4h, tunnel=<unini tialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=< uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_st ate=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3 =<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitial ized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=< uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized> , mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unin itialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_s tate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts= 1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp , resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninit ialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to =<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitia lized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=< uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninit ialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uni nitialized>]
1437831776.764391 successful_connection_remove 1437831776.764391 successful_connection_remove
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=5, num_pkts=25, num_bytes_ip=1546, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 952.934265 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTFf, uid=ClEkJM2Vm5giqnMf4h, tunnel=<unini tialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=< uninitialized>, dpd_state=<uninitialized>, conn=[ts=1254722767.529046, uid=ClEkJ M2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp _p=25/tcp], proto=tcp, service=smtp, duration=7.0 secs 576.0 msecs 952.934265 us ecs, orig_bytes=14705, resp_bytes=538, conn_state=SF, local_orig=<uninitialized> , local_resp=<uninitialized>, missed_bytes=0, history=ShAdDaTFf, orig_pkts=28, o rig_ip_bytes=21673, resp_pkts=25, resp_ip_bytes=1546, tunnel_parents=<uninitiali zed>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<unin itialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp =<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitia lized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninit ialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninit ialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip= <uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uni nitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.1 0.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, hel o=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, fr om=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialize d>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_rec eived=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_st ate=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_dep th=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s tate=5, num_pkts=25, num_bytes_ip=1546, flow_label=0, l2_addr=00:1f:33:d9:81:60] , start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 952.934265 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTFf, uid=ClEkJM2Vm5giqnMf4h, tunnel=<unini tialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=< uninitialized>, dpd_state=<uninitialized>, conn=[ts=1254722767.529046, uid=ClEkJ M2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp _p=25/tcp], proto=tcp, service=smtp, duration=7.0 secs 576.0 msecs 952.934265 us ecs, orig_bytes=14705, resp_bytes=538, conn_state=SF, local_orig=<uninitialized> , local_resp=<uninitialized>, missed_bytes=0, history=ShAdDaTFf, orig_pkts=28, o rig_ip_bytes=21673, resp_pkts=25, resp_ip_bytes=1546, tunnel_parents=<uninitiali zed>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<unin itialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp =<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitia lized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninit ialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninit ialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip= <uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uni nitialized>, smtp=[ts=1254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.1 0.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, hel o=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, fr om=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialize d>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_rec eived=<uninitialized>, last_reply=221 xc90.websitewelcome.com closing connection , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, en tity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pe nding_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<unini tialized>, syslog=<uninitialized>]
1437831776.764391 connection_state_remove 1437831776.764391 connection_state_remove
[0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_b ytes_ip=2304, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, n um_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time= 1254722770.695115, duration=1.0 msec 518.964767 usecs, service={\x0a\x0a}, histo ry=, uid=C4J4Th3PJpwUYZZ6gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner _vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitializ ed>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitial ized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=< uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitia lized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, k rb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uniniti alized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=< uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitiali zed>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized >, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_b ytes_ip=2304, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, n um_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time= 1254722770.695115, duration=1.0 msec 518.964767 usecs, service={\x0a\x0a}, histo ry=, uid=C4J4Th3PJpwUYZZ6gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner _vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitializ ed>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitial ized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=< uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitia lized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, k rb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uniniti alized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=< uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitiali zed>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized >, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831776.764391 successful_connection_remove 1437831776.764391 successful_connection_remove
[0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_b ytes_ip=2304, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, n um_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time= 1254722770.695115, duration=1.0 msec 518.964767 usecs, service={\x0a\x0a}, histo ry=, uid=C4J4Th3PJpwUYZZ6gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner _vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitializ ed>, conn=[ts=1254722770.695115, uid=C4J4Th3PJpwUYZZ6gc, id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], proto=icmp, service=<uninitial ized>, duration=1.0 msec 518.964767 usecs, orig_bytes=2192, resp_bytes=0, conn_s tate=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0 , history=<uninitialized>, orig_pkts=4, orig_ip_bytes=2304, resp_pkts=0, resp_ip _bytes=0, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thres holds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, d ce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns= <uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse= F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<u ninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized >, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<unini tialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_stat e=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>] [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icm p, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_b ytes_ip=2304, flow_label=0, l2_addr=00:1f:33:d9:81:60], resp=[size=0, state=0, n um_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], start_time= 1254722770.695115, duration=1.0 msec 518.964767 usecs, service={\x0a\x0a}, histo ry=, uid=C4J4Th3PJpwUYZZ6gc, tunnel=<uninitialized>, vlan=<uninitialized>, inner _vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitializ ed>, conn=[ts=1254722770.695115, uid=C4J4Th3PJpwUYZZ6gc, id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], proto=icmp, service=<uninitial ized>, duration=1.0 msec 518.964767 usecs, orig_bytes=2192, resp_bytes=0, conn_s tate=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0 , history=<uninitialized>, orig_pkts=4, orig_ip_bytes=2304, resp_pkts=0, resp_ip _bytes=0, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thres holds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, d ce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns= <uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse= F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<u ninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized >, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<unini tialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_stat e=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
1437831776.764391 connection_state_remove 1437831776.764391 connection_state_remove
[0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/ud p, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num _bytes_ip=229, flow_label=0, l2_addr=00:02:3f:ec:61:11], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=ff:ff:ff:ff:ff:ff], start_time =1254722776.690444, duration=0 secs, service={\x0a\x0a}, history=D, uid=CtPZjS20 MLrsMUOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitiali zed>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninit ialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<u ninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, d hcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<unini tialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uni nitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized >, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uni nitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, s ip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=< uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uniniti alized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/ud p, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num _bytes_ip=229, flow_label=0, l2_addr=00:02:3f:ec:61:11], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=ff:ff:ff:ff:ff:ff], start_time =1254722776.690444, duration=0 secs, service={\x0a\x0a}, history=D, uid=CtPZjS20 MLrsMUOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitiali zed>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninit ialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<u ninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, d hcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<unini tialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uni nitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized >, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uni nitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, s ip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=< uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uniniti alized>, ssh=<uninitialized>, syslog=<uninitialized>]
skipping to change at line 544 skipping to change at line 544
1437831787.867142 smtp_reply 1437831787.867142 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkt s=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=10.0 msecs 246.992111 usecs, service={\x0 a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninit ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=< uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F , ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized> , ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s nmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state =<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali zed>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkt s=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=10.0 msecs 246.992111 usecs, service={\x0 a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninit ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=< uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F , ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized> , ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s nmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state =<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali zed>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 220 [2] code: count = 220
[3] cmd: string = > [3] cmd: string = >
[4] msg: string = uprise ESMTP SubEthaSMTP null [4] msg: string = uprise ESMTP SubEthaSMTP null
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.883306 protocol_confirmation 1437831787.883306 protocol_confirmation
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\ x0a\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uni nitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_ state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thr esholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dn s=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reus e=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc= <uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitializ ed>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uni nitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized> , snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, u id=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.16 8.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninit ialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to =<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitia lized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=< uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.13 3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a ctivity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=< uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\ x0a\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uni nitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_ state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thr esholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dn s=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reus e=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc= <uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitializ ed>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uni nitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized> , snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.867142, u id=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.16 8.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninit ialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to =<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitia lized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=< uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.13 3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a ctivity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids =[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages =<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, sys log=<uninitialized>]
[1] atype: enum = Analyzer::ANALYZER_SMTP [1] atype: enum = Analyzer::ANALYZER_SMTP
[2] aid: count = 21 [2] aid: count = 21
1437831787.883306 smtp_request 1437831787.883306 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\ x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan= <uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitializ ed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized> , dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_ reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uniniti alized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp= <uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitiali zed>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86714 2, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=19 2.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<un initialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized> , to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unin itialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitializ ed>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialize d>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], soc ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\ x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan= <uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitializ ed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized> , dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_ reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uniniti alized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp= <uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitiali zed>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86714 2, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=19 2.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<un initialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized> , to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unin itialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitializ ed>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, f uids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_mess ages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = EHLO [2] command: string = EHLO
[3] arg: string = [192.168.133.100] [3] arg: string = [192.168.133.100]
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192 .168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_c lient_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.1 33.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0] , socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192 .168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_c lient_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized> , fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending _messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitiali zed>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = uprise [4] msg: string = uprise
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_age nt=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entit y=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_trans ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized> , ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_age nt=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, proce ss_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state =[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialize d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial ized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = 8BITMIME [4] msg: string = 8BITMIME
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_a gent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, ent ity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra nsferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_a gent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, pro cess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_sta te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali zed>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti alized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = AUTH LOGIN [4] msg: string = AUTH LOGIN
[5] cont_resp: bool = T [5] cont_resp: bool = T
1437831787.886281 smtp_reply 1437831787.886281 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, e ntity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_t ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali zed>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user _agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, p rocess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_s tate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitia lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini tialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = EHLO [3] cmd: string = EHLO
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.887031 smtp_request 1437831787.887031 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk ts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=30.0 msecs 136.108398 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=< uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<u ninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferr ed=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ss h=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk ts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=30.0 msecs 136.108398 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= <uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia lized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=< uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_s mtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[he lo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = MAIL [2] command: string = MAIL
[3] arg: string = FROM:<albert@example.com> [3] arg: string = FROM:<albert@example.com>
1437831787.889785 smtp_reply 1437831787.889785 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk ts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=32.0 msecs 890.081406 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id =<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity =<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transf erred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk ts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=32.0 msecs 890.081406 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id =<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state= [helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized >, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali zed>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = MAIL [3] cmd: string = MAIL
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.890232 smtp_request 1437831787.890232 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk ts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=33.0 msecs 337.116241 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id =<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity =<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transf erred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk ts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c] , start_time=1437831787.856895, duration=33.0 msecs 337.116241 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id =<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state= [helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized >, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali zed>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<ericlim220@yahoo.com> [3] arg: string = TO:<ericlim220@yahoo.com>
1437831787.892986 smtp_reply 1437831787.892986 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk ts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101 , state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c ], start_time=1437831787.856895, duration=36.0 msecs 91.089249 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitial ized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_ received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133. 100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_act ivity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=< uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk ts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101 , state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c ], start_time=1437831787.856895, duration=36.0 msecs 91.089249 usecs, service={\ x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan =<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F , thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized >, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data _reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp =<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671 42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1 92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom= albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitial ized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_ received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133. 100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_act ivity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[ ]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages =<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, sys log=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.893587 smtp_request 1437831787.893587 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p kts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=10 1, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4 c], start_time=1437831787.856895, duration=36.0 msecs 692.142487 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86 7142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h =192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfro m=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized >, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<unini tialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uniniti alized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, secon d_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.13 3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a ctivity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100] , messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks =<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p kts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=10 1, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4 c], start_time=1437831787.856895, duration=36.0 msecs 692.142487 usecs, service= {\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vl an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized >, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp =F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized >, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86 7142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h =192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfro m=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized >, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<unini tialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uniniti alized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, secon d_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.13 3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a ctivity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids =[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messag es=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, s yslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<felica4uu@hotmail.com> [3] arg: string = TO:<felica4uu@hotmail.com>
1437831787.897624 smtp_reply 1437831787.897624 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p kts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 09, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=40.0 msecs 729.045868 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[ 192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_st ate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p kts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 09, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=40.0 msecs 729.045868 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[ 192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, en tity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.898413 smtp_request 1437831787.898413 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p kts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 09, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=41.0 msecs 517.972946 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[ 192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_st ate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitial ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit ialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p kts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 09, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=41.0 msecs 517.972946 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[ 192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re ceived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, en tity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tr ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ ed>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = RCPT [2] command: string = RCPT
[3] arg: string = TO:<davis_mark1@outlook.com> [3] arg: string = TO:<davis_mark1@outlook.com>
1437831787.901069 smtp_reply 1437831787.901069 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p kts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 173.955917 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninit ialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p kts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 173.955917 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = RCPT [3] cmd: string = RCPT
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.901697 smtp_request 1437831787.901697 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninit ialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = DATA [2] command: string = DATA
[3] arg: string = [3] arg: string =
1437831787.901697 mime_begin_entity 1437831787.901697 mime_begin_entity
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninit ialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831787.904758 smtp_reply 1437831787.904758 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=47.0 msecs 863.006592 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filena me=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra nsferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p kts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=47.0 msecs 863.006592 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_sta te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali zed>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti alized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 354 [2] code: count = 354
[3] cmd: string = DATA [3] cmd: string = DATA
[4] msg: string = End data with <CR><LF>.<CR><LF> [4] msg: string = End data with <CR><LF>.<CR><LF>
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uniniti alized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain; charset=us-ascii] [1] h: mime_header_rec = [original_name=Content-Type, name=CON TENT-TYPE, value=text/plain; charset=us-ascii]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uniniti alized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Mime-Version, name=MIM E-VERSION, value=1.0 (Mac OS X Mail 8.2 \(2102\))] [1] h: mime_header_rec = [original_name=Mime-Version, name=MIM E-VERSION, value=1.0 (Mac OS X Mail 8.2 \(2102\))]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uniniti alized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Subject, name=SUBJECT, value=Re: Bro SMTP CC Header] [1] h: mime_header_rec = [original_name=Subject, name=SUBJECT, value=Re: Bro SMTP CC Header]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=Re: Bro SMTP CC Header, x_origina ting_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninit ialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, h as_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[ helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized> , mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ ed>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit ialized>, in_reply_to=<uninitialized>, subject=Re: Bro SMTP CC Header, x_origina ting_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninit ialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, h as_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=< uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transfe rred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=From, name=FROM, value =Albert Zaharovits <albert@example.com>] [1] h: mime_header_rec = [original_name=From, name=FROM, value =Albert Zaharovits <albert@example.com>]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=Albert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=Re: Bro SM TP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_m essages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialize d>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=Albert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=Re: Bro SM TP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, pro cess_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_coun t=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133 .100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=In-Reply-To, name=IN-R EPLY-TO, value=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>] [1] h: mime_header_rec = [original_name=In-Reply-To, name=IN-R EPLY-TO, value=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=Albert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E 96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3 54 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], use r_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100] , messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks =<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=Albert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti alized>, msg_id=<uninitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E 96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized >, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3 54 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], use r_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids =[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messag es=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, s yslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Date, name=DATE, value =Sat, 25 Jul 2015 16:43:07 +0300] [1] h: mime_header_rec = [original_name=Date, name=DATE, value =Sat, 25 Jul 2015 16:43:07 +0300]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, r eply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<9ACEE03C-AB98-4046 -AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_i p=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialize d>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.1 68.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[ 192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime _depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc=<uninitialized>, r eply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<9ACEE03C-AB98-4046 -AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_i p=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialize d>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.1 68.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_cli ent_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninit ialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0 , pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<u ninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=Cc, name=CC, value=fel ica4uu@hotmail.com, davis_mark1@outlook.com] [1] h: mime_header_rec = [original_name=Cc, name=CC, value=fel ica4uu@hotmail.com, davis_mark1@outlook.com]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<uni nitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, sub ject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<u ninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR ><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitializ ed>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<un initialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferr ed=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ss h=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<uni nitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, sub ject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<u ninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR ><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitializ ed>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers =T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[he lo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >]
[1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=7bit] [1] h: mime_header_rec = [original_name=Content-Transfer-Encod ing, name=CONTENT-TRANSFER-ENCODING, value=7bit]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<uni nitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, sub ject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<u ninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR ><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitializ ed>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<un initialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferr ed=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ss h=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<uni nitialized>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, sub ject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<u ninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR ><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitializ ed>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers =T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[he lo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >]
[1] h: mime_header_rec = [original_name=Message-Id, name=MESSA GE-ID, value=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>] [1] h: mime_header_rec = [original_name=Message-Id, name=MESSA GE-ID, value=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A62 02DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046- AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A62 02DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046- AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uniniti alized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=References, name=REFER ENCES, value=<FA60128E-63CF-4C4E-8241-C5805EA0F66E@example.com> <9ACEE03C-AB98-4 046-AEC1-BF4910C61E96@example.com>] [1] h: mime_header_rec = [original_name=References, name=REFER ENCES, value=<FA60128E-63CF-4C4E-8241-C5805EA0F66E@example.com> <9ACEE03C-AB98-4 046-AEC1-BF4910C61E96@example.com>]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A62 02DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046- AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[1 92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_ depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to=<uninitialized>, cc={\x0adavis_mark1@o utlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialized>, msg_id=<A62 02DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046- AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip =<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized >, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uniniti alized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<un initialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=To, name=TO, value=eri clim220@yahoo.com] [1] h: mime_header_rec = [original_name=To, name=TO, value=eri clim220@yahoo.com]
1437831787.905375 mime_one_header 1437831787.905375 mime_one_header
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_f rom=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp _state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninit ialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uni nitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_f rom=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[fi lename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages _transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitia lized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] h: mime_header_rec = [original_name=X-Mailer, name=X-MAILE R, value=Apple Mail (2.2102)] [1] h: mime_header_rec = [original_name=X-Mailer, name=X-MAILE R, value=Apple Mail (2.2102)]
1437831787.905375 get_file_handle 1437831787.905375 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<un initialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog= <uninitialized>] [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], mess ages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<unin itialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1437831787.905375 file_new 1437831787.905375 file_new
[0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=[filena me=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra nsferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialize d>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1437831787.90 5375, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes =0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitial ized>, pe=<uninitialized>] [0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_sta te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali zed>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti alized>]\x0a}, last_active=1437831787.905375, seen_bytes=0, total_bytes=<uniniti alized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffe r_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialize d>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
1437831787.905375 file_over_new_connection 1437831787.905375 file_over_new_connection
[0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un [0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un
initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o
rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1
33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969
, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8
d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr
=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387
5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne
l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=
T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract
_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc
e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize
d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u
ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http
_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit
ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi
us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized
>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s
mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori
g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.
168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\
x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201
5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22
0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\
x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE
@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s
ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=
<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <
CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail
(2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=[filena (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_h
me=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra eaders=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_sta
nsferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialize te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali
d>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=1437831787.90 zed>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti
5375, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes alized>]\x0a}, last_active=1437831787.905375, seen_bytes=0, total_bytes=<uniniti
=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, alized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffe
info=[ts=1437831787.905375, fuid=Fc5KpS3kUYqDLwWSMf, tx_hosts={\x0a\x0a}, rx_ho r_size=4096, bof_buffer=<uninitialized>, info=[ts=1437831787.905375, fuid=Fc5KpS
sts={\x0a\x0a}, conn_uids={\x0a\x0a}, source=SMTP, depth=0, analyzers={\x0a\x0a} 3kUYqDLwWSMf, tx_hosts={\x0a\x0a}, rx_hosts={\x0a\x0a}, conn_uids={\x0a\x0a}, so
, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_or urce=SMTP, depth=0, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<u
ig=<uninitialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missin ninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_byte
g_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<unini s=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F,
tialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, e parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=
xtracted=<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<unin <uninitialized>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cuto
itialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe= ff=<uninitialized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<
<uninitialized>] uninitialized>, irc=<uninitialized>, pe=<uninitialized>]
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p
kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A
lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x
0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize
d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE
E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.
133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv
ed_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity
smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<un =[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], mess
initialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog= ages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<unin
<uninitialized>] itialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1437831787.905375 mime_end_entity 1437831787.905375 mime_end_entity
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[Fc5K pS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pe nding_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<unini tialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =[filename=<uninitialized>], fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192. 168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_dep th=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831787.905375 get_file_handle 1437831787.905375 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100 ], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1437831787.905375 file_sniff 1437831787.905375 file_sniff
[0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninit ialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messa ges_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<unini tialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=143783 1787.905375, seen_bytes=204, total_bytes=<uninitialized>, missing_bytes=0, overf low_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0d\x0 a> On 25 Jul 2015, at 16:38, Albert Zaharovits <albert@example.com> wrote:\x0d\x 0a> \x0d\x0a> \x0d\x0a>> On 25 Jul 2015, at 16:21, Albert Zaharovits <albert@exa mple.com> wrote:\x0d\x0a>> \x0d\x0a>> Bro SMTP CC Header\x0d\x0a>> TEST\x0d\x0a> \x0d\x0a\x0d\x0a, info=[ts=1437831787.905375, fuid=Fc5KpS3kUYqDLwWSMf, tx_hosts ={\x0a\x09192.168.133.100\x0a}, rx_hosts={\x0a\x09192.168.133.102\x0a}, conn_uid s={\x0aCmES5u32sYpV7JYN\x0a}, source=SMTP, depth=1, analyzers={\x0a\x0a}, mime_t ype=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<unin itialized>, is_orig=T, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes= 0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized >, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted =<uninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialize d>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uniniti alized>] [0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], s mtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uni nitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=< uninitialized>]\x0a}, last_active=1437831787.905375, seen_bytes=204, total_bytes =<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0d\x0a> On 25 Jul 2015, at 16:38, Albert Zaha rovits <albert@example.com> wrote:\x0d\x0a> \x0d\x0a> \x0d\x0a>> On 25 Jul 2015, at 16:21, Albert Zaharovits <albert@example.com> wrote:\x0d\x0a>> \x0d\x0a>> Br o SMTP CC Header\x0d\x0a>> TEST\x0d\x0a> \x0d\x0a\x0d\x0a, info=[ts=1437831787.9 05375, fuid=Fc5KpS3kUYqDLwWSMf, tx_hosts={\x0a\x09192.168.133.100\x0a}, rx_hosts ={\x0a\x09192.168.133.102\x0a}, conn_uids={\x0aCmES5u32sYpV7JYN\x0a}, source=SMT P, depth=1, analyzers={\x0a\x0a}, mime_type=<uninitialized>, filename=<uninitial ized>, duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=0, tot al_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_ fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uniniti alized>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<unin itialized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitia lized>, irc=<uninitialized>, pe=<uninitialized>]
[1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T] [1] meta: fa_metadata = [mime_type=text/plain, mime_types=[[s trength=-20, mime=text/plain]], inferred=T]
1437831787.905375 file_state_remove 1437831787.905375 file_state_remove
[0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninit ialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messa ges_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<unini tialized>, ssh=<uninitialized>, syslog=<uninitialized>]\x0a}, last_active=143783 1787.905375, seen_bytes=204, total_bytes=<uninitialized>, missing_bytes=0, overf low_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0d\x0 a> On 25 Jul 2015, at 16:38, Albert Zaharovits <albert@example.com> wrote:\x0d\x 0a> \x0d\x0a> \x0d\x0a>> On 25 Jul 2015, at 16:21, Albert Zaharovits <albert@exa mple.com> wrote:\x0d\x0a>> \x0d\x0a>> Bro SMTP CC Header\x0d\x0a>> TEST\x0d\x0a> \x0d\x0a\x0d\x0a, info=[ts=1437831787.905375, fuid=Fc5KpS3kUYqDLwWSMf, tx_hosts ={\x0a\x09192.168.133.100\x0a}, rx_hosts={\x0a\x09192.168.133.102\x0a}, conn_uid s={\x0aCmES5u32sYpV7JYN\x0a}, source=SMTP, depth=1, analyzers={\x0a\x0a}, mime_t ype=text/plain, filename=<uninitialized>, duration=0 secs, local_orig=<uninitial ized>, is_orig=T, seen_bytes=204, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<u ninitialized>, extracted_cutoff=<uninitialized>, extracted_size=<uninitialized>] , ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, pe=<uninitiali zed>] [0] f: fa_file = [id=Fc5KpS3kUYqDLwWSMf, parent_id=<un initialized>, source=SMTP, is_orig=T, conns={\x0a\x09[[orig_h=192.168.133.100, o rig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp]] = [id=[orig_h=192.168.1 33.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969 , state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8 d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr =00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=48.0 msecs 480.03387 5 usecs, service={\x0aSMTP\x0a\x09}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunne l=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful= T, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract _orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dc e_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialize d>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<u ninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http _state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninit ialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radi us=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized >, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, s mtp=[ts=1437831787.867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, ori g_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192. 168.133.100], mailfrom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\ x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a\x09}, date=Sat, 25 Jul 201 5 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim22 0@yahoo.com\x0a\x09}, cc={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\ x0a\x09}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE @example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, s ubject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received= <uninitialized>, second_received=<uninitialized>, last_reply=354 End data with < CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_h eaders=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], s mtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uni nitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=< uninitialized>]\x0a}, last_active=1437831787.905375, seen_bytes=204, total_bytes =<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0d\x0a> On 25 Jul 2015, at 16:38, Albert Zaha rovits <albert@example.com> wrote:\x0d\x0a> \x0d\x0a> \x0d\x0a>> On 25 Jul 2015, at 16:21, Albert Zaharovits <albert@example.com> wrote:\x0d\x0a>> \x0d\x0a>> Br o SMTP CC Header\x0d\x0a>> TEST\x0d\x0a> \x0d\x0a\x0d\x0a, info=[ts=1437831787.9 05375, fuid=Fc5KpS3kUYqDLwWSMf, tx_hosts={\x0a\x09192.168.133.100\x0a}, rx_hosts ={\x0a\x09192.168.133.102\x0a}, conn_uids={\x0aCmES5u32sYpV7JYN\x0a}, source=SMT P, depth=1, analyzers={\x0a\x0a}, mime_type=text/plain, filename=<uninitialized> , duration=0 secs, local_orig=<uninitialized>, is_orig=T, seen_bytes=204, total_ bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fui d=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitiali zed>, x509=<uninitialized>, extracted=<uninitialized>, extracted_cutoff=<uniniti alized>, extracted_size=<uninitialized>], ftp=<uninitialized>, http=<uninitializ ed>, irc=<uninitialized>, pe=<uninitialized>]
1437831787.905375 get_file_handle 1437831787.905375 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100 ], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1437831787.905375 get_file_handle 1437831787.905375 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100 ], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = T [2] is_orig: bool = T
1437831787.905375 get_file_handle 1437831787.905375 get_file_handle
[0] tag: enum = Analyzer::ANALYZER_SMTP [0] tag: enum = Analyzer::ANALYZER_SMTP
[1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [1] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100 ], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F [2] is_orig: bool = F
1437831787.905375 smtp_request 1437831787.905375 smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1 54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad: 4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service ={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8 67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_ h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail .com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x 0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x _originating_ip=<uninitialized>, first_received=<uninitialized>, second_received =<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168. 133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity =<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100 ], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T [1] is_orig: bool = T
[2] command: string = . [2] command: string = .
[3] arg: string = . [3] arg: string = .
1437831787.914113 smtp_reply 1437831787.914113 smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad :4c], start_time=1437831787.856895, duration=57.0 msecs 218.074799 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787. 867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp _h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailf rom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmai l.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from= Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\ x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitializ ed>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9AC EE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receive d=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168 .133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_recei ved_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLw WSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_mess ages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad :4c], start_time=1437831787.856895, duration=57.0 msecs 218.074799 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787. 867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp _h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailf rom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmai l.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from= Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\ x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitializ ed>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9AC EE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receive d=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168 .133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_recei ved_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entit y=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.10 0], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], soc ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F [1] is_orig: bool = F
[2] code: count = 250 [2] code: count = 250
[3] cmd: string = . [3] cmd: string = .
[4] msg: string = Ok [4] msg: string = Ok
[5] cont_resp: bool = F [5] cont_resp: bool = F
1437831798.533593 Broker::log_flush 1437831798.533593 Broker::log_flush
1437831798.533593 new_connection 1437831798.533593 new_connection
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=0, num_pkts =0, num_bytes_ip=0, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, stat e=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start _time=1437831798.533593, duration=0 secs, service={\x0a\x0a}, history=^, uid=CP5 puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<unini tialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<u ninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_r pc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialize d>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=< uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http =<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitia lized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp =<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialize d>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_st ate=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=0, num_pkts =0, num_bytes_ip=0, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, stat e=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start _time=1437831798.533593, duration=0 secs, service={\x0a\x0a}, history=^, uid=CP5 puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<unini tialized>, successful=F, dpd=<uninitialized>, dpd_state=<uninitialized>, conn=<u ninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_r pc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialize d>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=< uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http =<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitia lized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp =<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialize d>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_st ate=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<un initialized>, ssh=<uninitialized>, syslog=<uninitialized>]
skipping to change at line 1096 skipping to change at line 1096
1437831800.217854 successful_connection_remove 1437831800.217854 successful_connection_remove
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], orig=[size=41, state=3, num_pk ts=1, num_bytes_ip=93, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, s tate=3, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=cc:b2:55:f4:62:92], s tart_time=1437831776.764391, duration=343.0 msecs 8.041382 usecs, service={\x0a\ x0a}, history=Da, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitia lized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state =<uninitialized>, conn=[ts=1437831776.764391, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h =192.168.133.100, orig_p=49285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], prot o=tcp, service=<uninitialized>, duration=343.0 msecs 8.041382 usecs, orig_bytes= 41, resp_bytes=0, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninit ialized>, missed_bytes=0, history=Da, orig_pkts=1, orig_ip_bytes=93, resp_pkts=1 , resp_ip_bytes=52, tunnel_parents=<uninitialized>], extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog= <uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], orig=[size=41, state=3, num_pk ts=1, num_bytes_ip=93, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, s tate=3, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=cc:b2:55:f4:62:92], s tart_time=1437831776.764391, duration=343.0 msecs 8.041382 usecs, service={\x0a\ x0a}, history=Da, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitia lized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state =<uninitialized>, conn=[ts=1437831776.764391, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h =192.168.133.100, orig_p=49285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], prot o=tcp, service=<uninitialized>, duration=343.0 msecs 8.041382 usecs, orig_bytes= 41, resp_bytes=0, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninit ialized>, missed_bytes=0, history=Da, orig_pkts=1, orig_ip_bytes=93, resp_pkts=1 , resp_ip_bytes=52, tunnel_parents=<uninitialized>], extract_orig=F, extract_res p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog= <uninitialized>]
1437831800.217854 connection_state_remove 1437831800.217854 connection_state_remove
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=3, num_pkts =3, num_bytes_ip=156, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, s tate=3, num_pkts=3, num_bytes_ip=411, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831798.533593, duration=221.014023 usecs, service={\x0a\x0a}, his tory=^dtA, uid=CP5puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<unini tialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uni nitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_bac king=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitial ized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<un initialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitializ ed>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<u ninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<unin itialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uniniti alized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=3, num_pkts =3, num_bytes_ip=156, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, s tate=3, num_pkts=3, num_bytes_ip=411, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831798.533593, duration=221.014023 usecs, service={\x0a\x0a}, his tory=^dtA, uid=CP5puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<unini tialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uni nitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_bac king=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitial ized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<un initialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitializ ed>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<u ninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<unin itialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uniniti alized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1437831800.217854 successful_connection_remove 1437831800.217854 successful_connection_remove
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=3, num_pkts =3, num_bytes_ip=156, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, s tate=3, num_pkts=3, num_bytes_ip=411, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831798.533593, duration=221.014023 usecs, service={\x0a\x0a}, his tory=^dtA, uid=CP5puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<unini tialized>, conn=[ts=1437831798.533593, uid=CP5puj4I8PtEU4qzYg, id=[orig_h=192.16 8.133.100, orig_p=49336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], proto=tcp, s ervice=<uninitialized>, duration=221.014023 usecs, orig_bytes=0, resp_bytes=85, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_b ytes=0, history=^dtA, orig_pkts=3, orig_ip_bytes=156, resp_pkts=3, resp_ip_bytes =411, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, threshold s=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_r pc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uni nitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, s sl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<unini tialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, n tlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitial ized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp =<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<u ninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=3, num_pkts =3, num_bytes_ip=156, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, s tate=3, num_pkts=3, num_bytes_ip=411, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831798.533593, duration=221.014023 usecs, service={\x0a\x0a}, his tory=^dtA, uid=CP5puj4I8PtEU4qzYg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<unini tialized>, conn=[ts=1437831798.533593, uid=CP5puj4I8PtEU4qzYg, id=[orig_h=192.16 8.133.100, orig_p=49336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], proto=tcp, s ervice=<uninitialized>, duration=221.014023 usecs, orig_bytes=0, resp_bytes=85, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_b ytes=0, history=^dtA, orig_pkts=3, orig_ip_bytes=156, resp_pkts=3, resp_ip_bytes =411, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, threshold s=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_r pc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uni nitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, s sl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<unini tialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, n tlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitial ized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp =<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<u ninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized >]
1437831800.217854 connection_state_remove 1437831800.217854 connection_state_remove
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:a d:4c], start_time=1437831787.856895, duration=57.0 msecs 320.11795 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787. 914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp _h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133.100], mailf rom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uniniti alized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_i d=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origi nating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unin itialized>, last_reply=<uninitialized>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity =F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messa ges_transferred=1, pending_messages=<uninitialized>, mime_depth=1], socks=<unini tialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:a d:4c], start_time=1437831787.856895, duration=57.0 msecs 320.11795 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_ data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787. 914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp _h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133.100], mailf rom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uniniti alized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_i d=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origi nating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unin itialized>, last_reply=<uninitialized>, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity =F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], s mtp_state=[helo=[192.168.133.100], messages_transferred=1, pending_messages=<uni nitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=< uninitialized>]
1437831800.217854 successful_connection_remove 1437831800.217854 successful_connection_remove
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:a d:4c], start_time=1437831787.856895, duration=57.0 msecs 320.11795 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=[ts=1437831787.856895, uid=CmES5u32sYpV7JYN , id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=2 5/tcp], proto=tcp, service=smtp, duration=57.0 msecs 320.11795 usecs, orig_bytes =969, resp_bytes=162, conn_state=S1, local_orig=<uninitialized>, local_resp=<uni nitialized>, missed_bytes=0, history=ShAdDa, orig_pkts=17, orig_ip_bytes=1865, r esp_pkts=10, resp_ip_bytes=690, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_st ate=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3 =<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitial ized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=< uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized> , mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unin itialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_s tate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts= 1437831787.914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=4964 8/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133. 100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, fr om=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialize d>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_rec eived=<uninitialized>, last_reply=<uninitialized>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133. 100], messages_transferred=1, pending_messages=<uninitialized>, mime_depth=1], s ocks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4 9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p kts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size= 162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:a d:4c], start_time=1437831787.856895, duration=57.0 msecs 320.11795 usecs, servic e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ ed>, dpd_state=<uninitialized>, conn=[ts=1437831787.856895, uid=CmES5u32sYpV7JYN , id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=2 5/tcp], proto=tcp, service=smtp, duration=57.0 msecs 320.11795 usecs, orig_bytes =969, resp_bytes=162, conn_state=S1, local_orig=<uninitialized>, local_resp=<uni nitialized>, missed_bytes=0, history=ShAdDa, orig_pkts=17, orig_ip_bytes=1865, r esp_pkts=10, resp_ip_bytes=690, tunnel_parents=<uninitialized>], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_st ate=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3 =<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitial ized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=< uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized> , mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unin itialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_s tate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts= 1437831787.914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=4964 8/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133. 100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, fr om=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitiali zed>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialize d>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_rec eived=<uninitialized>, last_reply=<uninitialized>, path=[192.168.133.102, 192.16 8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie nt_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, f uids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=1, pending_me ssages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized >, syslog=<uninitialized>]
1437831800.217854 zeek_done 1437831800.217854 zeek_done
1437831800.217854 ChecksumOffloading::check 1437831800.217854 ChecksumOffloading::check
 End of changes. 128 change blocks. 
412 lines changed or deleted 413 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)