Project

General

Profile

Bug #7343 » alert.txt

alert-debug.txt of relevant alert. - J SFortanix, 10/25/2024 07:01 AM

 
TIME: 10/24/2024-09:51:48.473308
PKT SRC: wire/pcap
SRC IP: 10.7.10.136
DST IP: 10.7.100.11
PROTO: 6
SRC PORT: 59006
DST PORT: 443
TCP SEQ: 1926771825
TCP ACK: 2546653787
FLOW: to_server: TRUE, to_client: FALSE
FLOW Start TS: 10/24/2024-09:51:48.417325
FLOW PKTS TODST: 5
FLOW PKTS TOSRC: 6
FLOW Total Bytes: 7537
FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE
FLOW ACTION: DROP: FALSE
FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: TRUE, APP_LAYER: TRUE
FLOW APP_LAYER: DETECTED: TRUE, PROTO 4
FLOWINT: "applayer.anomaly.count" => 1
FLOWINT: "tls.anomaly.count" => 1
PACKET LEN: 64
PACKET:
0000 00 15 B2 AB E7 DA 00 00 00 5E 00 01 81 00 00 64 ........ .^.....d
0010 08 00 45 00 00 28 5B 05 40 00 3F 06 5E 2A 0A 07 ..E..([. @.?.^*..
0020 0A 88 0A 07 64 0B E6 7E 01 BB 72 D8 34 71 97 CA ....d..~ ..r.4q..
0030 DA 5B 50 10 01 DA 29 B0 00 00 00 00 00 00 00 00 .[P...). ........
ALERT CNT: 2
ALERT MSG [00]: SURICATA TLS invalid record type
ALERT GID [00]: 1
ALERT SID [00]: 2230002
ALERT REV [00]: 1
ALERT CLASS [00]: Generic Protocol Command Decode
ALERT PRIO [00]: 3
ALERT FOUND IN [00]: STATE
ALERT IN TX [00]: 0
STREAM DATA LEN: 28
STREAM DATA:
0000 0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A 21 11 00 0C .......Q UIT.!...
0010 5F 63 90 46 58 D8 BD 58 C7 52 01 BB _c.FX..X .R..
STREAM DATA LEN: 517
STREAM DATA:
0000 16 03 01 02 00 01 00 01 FC 03 03 7B E1 11 7C BE ........ ...{..|.
0010 59 EC 0D CC 41 8E 54 42 1F 15 D0 2C 5A 2D 54 ED Y...A.TB ...,Z-T.
0020 57 FC 91 D3 8B AF 7E DC 9B E0 9E 20 22 D9 A2 63 W.....~. ... "..c
0030 0D B5 A1 9C AB 1C EC 05 0B 46 9C B4 95 31 7A BF ........ .F...1z.
0040 07 B1 A3 40 97 CB 6F 97 18 43 A2 8D 00 3E 13 02 ...@..o. .C...>..
0050 13 03 13 01 C0 2C C0 30 00 9F CC A9 CC A8 CC AA .....,.0 ........
0060 C0 2B C0 2F 00 9E C0 24 C0 28 00 6B C0 23 C0 27 .+./...$ .(.k.#.'
0070 00 67 C0 0A C0 14 00 39 C0 09 C0 13 00 33 00 9D .g.....9 .....3..
0080 00 9C 00 3D 00 3C 00 35 00 2F 00 FF 01 00 01 75 ...=.<.5 ./.....u
0090 00 00 00 13 00 11 00 00 0E 65 75 2E 73 6D 61 72 ........ .eu.smar
00A0 74 6B 65 79 2E 69 6F 00 0B 00 04 03 00 01 02 00 tkey.io. ........
00B0 0A 00 16 00 14 00 1D 00 17 00 1E 00 19 00 18 01 ........ ........
00C0 00 01 01 01 02 01 03 01 04 33 74 00 00 00 10 00 ........ .3t.....
00D0 0E 00 0C 02 68 32 08 68 74 74 70 2F 31 2E 31 00 ....h2.h ttp/1.1.
00E0 16 00 00 00 17 00 00 00 31 00 00 00 0D 00 2A 00 ........ 1.....*.
00F0 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0A 08 (....... ........
0100 0B 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 ........ ........
0110 01 03 02 04 02 05 02 06 02 00 2B 00 05 04 03 04 ........ ..+.....
0120 03 03 00 2D 00 02 01 01 00 33 00 26 00 24 00 1D ...-.... .3.&.$..
0130 00 20 BE B7 F7 69 11 B5 4D D7 6E 2A 2E 76 4F D0 . ...i.. M.n*.vO.
0140 29 6C D0 63 4D 37 57 9D EB 27 19 7B 94 E4 6F 46 )l.cM7W. .'.{..oF
0150 3E 10 00 15 00 AF 00 00 00 00 00 00 00 00 00 00 >....... ........
0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
0200 00 00 00 00 00 .....
ALERT MSG [01]: SURICATA Applayer Detect protocol only one direction
ALERT GID [01]: 1
ALERT SID [01]: 2260002
ALERT REV [01]: 1
ALERT CLASS [01]: Generic Protocol Command Decode
ALERT PRIO [01]: 3
ALERT FOUND IN [01]: PACKET
ALERT IN TX [01]: N/A
(3-3/3)