You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Farrukh Naveed Anjum <an...@gmail.com> on 2018/06/28 06:16:11 UTC
Parser Error while Snort IDS usage
Hi,
I am getting following errors when I am using snort in IDS mode.
java.lang.IllegalStateException: Unable to parse message:
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:180)
at
org.apache.metron.parsers.interfaces.MessageParser.parseOptional(MessageParser.java:45)
at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:177)
at
org.apache.storm.daemon.executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734)
at
org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466)
at
org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430)
at
org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
at
org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853)
at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at
clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745)
Caused by: java.time.format.DateTimeParseException: Text
'06/28-02:06:18.667820' could not be parsed at index 5 at
java.time.format.DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949)
at java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851) at
java.time.ZonedDateTime.parse(ZonedDateTime.java:597) at
org.apache.metron.parsers.snort.BasicSnortParser.toEpoch(BasicSnortParser.java:194)
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:165)
... 12 more
Following is the data i am getting in alerts.csv
06/28-02:00:39.145636 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,12590,1
06/28-02:00:39.145690 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,40061,32,32768,0,0,12590,1
06/28-02:00:49.949974 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,13210,1
06/28-02:00:49.950011 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41071,32,32768,0,0,13210,1
06/28-02:01:00.534199 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,55879,1
06/28-02:01:00.534224 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,43938,32,32768,0,0,55879,1
06/28-02:01:02.185767 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,4364,1
06/28-02:01:02.185812 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41648,32,32768,0,0,4364,1
06/28-02:01:03.946563 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,20112,56
06/28-02:01:03.946596 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,38270,80,81920,0,0,20112,56
06/28-02:01:05.015592 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,55637,1
06/28-02:01:05.015640 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,29998,32,32768,0,0,55637,1
06/28-02:01:08.820637 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,10717,1
06/28-02:01:08.820684 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51338,32,32768,0,0,10717,1
06/28-02:01:16.702204 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,23094,1
06/28-02:01:16.702256 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51904,32,32768,0,0,23094,1
06/28-02:01:18.322369 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,26763,1
06/28-02:01:18.322409 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46352,32,32768,0,0,26763,1
06/28-02:01:20.123553 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33803,1
06/28-02:01:20.123598 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,45483,32,32768,0,0,33803,1
06/28-02:01:23.577021 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,17219,1
06/28-02:01:23.577052 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,33095,32,32768,0,0,17219,1
06/28-02:01:30.151474 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,11407,1
06/28-02:01:30.151513 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46067,32,32768,0,0,11407,1
06/28-02:01:35.974945 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,53548,1
06/28-02:01:35.974979 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,52195,32,32768,0,0,53548,1
06/28-02:04:30.359006 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,45672,1
06/28-02:04:30.359048 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54705,32,32768,0,0,45672,1
06/28-02:04:31.184875 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,46926,1
06/28-02:04:31.184910 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7815,32,32768,0,0,46926,1
06/28-02:04:35.356385 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,8257,1
06/28-02:04:35.356429 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1686,32,32768,0,0,8257,1
06/28-02:04:38.443672 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,31410,1
06/28-02:04:38.443707 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,8956,32,32768,0,0,31410,1
06/28-02:04:46.014548 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,59605,1
06/28-02:04:46.014592 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9929,32,32768,0,0,59605,1
06/28-02:04:46.251612 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53218,1
06/28-02:04:46.251641 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1790,32,32768,0,0,53218,1
06/28-02:04:52.702052 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,56433,1
06/28-02:04:52.702086 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,10532,32,32768,0,0,56433,1
06/28-02:04:53.639526 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,29360,1
06/28-02:04:53.639566 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54886,32,32768,0,0,29360,1
06/28-02:05:01.082557 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,60573,1
06/28-02:05:01.082591 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,3920,32,32768,0,0,60573,1
06/28-02:05:03.147751 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33678,1
06/28-02:05:03.147788 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,56632,32,32768,0,0,33678,1
06/28-02:05:04.669301 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,25429,57
06/28-02:05:04.669343 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,54540,80,81920,0,0,25429,57
06/28-02:05:08.779706 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,1739,1
06/28-02:05:08.779743 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13385,32,32768,0,0,1739,1
06/28-02:05:15.570417 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,60185,1
06/28-02:05:15.570450 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13544,32,32768,0,0,60185,1
06/28-02:05:16.903692 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,23950,1
06/28-02:05:16.903726 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,59285,32,32768,0,0,23950,1
06/28-02:05:18.383841 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,63207,1
06/28-02:05:18.383882 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14475,32,32768,0,0,63207,1
06/28-02:05:18.824040 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,7736,1
06/28-02:05:18.824092 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5347,32,32768,0,0,7736,1
06/28-02:05:30.125695 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25742,1
06/28-02:05:30.125728 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61218,32,32768,0,0,25742,1
06/28-02:05:36.588011 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,17479,1
06/28-02:05:36.588053 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15718,32,32768,0,0,17479,1
06/28-02:05:38.852402 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,5905,1
06/28-02:05:38.852436 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13897,32,32768,0,0,5905,1
06/28-02:05:39.430180 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,49810,1
06/28-02:05:39.430232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,6050,32,32768,0,0,49810,1
06/28-02:05:46.070186 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58325,1
06/28-02:05:46.070233 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16090,32,32768,0,0,58325,1
06/28-02:05:48.219891 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,30836,1
06/28-02:05:48.219945 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7099,32,32768,0,0,30836,1
06/28-02:05:48.981161 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,64616,1
06/28-02:05:48.981215 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61386,32,32768,0,0,64616,1
06/28-02:05:53.098749 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,22210,1
06/28-02:05:53.098797 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14341,32,32768,0,0,22210,1
06/28-02:06:00.702406 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58419,1
06/28-02:06:00.702455 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16746,32,32768,0,0,58419,1
06/28-02:06:01.913122 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,59765,1
06/28-02:06:01.913164 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,62975,32,32768,0,0,59765,1
06/28-02:06:03.154199 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,54172,1
06/28-02:06:03.154248 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9740,32,32768,0,0,54172,1
06/28-02:06:04.880492 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,37706,1
06/28-02:06:04.880540 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15472,32,32768,0,0,37706,1
06/28-02:06:05.319133 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,58
06/28-02:06:05.319168 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60496,80,81920,0,0,26698,58
06/28-02:06:08.117387 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,217
06/28-02:06:08.117412 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60911,80,81920,0,0,26698,217
06/28-02:06:15.184897 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,33808,1
06/28-02:06:15.184927 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16836,32,32768,0,0,33808,1
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
06/28-02:06:18.667869 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1217,32,32768,0,0,21914,1
06/28-02:06:19.485622 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,53117,1
06/28-02:06:19.485658 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,19069,32,32768,0,0,53117,1
06/28-02:06:19.794201 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20668,1
06/28-02:06:19.794232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,11300,32,32768,0,0,20668,1
06/28-02:06:31.876229 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,411,1
06/28-02:06:31.876280 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20335,32,32768,0,0,411,1
06/28-02:06:32.366014 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20259,1
06/28-02:06:32.366064 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,12918,32,32768,0,0,20259,1
06/28-02:06:38.832328 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,54600,1
06/28-02:06:38.832377 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20624,32,32768,0,0,54600,1
06/28-02:06:39.153101 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25072,1
06/28-02:06:39.153154 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5313,32,32768,0,0,25072,1
06/28-02:06:47.976325 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53517,1
06/28-02:06:47.976378 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16112,32,32768,0,0,53517,1
06/28-02:06:50.865988 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,743,1
06/28-02:06:50.866029 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21484,32,32768,0,0,743,1
06/28-02:06:50.945076 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,65520,1
06/28-02:06:50.945110 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5723,32,32768,0,0,65520,1
06/28-02:06:51.060311 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,33127,1
06/28-02:06:51.060362 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21176,32,32768,0,0,33127,1
--
With Regards
Farrukh Naveed Anjum
Re: Parser Error while Snort IDS usage
Posted by Farrukh Naveed Anjum <an...@gmail.com>.
Thanks, I resolved it by allowing the config show_year in snort.conf file
and the snort parser date format configurations.
On Thu, Jun 28, 2018 at 7:06 PM, Otto Fowler <ot...@gmail.com>
wrote:
> Forgot to put the default format in. It is : private static String defaultDateFormat
> = "MM/dd/yy-HH:mm:ss.SSSSSS";
>
>
> On June 28, 2018 at 10:06:08, Otto Fowler (ottobackwards@gmail.com) wrote:
>
> The snort parser by default supports dates in the following format:
>
> Your dates are missing the ‘yy’. If I add that, your failing message
> parses:
>
> /**
> 06/28/18-02:06:18.667820 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
> */
> @Multiline
> public static String userMessage;
>
>
> @Test
> public void testUserIssue() {
> BasicSnortParser parser = new BasicSnortParser();
> parser.configure(new HashMap<>());
> List<JSONObject> msgs = parser.parse(userMessage.getBytes());
> Assert.assertTrue(msgs != null && msgs.isEmpty() == false);
> }
>
>
> You need to configure the snort processor’s dateFormat
>
> https://metron.apache.org/current-book/metron-platform/
> metron-parsers/index.html shows a sample. See ‘Sample configuration for
> a sensor’.
>
>
> On June 28, 2018 at 02:16:42, Farrukh Naveed Anjum (
> anjum.farrukh@gmail.com) wrote:
>
> Hi,
>
> I am getting following errors when I am using snort in IDS mode.
>
> java.lang.IllegalStateException: Unable to parse message:
> 06/28-02:06:18.667820 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
> at org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:180)
> at org.apache.metron.parsers.interfaces.MessageParser.
> parseOptional(MessageParser.java:45) at org.apache.metron.parsers.
> bolt.ParserBolt.execute(ParserBolt.java:177) at org.apache.storm.daemon.
> executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734) at
> org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466)
> at org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40)
> at org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451)
> at org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430)
> at org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
> at org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853)
> at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at
> clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745)
> Caused by: java.time.format.DateTimeParseException: Text
> '06/28-02:06:18.667820' could not be parsed at index 5 at java.time.format.
> DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949) at
> java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851) at
> java.time.ZonedDateTime.parse(ZonedDateTime.java:597) at
> org.apache.metron.parsers.snort.BasicSnortParser.
> toEpoch(BasicSnortParser.java:194) at org.apache.metron.parsers.
> snort.BasicSnortParser.parse(BasicSnortParser.java:165) ... 12 more
>
>
> Following is the data i am getting in alerts.csv
>
> 06/28-02:00:39.145636 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,12590,1
> 06/28-02:00:39.145690 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,40061,32,32768,0,0,12590,1
> 06/28-02:00:49.949974 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,13210,1
> 06/28-02:00:49.950011 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,41071,32,32768,0,0,13210,1
> 06/28-02:01:00.534199 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,55879,1
> 06/28-02:01:00.534224 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,43938,32,32768,0,0,55879,1
> 06/28-02:01:02.185767 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,4364,1
> 06/28-02:01:02.185812 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,41648,32,32768,0,0,4364,1
> 06/28-02:01:03.946563 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,20112,56
> 06/28-02:01:03.946596 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,38270,80,81920,0,0,20112,56
> 06/28-02:01:05.015592 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,55637,1
> 06/28-02:01:05.015640 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,29998,32,32768,0,0,55637,1
> 06/28-02:01:08.820637 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,10717,1
> 06/28-02:01:08.820684 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,51338,32,32768,0,0,10717,1
> 06/28-02:01:16.702204 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,23094,1
> 06/28-02:01:16.702256 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,51904,32,32768,0,0,23094,1
> 06/28-02:01:18.322369 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,26763,1
> 06/28-02:01:18.322409 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,46352,32,32768,0,0,26763,1
> 06/28-02:01:20.123553 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,33803,1
> 06/28-02:01:20.123598 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,45483,32,32768,0,0,33803,1
> 06/28-02:01:23.577021 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,17219,1
> 06/28-02:01:23.577052 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,33095,32,32768,0,0,17219,1
> 06/28-02:01:30.151474 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,11407,1
> 06/28-02:01:30.151513 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,46067,32,32768,0,0,11407,1
> 06/28-02:01:35.974945 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,53548,1
> 06/28-02:01:35.974979 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,52195,32,32768,0,0,53548,1
> 06/28-02:04:30.359006 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,45672,1
> 06/28-02:04:30.359048 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,54705,32,32768,0,0,45672,1
> 06/28-02:04:31.184875 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,46926,1
> 06/28-02:04:31.184910 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,7815,32,32768,0,0,46926,1
> 06/28-02:04:35.356385 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,8257,1
> 06/28-02:04:35.356429 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1686,32,32768,0,0,8257,1
> 06/28-02:04:38.443672 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,31410,1
> 06/28-02:04:38.443707 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,8956,32,32768,0,0,31410,1
> 06/28-02:04:46.014548 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,59605,1
> 06/28-02:04:46.014592 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,9929,32,32768,0,0,59605,1
> 06/28-02:04:46.251612 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,53218,1
> 06/28-02:04:46.251641 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1790,32,32768,0,0,53218,1
> 06/28-02:04:52.702052 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,56433,1
> 06/28-02:04:52.702086 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,10532,32,32768,0,0,56433,1
> 06/28-02:04:53.639526 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,29360,1
> 06/28-02:04:53.639566 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,54886,32,32768,0,0,29360,1
> 06/28-02:05:01.082557 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,60573,1
> 06/28-02:05:01.082591 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,3920,32,32768,0,0,60573,1
> 06/28-02:05:03.147751 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,33678,1
> 06/28-02:05:03.147788 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,56632,32,32768,0,0,33678,1
> 06/28-02:05:04.669301 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,25429,57
> 06/28-02:05:04.669343 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,54540,80,81920,0,0,25429,57
> 06/28-02:05:08.779706 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,1739,1
> 06/28-02:05:08.779743 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13385,32,32768,0,0,1739,1
> 06/28-02:05:15.570417 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,60185,1
> 06/28-02:05:15.570450 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13544,32,32768,0,0,60185,1
> 06/28-02:05:16.903692 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,23950,1
> 06/28-02:05:16.903726 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,59285,32,32768,0,0,23950,1
> 06/28-02:05:18.383841 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,63207,1
> 06/28-02:05:18.383882 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,14475,32,32768,0,0,63207,1
> 06/28-02:05:18.824040 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,7736,1
> 06/28-02:05:18.824092 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5347,32,32768,0,0,7736,1
> 06/28-02:05:30.125695 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,25742,1
> 06/28-02:05:30.125728 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,61218,32,32768,0,0,25742,1
> 06/28-02:05:36.588011 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,17479,1
> 06/28-02:05:36.588053 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,15718,32,32768,0,0,17479,1
> 06/28-02:05:38.852402 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,5905,1
> 06/28-02:05:38.852436 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13897,32,32768,0,0,5905,1
> 06/28-02:05:39.430180 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,49810,1
> 06/28-02:05:39.430232 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,6050,32,32768,0,0,49810,1
> 06/28-02:05:46.070186 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,58325,1
> 06/28-02:05:46.070233 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16090,32,32768,0,0,58325,1
> 06/28-02:05:48.219891 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,30836,1
> 06/28-02:05:48.219945 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,7099,32,32768,0,0,30836,1
> 06/28-02:05:48.981161 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,64616,1
> 06/28-02:05:48.981215 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,61386,32,32768,0,0,64616,1
> 06/28-02:05:53.098749 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,22210,1
> 06/28-02:05:53.098797 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,14341,32,32768,0,0,22210,1
> 06/28-02:06:00.702406 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,58419,1
> 06/28-02:06:00.702455 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16746,32,32768,0,0,58419,1
> 06/28-02:06:01.913122 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,59765,1
> 06/28-02:06:01.913164 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,62975,32,32768,0,0,59765,1
> 06/28-02:06:03.154199 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,54172,1
> 06/28-02:06:03.154248 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,9740,32,32768,0,0,54172,1
> 06/28-02:06:04.880492 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,37706,1
> 06/28-02:06:04.880540 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,15472,32,32768,0,0,37706,1
> 06/28-02:06:05.319133 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,26698,58
> 06/28-02:06:05.319168 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,60496,80,81920,0,0,26698,58
> 06/28-02:06:08.117387 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,26698,217
> 06/28-02:06:08.117412 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,60911,80,81920,0,0,26698,217
> 06/28-02:06:15.184897 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,33808,1
> 06/28-02:06:15.184927 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16836,32,32768,0,0,33808,1
> 06/28-02:06:18.667820 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,21914,1
> 06/28-02:06:18.667869 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1217,32,32768,0,0,21914,1
> 06/28-02:06:19.485622 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,53117,1
> 06/28-02:06:19.485658 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,19069,32,32768,0,0,53117,1
> 06/28-02:06:19.794201 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,20668,1
> 06/28-02:06:19.794232 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,11300,32,32768,0,0,20668,1
> 06/28-02:06:31.876229 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,411,1
> 06/28-02:06:31.876280 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,20335,32,32768,0,0,411,1
> 06/28-02:06:32.366014 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,20259,1
> 06/28-02:06:32.366064 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,12918,32,32768,0,0,20259,1
> 06/28-02:06:38.832328 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,54600,1
> 06/28-02:06:38.832377 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,20624,32,32768,0,0,54600,1
> 06/28-02:06:39.153101 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,25072,1
> 06/28-02:06:39.153154 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5313,32,32768,0,0,25072,1
> 06/28-02:06:47.976325 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,53517,1
> 06/28-02:06:47.976378 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16112,32,32768,0,0,53517,1
> 06/28-02:06:50.865988 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,743,1
> 06/28-02:06:50.866029 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,21484,32,32768,0,0,743,1
> 06/28-02:06:50.945076 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,65520,1
> 06/28-02:06:50.945110 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5723,32,32768,0,0,65520,1
> 06/28-02:06:51.060311 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,33127,1
> 06/28-02:06:51.060362 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,21176,32,32768,0,0,33127,1
>
>
> --
> With Regards
> Farrukh Naveed Anjum
>
>
--
With Regards
Farrukh Naveed Anjum
Re: Parser Error while Snort IDS usage
Posted by Otto Fowler <ot...@gmail.com>.
Forgot to put the default format in. It is : private static String
defaultDateFormat
= "MM/dd/yy-HH:mm:ss.SSSSSS";
On June 28, 2018 at 10:06:08, Otto Fowler (ottobackwards@gmail.com) wrote:
The snort parser by default supports dates in the following format:
Your dates are missing the ‘yy’. If I add that, your failing message
parses:
/**
06/28/18-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
*/
@Multiline
public static String userMessage;
@Test
public void testUserIssue() {
BasicSnortParser parser = new BasicSnortParser();
parser.configure(new HashMap<>());
List<JSONObject> msgs = parser.parse(userMessage.getBytes());
Assert.assertTrue(msgs != null && msgs.isEmpty() == false);
}
You need to configure the snort processor’s dateFormat
https://metron.apache.org/current-book/metron-platform/metron-parsers/index.html
shows
a sample. See ‘Sample configuration for a sensor’.
On June 28, 2018 at 02:16:42, Farrukh Naveed Anjum (anjum.farrukh@gmail.com)
wrote:
Hi,
I am getting following errors when I am using snort in IDS mode.
java.lang.IllegalStateException: Unable to parse message:
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:180)
at
org.apache.metron.parsers.interfaces.MessageParser.parseOptional(MessageParser.java:45)
at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:177)
at
org.apache.storm.daemon.executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734)
at
org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466)
at
org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430)
at
org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
at
org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853)
at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at
clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745)
Caused by: java.time.format.DateTimeParseException: Text
'06/28-02:06:18.667820' could not be parsed at index 5 at
java.time.format.DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949)
at java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851) at
java.time.ZonedDateTime.parse(ZonedDateTime.java:597) at
org.apache.metron.parsers.snort.BasicSnortParser.toEpoch(BasicSnortParser.java:194)
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:165)
... 12 more
Following is the data i am getting in alerts.csv
06/28-02:00:39.145636 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,12590,1
06/28-02:00:39.145690 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,40061,32,32768,0,0,12590,1
06/28-02:00:49.949974 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,13210,1
06/28-02:00:49.950011 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41071,32,32768,0,0,13210,1
06/28-02:01:00.534199 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,55879,1
06/28-02:01:00.534224 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,43938,32,32768,0,0,55879,1
06/28-02:01:02.185767 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,4364,1
06/28-02:01:02.185812 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41648,32,32768,0,0,4364,1
06/28-02:01:03.946563 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,20112,56
06/28-02:01:03.946596 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,38270,80,81920,0,0,20112,56
06/28-02:01:05.015592 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,55637,1
06/28-02:01:05.015640 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,29998,32,32768,0,0,55637,1
06/28-02:01:08.820637 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,10717,1
06/28-02:01:08.820684 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51338,32,32768,0,0,10717,1
06/28-02:01:16.702204 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,23094,1
06/28-02:01:16.702256 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51904,32,32768,0,0,23094,1
06/28-02:01:18.322369 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,26763,1
06/28-02:01:18.322409 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46352,32,32768,0,0,26763,1
06/28-02:01:20.123553 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33803,1
06/28-02:01:20.123598 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,45483,32,32768,0,0,33803,1
06/28-02:01:23.577021 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,17219,1
06/28-02:01:23.577052 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,33095,32,32768,0,0,17219,1
06/28-02:01:30.151474 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,11407,1
06/28-02:01:30.151513 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46067,32,32768,0,0,11407,1
06/28-02:01:35.974945 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,53548,1
06/28-02:01:35.974979 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,52195,32,32768,0,0,53548,1
06/28-02:04:30.359006 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,45672,1
06/28-02:04:30.359048 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54705,32,32768,0,0,45672,1
06/28-02:04:31.184875 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,46926,1
06/28-02:04:31.184910 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7815,32,32768,0,0,46926,1
06/28-02:04:35.356385 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,8257,1
06/28-02:04:35.356429 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1686,32,32768,0,0,8257,1
06/28-02:04:38.443672 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,31410,1
06/28-02:04:38.443707 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,8956,32,32768,0,0,31410,1
06/28-02:04:46.014548 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,59605,1
06/28-02:04:46.014592 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9929,32,32768,0,0,59605,1
06/28-02:04:46.251612 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53218,1
06/28-02:04:46.251641 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1790,32,32768,0,0,53218,1
06/28-02:04:52.702052 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,56433,1
06/28-02:04:52.702086 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,10532,32,32768,0,0,56433,1
06/28-02:04:53.639526 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,29360,1
06/28-02:04:53.639566 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54886,32,32768,0,0,29360,1
06/28-02:05:01.082557 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,60573,1
06/28-02:05:01.082591 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,3920,32,32768,0,0,60573,1
06/28-02:05:03.147751 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33678,1
06/28-02:05:03.147788 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,56632,32,32768,0,0,33678,1
06/28-02:05:04.669301 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,25429,57
06/28-02:05:04.669343 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,54540,80,81920,0,0,25429,57
06/28-02:05:08.779706 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,1739,1
06/28-02:05:08.779743 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13385,32,32768,0,0,1739,1
06/28-02:05:15.570417 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,60185,1
06/28-02:05:15.570450 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13544,32,32768,0,0,60185,1
06/28-02:05:16.903692 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,23950,1
06/28-02:05:16.903726 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,59285,32,32768,0,0,23950,1
06/28-02:05:18.383841 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,63207,1
06/28-02:05:18.383882 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14475,32,32768,0,0,63207,1
06/28-02:05:18.824040 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,7736,1
06/28-02:05:18.824092 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5347,32,32768,0,0,7736,1
06/28-02:05:30.125695 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25742,1
06/28-02:05:30.125728 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61218,32,32768,0,0,25742,1
06/28-02:05:36.588011 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,17479,1
06/28-02:05:36.588053 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15718,32,32768,0,0,17479,1
06/28-02:05:38.852402 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,5905,1
06/28-02:05:38.852436 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13897,32,32768,0,0,5905,1
06/28-02:05:39.430180 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,49810,1
06/28-02:05:39.430232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,6050,32,32768,0,0,49810,1
06/28-02:05:46.070186 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58325,1
06/28-02:05:46.070233 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16090,32,32768,0,0,58325,1
06/28-02:05:48.219891 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,30836,1
06/28-02:05:48.219945 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7099,32,32768,0,0,30836,1
06/28-02:05:48.981161 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,64616,1
06/28-02:05:48.981215 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61386,32,32768,0,0,64616,1
06/28-02:05:53.098749 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,22210,1
06/28-02:05:53.098797 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14341,32,32768,0,0,22210,1
06/28-02:06:00.702406 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58419,1
06/28-02:06:00.702455 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16746,32,32768,0,0,58419,1
06/28-02:06:01.913122 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,59765,1
06/28-02:06:01.913164 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,62975,32,32768,0,0,59765,1
06/28-02:06:03.154199 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,54172,1
06/28-02:06:03.154248 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9740,32,32768,0,0,54172,1
06/28-02:06:04.880492 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,37706,1
06/28-02:06:04.880540 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15472,32,32768,0,0,37706,1
06/28-02:06:05.319133 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,58
06/28-02:06:05.319168 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60496,80,81920,0,0,26698,58
06/28-02:06:08.117387 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,217
06/28-02:06:08.117412 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60911,80,81920,0,0,26698,217
06/28-02:06:15.184897 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,33808,1
06/28-02:06:15.184927 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16836,32,32768,0,0,33808,1
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
06/28-02:06:18.667869 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1217,32,32768,0,0,21914,1
06/28-02:06:19.485622 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,53117,1
06/28-02:06:19.485658 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,19069,32,32768,0,0,53117,1
06/28-02:06:19.794201 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20668,1
06/28-02:06:19.794232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,11300,32,32768,0,0,20668,1
06/28-02:06:31.876229 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,411,1
06/28-02:06:31.876280 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20335,32,32768,0,0,411,1
06/28-02:06:32.366014 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20259,1
06/28-02:06:32.366064 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,12918,32,32768,0,0,20259,1
06/28-02:06:38.832328 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,54600,1
06/28-02:06:38.832377 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20624,32,32768,0,0,54600,1
06/28-02:06:39.153101 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25072,1
06/28-02:06:39.153154 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5313,32,32768,0,0,25072,1
06/28-02:06:47.976325 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53517,1
06/28-02:06:47.976378 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16112,32,32768,0,0,53517,1
06/28-02:06:50.865988 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,743,1
06/28-02:06:50.866029 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21484,32,32768,0,0,743,1
06/28-02:06:50.945076 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,65520,1
06/28-02:06:50.945110 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5723,32,32768,0,0,65520,1
06/28-02:06:51.060311 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,33127,1
06/28-02:06:51.060362 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21176,32,32768,0,0,33127,1
--
With Regards
Farrukh Naveed Anjum
Re: Parser Error while Snort IDS usage
Posted by Otto Fowler <ot...@gmail.com>.
The snort parser by default supports dates in the following format:
Your dates are missing the ‘yy’. If I add that, your failing message
parses:
/**
06/28/18-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
*/
@Multiline
public static String userMessage;
@Test
public void testUserIssue() {
BasicSnortParser parser = new BasicSnortParser();
parser.configure(new HashMap<>());
List<JSONObject> msgs = parser.parse(userMessage.getBytes());
Assert.assertTrue(msgs != null && msgs.isEmpty() == false);
}
You need to configure the snort processor’s dateFormat
https://metron.apache.org/current-book/metron-platform/metron-parsers/index.html
shows
a sample. See ‘Sample configuration for a sensor’.
On June 28, 2018 at 02:16:42, Farrukh Naveed Anjum (anjum.farrukh@gmail.com)
wrote:
Hi,
I am getting following errors when I am using snort in IDS mode.
java.lang.IllegalStateException: Unable to parse message:
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:180)
at
org.apache.metron.parsers.interfaces.MessageParser.parseOptional(MessageParser.java:45)
at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:177)
at
org.apache.storm.daemon.executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734)
at
org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466)
at
org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451)
at
org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430)
at
org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
at
org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853)
at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at
clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745)
Caused by: java.time.format.DateTimeParseException: Text
'06/28-02:06:18.667820' could not be parsed at index 5 at
java.time.format.DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949)
at java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851) at
java.time.ZonedDateTime.parse(ZonedDateTime.java:597) at
org.apache.metron.parsers.snort.BasicSnortParser.toEpoch(BasicSnortParser.java:194)
at
org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:165)
... 12 more
Following is the data i am getting in alerts.csv
06/28-02:00:39.145636 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,12590,1
06/28-02:00:39.145690 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,40061,32,32768,0,0,12590,1
06/28-02:00:49.949974 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,13210,1
06/28-02:00:49.950011 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41071,32,32768,0,0,13210,1
06/28-02:01:00.534199 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,55879,1
06/28-02:01:00.534224 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,43938,32,32768,0,0,55879,1
06/28-02:01:02.185767 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,4364,1
06/28-02:01:02.185812 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,41648,32,32768,0,0,4364,1
06/28-02:01:03.946563 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,20112,56
06/28-02:01:03.946596 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,38270,80,81920,0,0,20112,56
06/28-02:01:05.015592 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,55637,1
06/28-02:01:05.015640 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,29998,32,32768,0,0,55637,1
06/28-02:01:08.820637 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,10717,1
06/28-02:01:08.820684 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51338,32,32768,0,0,10717,1
06/28-02:01:16.702204 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,23094,1
06/28-02:01:16.702256 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,51904,32,32768,0,0,23094,1
06/28-02:01:18.322369 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,26763,1
06/28-02:01:18.322409 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46352,32,32768,0,0,26763,1
06/28-02:01:20.123553 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33803,1
06/28-02:01:20.123598 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,45483,32,32768,0,0,33803,1
06/28-02:01:23.577021 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,17219,1
06/28-02:01:23.577052 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,33095,32,32768,0,0,17219,1
06/28-02:01:30.151474 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,11407,1
06/28-02:01:30.151513 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,46067,32,32768,0,0,11407,1
06/28-02:01:35.974945 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,53548,1
06/28-02:01:35.974979 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,52195,32,32768,0,0,53548,1
06/28-02:04:30.359006 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,45672,1
06/28-02:04:30.359048 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54705,32,32768,0,0,45672,1
06/28-02:04:31.184875 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,46926,1
06/28-02:04:31.184910 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7815,32,32768,0,0,46926,1
06/28-02:04:35.356385 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,8257,1
06/28-02:04:35.356429 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1686,32,32768,0,0,8257,1
06/28-02:04:38.443672 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,31410,1
06/28-02:04:38.443707 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,8956,32,32768,0,0,31410,1
06/28-02:04:46.014548 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,59605,1
06/28-02:04:46.014592 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9929,32,32768,0,0,59605,1
06/28-02:04:46.251612 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53218,1
06/28-02:04:46.251641 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1790,32,32768,0,0,53218,1
06/28-02:04:52.702052 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,56433,1
06/28-02:04:52.702086 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,10532,32,32768,0,0,56433,1
06/28-02:04:53.639526 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,29360,1
06/28-02:04:53.639566 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,54886,32,32768,0,0,29360,1
06/28-02:05:01.082557 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,60573,1
06/28-02:05:01.082591 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,3920,32,32768,0,0,60573,1
06/28-02:05:03.147751 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,33678,1
06/28-02:05:03.147788 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,56632,32,32768,0,0,33678,1
06/28-02:05:04.669301 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,25429,57
06/28-02:05:04.669343 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,54540,80,81920,0,0,25429,57
06/28-02:05:08.779706 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,1739,1
06/28-02:05:08.779743 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13385,32,32768,0,0,1739,1
06/28-02:05:15.570417 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,60185,1
06/28-02:05:15.570450 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13544,32,32768,0,0,60185,1
06/28-02:05:16.903692 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,23950,1
06/28-02:05:16.903726 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,59285,32,32768,0,0,23950,1
06/28-02:05:18.383841 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,63207,1
06/28-02:05:18.383882 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14475,32,32768,0,0,63207,1
06/28-02:05:18.824040 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,7736,1
06/28-02:05:18.824092 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5347,32,32768,0,0,7736,1
06/28-02:05:30.125695 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25742,1
06/28-02:05:30.125728 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61218,32,32768,0,0,25742,1
06/28-02:05:36.588011 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,17479,1
06/28-02:05:36.588053 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15718,32,32768,0,0,17479,1
06/28-02:05:38.852402 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,5905,1
06/28-02:05:38.852436 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,13897,32,32768,0,0,5905,1
06/28-02:05:39.430180 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,49810,1
06/28-02:05:39.430232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,6050,32,32768,0,0,49810,1
06/28-02:05:46.070186 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58325,1
06/28-02:05:46.070233 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16090,32,32768,0,0,58325,1
06/28-02:05:48.219891 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,30836,1
06/28-02:05:48.219945 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,7099,32,32768,0,0,30836,1
06/28-02:05:48.981161 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,64616,1
06/28-02:05:48.981215 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,61386,32,32768,0,0,64616,1
06/28-02:05:53.098749 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,22210,1
06/28-02:05:53.098797 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,14341,32,32768,0,0,22210,1
06/28-02:06:00.702406 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,58419,1
06/28-02:06:00.702455 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16746,32,32768,0,0,58419,1
06/28-02:06:01.913122 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,59765,1
06/28-02:06:01.913164 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,62975,32,32768,0,0,59765,1
06/28-02:06:03.154199 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,54172,1
06/28-02:06:03.154248 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,9740,32,32768,0,0,54172,1
06/28-02:06:04.880492 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,37706,1
06/28-02:06:04.880540 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,15472,32,32768,0,0,37706,1
06/28-02:06:05.319133 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,58
06/28-02:06:05.319168 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60496,80,81920,0,0,26698,58
06/28-02:06:08.117387 ,1,384,5,"ICMP
PING",ICMP,37.187.231.251,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,,,,,61,0,0,80,81920,8,0,26698,217
06/28-02:06:08.117412 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,,,,,64,0,60911,80,81920,0,0,26698,217
06/28-02:06:15.184897 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,33808,1
06/28-02:06:15.184927 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16836,32,32768,0,0,33808,1
06/28-02:06:18.667820 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
06/28-02:06:18.667869 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,1217,32,32768,0,0,21914,1
06/28-02:06:19.485622 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,53117,1
06/28-02:06:19.485658 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,19069,32,32768,0,0,53117,1
06/28-02:06:19.794201 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20668,1
06/28-02:06:19.794232 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,11300,32,32768,0,0,20668,1
06/28-02:06:31.876229 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,411,1
06/28-02:06:31.876280 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20335,32,32768,0,0,411,1
06/28-02:06:32.366014 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,20259,1
06/28-02:06:32.366064 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,12918,32,32768,0,0,20259,1
06/28-02:06:38.832328 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,54600,1
06/28-02:06:38.832377 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,20624,32,32768,0,0,54600,1
06/28-02:06:39.153101 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,25072,1
06/28-02:06:39.153154 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5313,32,32768,0,0,25072,1
06/28-02:06:47.976325 ,1,384,5,"ICMP
PING",ICMP,92.222.185.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,53517,1
06/28-02:06:47.976378 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,16112,32,32768,0,0,53517,1
06/28-02:06:50.865988 ,1,384,5,"ICMP
PING",ICMP,167.114.37.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,12,8,1,32,32768,8,0,743,1
06/28-02:06:50.866029 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21484,32,32768,0,0,743,1
06/28-02:06:50.945076 ,1,384,5,"ICMP
PING",ICMP,92.222.186.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,65520,1
06/28-02:06:50.945110 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,5723,32,32768,0,0,65520,1
06/28-02:06:51.060311 ,1,384,5,"ICMP
PING",ICMP,92.222.184.1,,158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,11,8,1,32,32768,8,0,33127,1
06/28-02:06:51.060362 ,1,408,5,"ICMP Echo
Reply",ICMP,158.69.118.104,,92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,,64,8,21176,32,32768,0,0,33127,1
--
With Regards
Farrukh Naveed Anjum
Re: Parser Error while Snort IDS usage
Posted by Farrukh Naveed Anjum <an...@gmail.com>.
Admin, if you will go through this post and allow it to be responded it
will be great.
On Wed, Jun 27, 2018 at 11:16 PM, Farrukh Naveed Anjum <
anjum.farrukh@gmail.com> wrote:
> Hi,
>
> I am getting following errors when I am using snort in IDS mode.
>
> java.lang.IllegalStateException: Unable to parse message:
> 06/28-02:06:18.667820 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,10,8,1,32,32768,8,0,21914,1
> at org.apache.metron.parsers.snort.BasicSnortParser.parse(BasicSnortParser.java:180)
> at org.apache.metron.parsers.interfaces.MessageParser.
> parseOptional(MessageParser.java:45) at org.apache.metron.parsers.
> bolt.ParserBolt.execute(ParserBolt.java:177) at org.apache.storm.daemon.
> executor$fn__6573$tuple_action_fn__6575.invoke(executor.clj:734) at
> org.apache.storm.daemon.executor$mk_task_receiver$fn__6494.invoke(executor.clj:466)
> at org.apache.storm.disruptor$clojure_handler$reify__6007.onEvent(disruptor.clj:40)
> at org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:451)
> at org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:430)
> at org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
> at org.apache.storm.daemon.executor$fn__6573$fn__6586$fn__6639.invoke(executor.clj:853)
> at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) at
> clojure.lang.AFn.run(AFn.java:22) at java.lang.Thread.run(Thread.java:745)
> Caused by: java.time.format.DateTimeParseException: Text
> '06/28-02:06:18.667820' could not be parsed at index 5 at java.time.format.
> DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949) at
> java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851) at
> java.time.ZonedDateTime.parse(ZonedDateTime.java:597) at
> org.apache.metron.parsers.snort.BasicSnortParser.
> toEpoch(BasicSnortParser.java:194) at org.apache.metron.parsers.
> snort.BasicSnortParser.parse(BasicSnortParser.java:165) ... 12 more
>
>
> Following is the data i am getting in alerts.csv
>
> 06/28-02:00:39.145636 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,12590,1
> 06/28-02:00:39.145690 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,40061,32,32768,0,0,12590,1
> 06/28-02:00:49.949974 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,13210,1
> 06/28-02:00:49.950011 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,41071,32,32768,0,0,13210,1
> 06/28-02:01:00.534199 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,55879,1
> 06/28-02:01:00.534224 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,43938,32,32768,0,0,55879,1
> 06/28-02:01:02.185767 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,4364,1
> 06/28-02:01:02.185812 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,41648,32,32768,0,0,4364,1
> 06/28-02:01:03.946563 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,20112,56
> 06/28-02:01:03.946596 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,38270,80,81920,0,0,20112,56
> 06/28-02:01:05.015592 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,55637,1
> 06/28-02:01:05.015640 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,29998,32,32768,0,0,55637,1
> 06/28-02:01:08.820637 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,10717,1
> 06/28-02:01:08.820684 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,51338,32,32768,0,0,10717,1
> 06/28-02:01:16.702204 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,23094,1
> 06/28-02:01:16.702256 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,51904,32,32768,0,0,23094,1
> 06/28-02:01:18.322369 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,26763,1
> 06/28-02:01:18.322409 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,46352,32,32768,0,0,26763,1
> 06/28-02:01:20.123553 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,33803,1
> 06/28-02:01:20.123598 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,45483,32,32768,0,0,33803,1
> 06/28-02:01:23.577021 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,17219,1
> 06/28-02:01:23.577052 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,33095,32,32768,0,0,17219,1
> 06/28-02:01:30.151474 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,11407,1
> 06/28-02:01:30.151513 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,46067,32,32768,0,0,11407,1
> 06/28-02:01:35.974945 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,53548,1
> 06/28-02:01:35.974979 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,52195,32,32768,0,0,53548,1
> 06/28-02:04:30.359006 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,45672,1
> 06/28-02:04:30.359048 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,54705,32,32768,0,0,45672,1
> 06/28-02:04:31.184875 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,46926,1
> 06/28-02:04:31.184910 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,7815,32,32768,0,0,46926,1
> 06/28-02:04:35.356385 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,8257,1
> 06/28-02:04:35.356429 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1686,32,32768,0,0,8257,1
> 06/28-02:04:38.443672 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,31410,1
> 06/28-02:04:38.443707 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,8956,32,32768,0,0,31410,1
> 06/28-02:04:46.014548 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,59605,1
> 06/28-02:04:46.014592 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,9929,32,32768,0,0,59605,1
> 06/28-02:04:46.251612 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,53218,1
> 06/28-02:04:46.251641 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1790,32,32768,0,0,53218,1
> 06/28-02:04:52.702052 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,56433,1
> 06/28-02:04:52.702086 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,10532,32,32768,0,0,56433,1
> 06/28-02:04:53.639526 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,29360,1
> 06/28-02:04:53.639566 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,54886,32,32768,0,0,29360,1
> 06/28-02:05:01.082557 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,60573,1
> 06/28-02:05:01.082591 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,3920,32,32768,0,0,60573,1
> 06/28-02:05:03.147751 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,33678,1
> 06/28-02:05:03.147788 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,56632,32,32768,0,0,33678,1
> 06/28-02:05:04.669301 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,25429,57
> 06/28-02:05:04.669343 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,54540,80,81920,0,0,25429,57
> 06/28-02:05:08.779706 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,1739,1
> 06/28-02:05:08.779743 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13385,32,32768,0,0,1739,1
> 06/28-02:05:15.570417 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,60185,1
> 06/28-02:05:15.570450 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13544,32,32768,0,0,60185,1
> 06/28-02:05:16.903692 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,23950,1
> 06/28-02:05:16.903726 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,59285,32,32768,0,0,23950,1
> 06/28-02:05:18.383841 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,63207,1
> 06/28-02:05:18.383882 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,14475,32,32768,0,0,63207,1
> 06/28-02:05:18.824040 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,7736,1
> 06/28-02:05:18.824092 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5347,32,32768,0,0,7736,1
> 06/28-02:05:30.125695 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,25742,1
> 06/28-02:05:30.125728 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,61218,32,32768,0,0,25742,1
> 06/28-02:05:36.588011 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,17479,1
> 06/28-02:05:36.588053 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,15718,32,32768,0,0,17479,1
> 06/28-02:05:38.852402 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,5905,1
> 06/28-02:05:38.852436 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,13897,32,32768,0,0,5905,1
> 06/28-02:05:39.430180 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,49810,1
> 06/28-02:05:39.430232 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,6050,32,32768,0,0,49810,1
> 06/28-02:05:46.070186 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,58325,1
> 06/28-02:05:46.070233 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16090,32,32768,0,0,58325,1
> 06/28-02:05:48.219891 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,30836,1
> 06/28-02:05:48.219945 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,7099,32,32768,0,0,30836,1
> 06/28-02:05:48.981161 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,64616,1
> 06/28-02:05:48.981215 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,61386,32,32768,0,0,64616,1
> 06/28-02:05:53.098749 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,22210,1
> 06/28-02:05:53.098797 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,14341,32,32768,0,0,22210,1
> 06/28-02:06:00.702406 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,58419,1
> 06/28-02:06:00.702455 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16746,32,32768,0,0,58419,1
> 06/28-02:06:01.913122 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,59765,1
> 06/28-02:06:01.913164 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,62975,32,32768,0,0,59765,1
> 06/28-02:06:03.154199 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,54172,1
> 06/28-02:06:03.154248 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,9740,32,32768,0,0,54172,1
> 06/28-02:06:04.880492 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,37706,1
> 06/28-02:06:04.880540 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,15472,32,32768,0,0,37706,1
> 06/28-02:06:05.319133 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,26698,58
> 06/28-02:06:05.319168 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,60496,80,81920,0,0,26698,58
> 06/28-02:06:08.117387 ,1,384,5,"ICMP PING",ICMP,37.187.231.251,,
> 158.69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x5E,,
> ,,,,61,0,0,80,81920,8,0,26698,217
> 06/28-02:06:08.117412 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 37.187.231.251,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x5E,,
> ,,,,64,0,60911,80,81920,0,0,26698,217
> 06/28-02:06:15.184897 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,33808,1
> 06/28-02:06:15.184927 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16836,32,32768,0,0,33808,1
> 06/28-02:06:18.667820 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,21914,1
> 06/28-02:06:18.667869 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,1217,32,32768,0,0,21914,1
> 06/28-02:06:19.485622 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,53117,1
> 06/28-02:06:19.485658 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,19069,32,32768,0,0,53117,1
> 06/28-02:06:19.794201 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,20668,1
> 06/28-02:06:19.794232 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,11300,32,32768,0,0,20668,1
> 06/28-02:06:31.876229 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,411,1
> 06/28-02:06:31.876280 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,20335,32,32768,0,0,411,1
> 06/28-02:06:32.366014 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,20259,1
> 06/28-02:06:32.366064 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,12918,32,32768,0,0,20259,1
> 06/28-02:06:38.832328 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,54600,1
> 06/28-02:06:38.832377 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,20624,32,32768,0,0,54600,1
> 06/28-02:06:39.153101 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,25072,1
> 06/28-02:06:39.153154 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5313,32,32768,0,0,25072,1
> 06/28-02:06:47.976325 ,1,384,5,"ICMP PING",ICMP,92.222.185.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,53517,1
> 06/28-02:06:47.976378 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.185.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,16112,32,32768,0,0,53517,1
> 06/28-02:06:50.865988 ,1,384,5,"ICMP PING",ICMP,167.114.37.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 12,8,1,32,32768,8,0,743,1
> 06/28-02:06:50.866029 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 167.114.37.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,21484,32,32768,0,0,743,1
> 06/28-02:06:50.945076 ,1,384,5,"ICMP PING",ICMP,92.222.186.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 10,8,1,32,32768,8,0,65520,1
> 06/28-02:06:50.945110 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.186.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,5723,32,32768,0,0,65520,1
> 06/28-02:06:51.060311 ,1,384,5,"ICMP PING",ICMP,92.222.184.1,,158.
> 69.118.104,,00:FF:FF:FF:FF:FD,0C:C4:7A:79:83:7C,0x3C,,,,,,
> 11,8,1,32,32768,8,0,33127,1
> 06/28-02:06:51.060362 ,1,408,5,"ICMP Echo Reply",ICMP,158.69.118.104,,
> 92.222.184.1,,0C:C4:7A:79:83:7C,00:FF:FF:FF:FF:FF,0x2E,,,,,
> ,64,8,21176,32,32768,0,0,33127,1
>
>
> --
> With Regards
> Farrukh Naveed Anjum
>
--
With Regards
Farrukh Naveed Anjum