(formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.
| smtp-events.log (zeek-3.2.2) | : | smtp-events.log (zeek-3.2.4) |
|---|
| 1254722768.219663 smtp_reply | | 1254722768.219663 smtp_reply |
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<unin
itialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<unin
itialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 220 | | [2] code: count = 220 |
| [3] cmd: string = > | | [3] cmd: string = > |
| [4] msg: string = xc90.websitewelcome.com ESMTP Exim 4.
69 #1 Mon, 05 Oct 2009 01:05:54 -0500 | | [4] msg: string = xc90.websitewelcome.com ESMTP Exim 4.
69 #1 Mon, 05 Oct 2009 01:05:54 -0500 |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.219663 smtp_reply | | 1254722768.219663 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM
2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_
p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto
=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>
, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply
_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>,
first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220
xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , pat
h=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_receive
d_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[
helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>,
mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized
>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM
2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_
p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto
=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>
, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply
_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>,
first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220
xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , pat
h=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_receive
d_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=
<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferr
ed=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ss
h=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 220 | | [2] code: count = 220 |
| [3] cmd: string = > | | [3] cmd: string = > |
| [4] msg: string = We do not authorize the use of this s
ystem to transport unsolicited, | | [4] msg: string = We do not authorize the use of this s
ystem to transport unsolicited, |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.219663 smtp_reply | | 1254722768.219663 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM
2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_
p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto
=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>
, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply
_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>,
first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220
We do not authorize the use of this system to transport unsolicited, , path=[74.
53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from
=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<
uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_d
epth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_tim
e=1254722767.529046, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a},
history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialize
d>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_state=<un
initialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<
uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_
backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninit
ialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=
<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitia
lized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm
=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialize
d>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<u
ninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=ClEkJM
2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_
p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto
=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>
, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply
_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>,
first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220
We do not authorize the use of this system to transport unsolicited, , path=[74.
53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from
=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<unini
tialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0,
pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uni
nitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 220 | | [2] code: count = 220 |
| [3] cmd: string = > | | [3] cmd: string = > |
| [4] msg: string = and/or bulk e-mail. | | [4] msg: string = and/or bulk e-mail. |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722768.224809 smtp_request | | 1254722768.224809 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti
me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x
0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninit
ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta
te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh
olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc
e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<
uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F
, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un
initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>
, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit
ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s
nmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=
ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153,
resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>,
rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitia
lized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in
_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitiali
zed>, first_received=<uninitialized>, second_received=<uninitialized>, last_repl
y=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia
lized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitial
ized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pend
ing_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uniniti
alized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_
bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4,
num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_ti
me=1254722767.529046, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x
0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninit
ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta
te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh
olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc
e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<
uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F
, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un
initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>
, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit
ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s
nmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219663, uid=
ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153,
resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>,
rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitia
lized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in
_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitiali
zed>, first_received=<uninitialized>, second_received=<uninitialized>, last_repl
y=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia
lized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_head
ers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<unin
itialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth
=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = EHLO | | [2] command: string = EHLO |
| [3] arg: string = GP | | [3] arg: string = GP |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22
0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize
d>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized
>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uni
nitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<
uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=22
0 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialize
d>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=
T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messa
ges_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<unini
tialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = xc90.websitewelcome.com Hello GP [122
.162.143.157] | | [4] msg: string = xc90.websitewelcome.com Hello GP [122
.162.143.157] |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10
.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ac
tivity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_trans
ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>
, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10
.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_ac
tivity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=
[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize
d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial
ized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = SIZE 52428800 | | [4] msg: string = SIZE 52428800 |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl
s=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fui
ds=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial
ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit
ialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl
s=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, ent
ity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tr
ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ
ed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = PIPELINING | | [4] msg: string = PIPELINING |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F
, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=
[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialize
d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial
ized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F
, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity
_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_trans
ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>
, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = AUTH PLAIN LOGIN | | [4] msg: string = AUTH PLAIN LOGIN |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>,
tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>,
fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninit
ialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uni
nitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>,
tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T,
entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages
_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitia
lized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = STARTTLS | | [4] msg: string = STARTTLS |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1254722768.566183 smtp_reply | | 1254722768.566183 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F,
process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]
], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>
, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitializ
ed>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_
bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4,
num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_t
ime=1254722767.529046, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x
0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vla
n=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>
, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=
F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitial
ized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialize
d>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_dat
a_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>
, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unini
tialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rd
p=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitia
lized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.219
663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53
.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcpt
to=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialize
d>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_rep
ly_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>
, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=25
0 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F,
process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_c
ount=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transfe
rred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>,
ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = HELP | | [4] msg: string = HELP |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722768.568729 smtp_request | | 1254722768.568729 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num
_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4
, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2
50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro
cess_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]],
smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, m
ime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>
] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num
_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4
, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2
50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro
cess_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_coun
t=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferre
d=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh
=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = AUTH | | [2] command: string = AUTH |
| [3] arg: string = LOGIN | | [3] arg: string = LOGIN |
| | |
| 1254722768.911081 smtp_reply | | 1254722768.911081 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num
_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4
, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2
50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro
cess_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]],
smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, m
ime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>
] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num
_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4
, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=2
50 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, pro
cess_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_coun
t=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferre
d=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh
=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 334 | | [2] code: count = 334 |
| [3] cmd: string = AUTH | | [3] cmd: string = AUTH |
| [4] msg: string = VXNlcm5hbWU6 | | [4] msg: string = VXNlcm5hbWU6 |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722768.911655 smtp_request | | 1254722768.911655 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num
_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4
, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu
ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia
lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini
tialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num
_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4
, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en
tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t
ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali
zed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = ** | | [2] command: string = ** |
| [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu | | [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu |
| | |
| 1254722769.253544 smtp_reply | | 1254722769.253544 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num
_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4
, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu
ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia
lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini
tialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num
_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4
, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en
tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t
ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali
zed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 334 | | [2] code: count = 334 |
| [3] cmd: string = AUTH_ANSWER | | [3] cmd: string = AUTH_ANSWER |
| [4] msg: string = UGFzc3dvcmQ6 | | [4] msg: string = UGFzc3dvcmQ6 |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722769.254118 smtp_request | | 1254722769.254118 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num
_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4
, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3
34 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl
s=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fui
ds=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitial
ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit
ialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num
_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4
, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.21
9663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.5
3.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcp
tto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitializ
ed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_re
ply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized
>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=3
34 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tl
s=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, ent
ity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tr
ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ
ed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = ** | | [2] command: string = ** |
| [3] arg: string = cHVuamFiQDEyMw== | | [3] arg: string = cHVuamFiQDEyMw== |
| | |
| 1254722769.613798 smtp_reply | | 1254722769.613798 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num
_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4
, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fu
ids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitia
lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini
tialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num
_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4
, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_
time=1254722767.529046, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={
\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.2
19663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.
53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rc
ptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitiali
zed>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_r
eply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialize
d>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=
334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, t
ls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, en
tity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_t
ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali
zed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 235 | | [2] code: count = 235 |
| [3] cmd: string = AUTH_ANSWER | | [3] cmd: string = AUTH_ANSWER |
| [4] msg: string = Authentication succeeded | | [4] msg: string = Authentication succeeded |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722769.614414 smtp_request | | 1254722769.614414 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, nu
m_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=
4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 85.0 msecs 367.918015 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.
219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74
.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, r
cptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitial
ized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_
reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitializ
ed>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply
=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<unin
itialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<unini
tialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messa
ges=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>,
syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, nu
m_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=
4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 85.0 msecs 367.918015 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.
219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74
.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, r
cptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitial
ized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_
reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitializ
ed>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply
=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<unin
itialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_
headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=G
P, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], sock
s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = MAIL | | [2] command: string = MAIL |
| [3] arg: string = FROM: <gurpartap@patriots.in> | | [3] arg: string = FROM: <gurpartap@patriots.in> |
| | |
| 1254722769.956765 smtp_reply | | 1254722769.956765 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, nu
m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=
4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 427.0 msecs 718.877792 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un
initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize
d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin
itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las
t_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity
=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pendin
g_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitial
ized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, nu
m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=
4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 427.0 msecs 718.877792 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un
initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize
d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin
itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las
t_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces
s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=
[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0
], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = MAIL | | [3] cmd: string = MAIL |
| [4] msg: string = OK | | [4] msg: string = OK |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722769.957250 smtp_request | | 1254722769.957250 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, nu
m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=
4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 428.0 msecs 204.059601 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un
initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize
d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin
itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las
t_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls
=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuid
s=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitiali
zed>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti
alized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, nu
m_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=
4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 428.0 msecs 204.059601 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<un
initialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialize
d>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<unin
itialized>, first_received=<uninitialized>, second_received=<uninitialized>, las
t_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls
=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, enti
ty_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_tra
nsferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialize
d>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = RCPT | | [2] command: string = RCPT |
| [3] arg: string = TO: <raj_deol2002in@yahoo.co.in> | | [3] arg: string = TO: <raj_deol2002in@yahoo.co.in> |
| | |
| 1254722770.319708 smtp_reply | | 1254722770.319708 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, nu
m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=
4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 790.0 msecs 662.050247 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u
ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent
=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=
<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending
_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitiali
zed>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, nu
m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=
4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 790.0 msecs 662.050247 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u
ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent
=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process
_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[
helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0]
, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = RCPT | | [3] cmd: string = RCPT |
| [4] msg: string = Accepted | | [4] msg: string = Accepted |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722770.320203 smtp_request | | 1254722770.320203 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu
m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=
4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u
ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user
_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, e
ntity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, p
ending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<unin
itialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, nu
m_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=
4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=2.0 secs 791.0 msecs 157.007217 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitiali
zed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_r
esp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<unini
tialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitia
lized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp
_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitiali
zed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<u
ninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>
, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unin
itialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768
.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=7
4.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriot
s.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<u
ninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user
_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, p
rocess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_s
tate=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_de
pth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = DATA | | [2] command: string = DATA |
| [3] arg: string = | | [3] arg: string = |
| | |
| 1254722770.661679 smtp_reply | | 1254722770.661679 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, nu
m_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=
4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=3.0 secs 132.0 msecs 632.97081 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.
219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74
.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots
.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<un
initialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_
originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=
<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_
agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, en
tity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transf
erred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>,
ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, nu
m_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=
4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start
_time=1254722767.529046, duration=3.0 secs 132.0 msecs 632.97081 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1254722768.
219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74
.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots
.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<un
initialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>,
msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_
originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=
<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_
agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, pr
ocess_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[
]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized
>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali
zed>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 354 | | [2] code: count = 354 |
| [3] cmd: string = DATA | | [3] cmd: string = DATA |
| [4] msg: string = Enter message, ending with "." on a l
ine by itself | | [4] msg: string = Enter message, ending with "." on a l
ine by itself |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722771.858334 smtp_request | | 1254722771.858334 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23,
num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s
tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap
@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009
11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo
l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=
<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv
ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i
tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0
, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>,
fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=
[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5
], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23,
num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, s
tate=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=4.0 secs 329.0 msecs 288.005829 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap
@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009
11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo
l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=
<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv
ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i
tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0
, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F,
entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg
y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin
g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial
ized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = . | | [2] command: string = . |
| [3] arg: string = . | | [3] arg: string = . |
| | |
| 1254722772.248789 smtp_reply | | 1254722772.248789 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24,
num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s
tate=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=4.0 secs 719.0 msecs 743.013382 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap
@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009
11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo
l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=
<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv
ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i
tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0
, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>,
fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=
[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5
], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24,
num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s
tate=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=4.0 secs 719.0 msecs 743.013382 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722768.219663, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap
@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009
11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deo
l2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=
<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receiv
ed=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by i
tself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0
, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F,
entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfg
y4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pendin
g_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitial
ized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = . | | [3] cmd: string = . |
| [4] msg: string = OK id=1Mugho-0003Dg-Un | | [4] msg: string = OK id=1Mugho-0003Dg-Un |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1254722774.763825 smtp_request | | 1254722774.763825 smtp_request |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25,
num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s
tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=7.0 secs 234.0 msecs 778.881073 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitia
lized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<
uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitiali
zed>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<un
initialized>, first_received=<uninitialized>, second_received=<uninitialized>, l
ast_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia
lized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitial
ized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=
<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, sysl
og=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25,
num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, s
tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=7.0 secs 234.0 msecs 778.881073 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uniniti
alized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<un
initialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, e
xtract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_stat
e=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<
uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitializ
ed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<un
initialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninit
ialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_sta
te=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=12
54722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitia
lized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<
uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitiali
zed>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<un
initialized>, first_received=<uninitialized>, second_received=<uninitialized>, l
ast_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitia
lized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_head
ers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, m
essages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<u
ninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = QUIT | | [2] command: string = QUIT |
| [3] arg: string = | | [3] arg: string = |
| | |
| 1254722775.105467 smtp_reply | | 1254722775.105467 smtp_reply |
|
| [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27,
num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s
tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 421.022415 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninit
ialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<u
ninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F,
extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_sta
te=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=
<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitiali
zed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<u
ninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unini
tialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_st
ate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1
254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uniniti
alized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=
<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitial
ized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<u
ninitialized>, first_received=<uninitialized>, second_received=<uninitialized>,
last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uniniti
alized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitia
lized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages
=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, sys
log=<uninitialized>] | | [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tc
p, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27,
num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, s
tate=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60]
, start_time=1254722767.529046, duration=7.0 secs 576.0 msecs 421.022415 usecs,
service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninit
ialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<u
ninitialized>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F,
extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_sta
te=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=
<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitiali
zed>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<u
ninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>,
mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<unini
tialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_st
ate=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1
254722772.248789, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp,
resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uniniti
alized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=
<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitial
ized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<u
ninitialized>, first_received=<uninitialized>, second_received=<uninitialized>,
last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uniniti
alized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_hea
ders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP,
messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<
uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 221 | | [2] code: count = 221 |
| [3] cmd: string = QUIT | | [3] cmd: string = QUIT |
| [4] msg: string = xc90.websitewelcome.com closing conne
ction | | [4] msg: string = xc90.websitewelcome.com closing conne
ction |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.867142 smtp_reply | | 1437831787.867142 smtp_reply |
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkt
s=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35,
state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c],
start_time=1437831787.856895, duration=10.0 msecs 246.992111 usecs, service={\x0
a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninit
ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta
te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh
olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc
e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<
uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F
, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un
initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>
, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit
ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s
nmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state
=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali
zed>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkt
s=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35,
state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c],
start_time=1437831787.856895, duration=10.0 msecs 246.992111 usecs, service={\x0
a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninit
ialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>, dpd_sta
te=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresh
olds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dc
e_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<
uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F
, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<un
initialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>
, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninit
ialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, s
nmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state
=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali
zed>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 220 | | [2] code: count = 220 |
| [3] cmd: string = > | | [3] cmd: string = > |
| [4] msg: string = uprise ESMTP SubEthaSMTP null | | [4] msg: string = uprise ESMTP SubEthaSMTP null |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.883306 smtp_request | | 1437831787.883306 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35,
state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\
x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=
<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F,
thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitializ
ed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>
, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_
reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uniniti
alized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=
<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitiali
zed>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86714
2, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=19
2.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<un
initialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>
, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unin
itialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_
ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitializ
ed>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.16
8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie
nt_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialize
d>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], soc
ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35,
state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=26.0 msecs 411.056519 usecs, service={\
x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=
<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F,
thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitializ
ed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>
, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_
reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uniniti
alized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=
<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitiali
zed>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86714
2, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=19
2.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<un
initialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>
, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<unin
itialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_
ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitializ
ed>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.16
8.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_clie
nt_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, f
uids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_mess
ages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>,
syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = EHLO | | [2] command: string = EHLO |
| [3] arg: string = [192.168.133.100] | | [3] arg: string = [192.168.133.100] |
| | |
| 1437831787.886281 smtp_reply | | 1437831787.886281 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192
.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_c
lient_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.1
33.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0]
, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192
.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_c
lient_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>
, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending
_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitiali
zed>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = uprise | | [4] msg: string = uprise |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1437831787.886281 smtp_reply | | 1437831787.886281 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_age
nt=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entit
y=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_trans
ferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>
, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_age
nt=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, proce
ss_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state
=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialize
d>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitial
ized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = 8BITMIME | | [4] msg: string = 8BITMIME |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1437831787.886281 smtp_reply | | 1437831787.886281 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_a
gent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, ent
ity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra
nsferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialize
d>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_a
gent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, pro
cess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_sta
te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali
zed>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti
alized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = AUTH LOGIN | | [4] msg: string = AUTH LOGIN |
| [5] cont_resp: bool = T | | [5] cont_resp: bool = T |
| | |
| 1437831787.886281 smtp_reply | | 1437831787.886281 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user
_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, e
ntity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_t
ransferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitiali
zed>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pk
ts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=29.0 msecs 386.043549 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user
_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, p
rocess_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_s
tate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitia
lized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<unini
tialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = EHLO | | [3] cmd: string = EHLO |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.887031 smtp_request | | 1437831787.887031 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk
ts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=30.0 msecs 136.108398 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<
uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<u
ninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferr
ed=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ss
h=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk
ts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85,
state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=30.0 msecs 136.108398 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitializ
ed>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<u
ninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originati
ng_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitia
lized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<
uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_s
mtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[he
lo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>,
mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized
>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = MAIL | | [2] command: string = MAIL |
| [3] arg: string = FROM:<albert@example.com> | | [3] arg: string = FROM:<albert@example.com> |
| | |
| 1437831787.889785 smtp_reply | | 1437831787.889785 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk
ts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93,
state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=32.0 msecs 890.081406 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia
lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id
=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin
ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini
tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity
=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transf
erred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>,
ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pk
ts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93,
state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=32.0 msecs 890.081406 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia
lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id
=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin
ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini
tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces
s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=
[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized
>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali
zed>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = MAIL | | [3] cmd: string = MAIL |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.890232 smtp_request | | 1437831787.890232 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk
ts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93,
state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=33.0 msecs 337.116241 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia
lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id
=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin
ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini
tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity
=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transf
erred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>,
ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk
ts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93,
state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c]
, start_time=1437831787.856895, duration=33.0 msecs 337.116241 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitia
lized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id
=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_origin
ating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<unini
tialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agen
t=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, proces
s_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=
[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized
>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitiali
zed>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = RCPT | | [2] command: string = RCPT |
| [3] arg: string = TO:<ericlim220@yahoo.com> | | [3] arg: string = TO:<ericlim220@yahoo.com> |
| | |
| 1437831787.892986 smtp_reply | | 1437831787.892986 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk
ts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101
, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c
], start_time=1437831787.856895, duration=36.0 msecs 91.089249 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>,
from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti
alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitial
ized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_
received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.
100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_act
ivity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100],
messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<
uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pk
ts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101
, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c
], start_time=1437831787.856895, duration=36.0 msecs 91.089249 usecs, service={\
x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan
=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized>,
dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F
, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitiali
zed>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized
>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data
_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>,
irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninit
ialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp
=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitial
ized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8671
42, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=1
92.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=
albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>,
from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uniniti
alized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitial
ized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_
received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.
100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_act
ivity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[
]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages
=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, sys
log=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = RCPT | | [3] cmd: string = RCPT |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.893587 smtp_request | | 1437831787.893587 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p
kts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=10
1, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4
c], start_time=1437831787.856895, duration=36.0 msecs 692.142487 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86
7142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h
=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfro
m=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized
>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<unini
tialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uniniti
alized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, secon
d_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.13
3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a
ctivity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100]
, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks
=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p
kts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=10
1, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4
c], start_time=1437831787.856895, duration=36.0 msecs 692.142487 usecs, service=
{\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vl
an=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialized
>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp
=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitia
lized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitializ
ed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_da
ta_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized
>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<unin
itialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, r
dp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uniniti
alized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.86
7142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h
=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfro
m=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized
>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<unini
tialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uniniti
alized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, secon
d_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.13
3.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_a
ctivity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids
=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messag
es=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, s
yslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = RCPT | | [2] command: string = RCPT |
| [3] arg: string = TO:<felica4uu@hotmail.com> | | [3] arg: string = TO:<felica4uu@hotmail.com> |
| | |
| 1437831787.897624 smtp_reply | | 1437831787.897624 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p
kts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
09, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=40.0 msecs 729.045868 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co
m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin
itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini
tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece
ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[
192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re
ceived_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_st
ate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitial
ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit
ialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_p
kts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
09, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=40.0 msecs 729.045868 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co
m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin
itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini
tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece
ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[
192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re
ceived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, en
tity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tr
ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ
ed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = RCPT | | [3] cmd: string = RCPT |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.898413 smtp_request | | 1437831787.898413 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p
kts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
09, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=41.0 msecs 517.972946 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co
m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin
itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini
tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece
ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[
192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re
ceived_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_st
ate=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitial
ized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninit
ialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p
kts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
09, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=41.0 msecs 517.972946 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.co
m\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<unin
itialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<unini
tialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_rece
ived=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[
192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_re
ceived_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, en
tity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tr
ansferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitializ
ed>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = RCPT | | [2] command: string = RCPT |
| [3] arg: string = TO:<davis_mark1@outlook.com> | | [3] arg: string = TO:<davis_mark1@outlook.com> |
| | |
| 1437831787.901069 smtp_reply | | 1437831787.901069 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p
kts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
17, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=44.0 msecs 173.955917 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninit
ialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0,
pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<un
initialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_p
kts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
17, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=44.0 msecs 173.955917 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h
eaders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[1
92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_
depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = RCPT | | [3] cmd: string = RCPT |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.901697 smtp_request | | 1437831787.901697 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p
kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninit
ialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0,
pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<un
initialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p
kts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
17, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=44.0 msecs 801.950455 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h
eaders=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[1
92.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_
depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = DATA | | [2] command: string = DATA |
| [3] arg: string = | | [3] arg: string = |
| | |
| 1437831787.904758 smtp_reply | | 1437831787.904758 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p
kts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
54, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=47.0 msecs 863.006592 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filena
me=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_tra
nsferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialize
d>, ssh=<uninitialized>, syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_p
kts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
54, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=47.0 msecs 863.006592 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>,
to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninit
ialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip
=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized
>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<unini
tialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_h
eaders=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_sta
te=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitiali
zed>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uniniti
alized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 354 | | [2] code: count = 354 |
| [3] cmd: string = DATA | | [3] cmd: string = DATA |
| [4] msg: string = End data with <CR><LF>.<CR><LF> | | [4] msg: string = End data with <CR><LF>.<CR><LF> |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | |
| 1437831787.905375 smtp_request | | 1437831787.905375 smtp_request |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p
kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A
lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x
0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize
d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE
E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.
133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv
ed_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwW
SMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messa
ges=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>,
syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p
kts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=1
54, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:
4c], start_time=1437831787.856895, duration=48.0 msecs 480.033875 usecs, service
={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, v
lan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitialize
d>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_res
p=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uniniti
alized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitiali
zed>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_d
ata_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialize
d>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uni
nitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninit
ialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.8
67142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_
h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfr
om=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail
.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=A
lbert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x
0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitialize
d>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACE
E03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x
_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received
=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.
133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_receiv
ed_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity
=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100
], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], sock
s=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = T | | [1] is_orig: bool = T |
| [2] command: string = . | | [2] command: string = . |
| [3] arg: string = . | | [3] arg: string = . |
| | |
| 1437831787.914113 smtp_reply | | 1437831787.914113 smtp_reply |
|
| [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p
kts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=
162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad
:4c], start_time=1437831787.856895, duration=57.0 msecs 218.074799 usecs, servic
e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.
867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp
_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailf
rom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmai
l.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=
Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\
x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitializ
ed>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9AC
EE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receive
d=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168
.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_recei
ved_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLw
WSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_mess
ages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>,
syslog=<uninitialized>] | | [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=4
9648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_p
kts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=
162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad
:4c], start_time=1437831787.856895, duration=57.0 msecs 218.074799 usecs, servic
e={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>,
vlan=<uninitialized>, inner_vlan=<uninitialized>, successful=T, dpd=<uninitializ
ed>, dpd_state=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_re
sp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninit
ialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitial
ized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_
data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitializ
ed>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<un
initialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>,
rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<unini
tialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=1437831787.
867142, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp
_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailf
rom=albert@example.com, rcptto={\x0adavis_mark1@outlook.com,\x0afelica4uu@hotmai
l.com,\x0aericlim220@yahoo.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=
Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\
x0adavis_mark1@outlook.com,\x0afelica4uu@hotmail.com\x0a}, reply_to=<uninitializ
ed>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9AC
EE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header,
x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_receive
d=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168
.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_recei
ved_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entit
y=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.10
0], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], soc
ks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>] |
| [1] is_orig: bool = F | | [1] is_orig: bool = F |
| [2] code: count = 250 | | [2] code: count = 250 |
| [3] cmd: string = . | | [3] cmd: string = . |
| [4] msg: string = Ok | | [4] msg: string = Ok |
| [5] cont_resp: bool = F | | [5] cont_resp: bool = F |
| | | |
| End of changes. 42 change blocks. |
|---|
| 42 lines changed or deleted | | 42 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 