[Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?

ZhouLi zhou.li at ca-jc.com
Sun Apr 17 01:31:55 UTC 2011


OK, the attache is pcap file.

//ZhouLi

----- Original Message ----- 
From: "Victor Julien" <victor at inliniac.net>
To: <oisf-devel at openinfosecfoundation.org>
Sent: Saturday, April 16, 2011 8:57 PM
Subject: Re: [Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?


> An actual pcap file would be a lot more useful, then I can run it
> through the engine myself. Are you able to share that?
>
> Cheers,
> Victor
>
> On 04/16/2011 12:51 PM, ZhouLi wrote:
>> Thanks!  suricata version is 1.1beta2 (rev d9e5413),
>> the following is pcap output:
>>
>> using curl:
>>
>> 17:37:14.973939 IP 192.168.88.108.45459 > 192.168.88.1.http: S
>> 445330179:445330179(0) win 5840 <mss 1460,sackOK,timestamp 24101879
>> 0,nop,wscale 6>
>>        0x0000:  4500 003c f0f4 4000 4006 1809 c0a8 586c  E..<.. at .@.....Xl
>>        0x0010:  c0a8 5801 b193 0050 1a8b 3303 0000 0000  ..X....P..3.....
>>        0x0020:  a002 16d0 3a9a 0000 0204 05b4 0402 080a  ....:...........
>>        0x0030:  016f c3f7 0000 0000 0103 0306            .o..........
>> 17:37:14.974123 IP 192.168.88.1.http > 192.168.88.108.45459: S
>> 907064963:907064963(0) ack 445330180 win 57344 <mss 1460,nop,wscale
>> 0,nop,nop,timestamp 37614415 24101879>
>>        0x0000:  4500 003c 7fb1 4000 4006 894c c0a8 5801  E..<.. at .@..L..X.
>>        0x0010:  c0a8 586c 0050 b193 3610 b683 1a8b 3304  ..Xl.P..6.....3.
>>        0x0020:  a012 e000 923e 0000 0204 05b4 0103 0300  .....>..........
>>        0x0030:  0101 080a 023d f34f 016f c3f7            .....=.O.o..
>> 17:37:14.974323 IP 192.168.88.108.45459 > 192.168.88.1.http: . ack 1 win
>> 92 <nop,nop,timestamp 24101880 37614415>
>>        0x0000:  4500 0034 f0f5 4000 4006 1810 c0a8 586c  E..4.. at .@.....Xl
>>        0x0010:  c0a8 5801 b193 0050 1a8b 3304 3610 b684  ..X....P..3.6...
>>        0x0020:  8010 005c 9da6 0000 0101 080a 016f c3f8  ...\.........o..
>>        0x0030:  023d f34f                                .=.O
>> 17:37:14.975022 IP 192.168.88.108.45459 > 192.168.88.1.http: P
>> 1:142(141) ack 1 win 92 <nop,nop,timestamp 24101882 37614415>
>>        0x0000:  4500 00c1 f0f6 4000 4006 1782 c0a8 586c  E..... at .@.....Xl
>>        0x0010:  c0a8 5801 b193 0050 1a8b 3304 3610 b684  ..X....P..3.6...
>>        0x0020:  8018 005c fd16 0000 0101 080a 016f c3fa  ...\.........o..
>>        0x0030:  023d f34f 4745 5420 2f76 6972 7573 2f42  .=.OGET./virus/B
>>        0x0040:  6163 6b64 6f6f 725f 5161 7a2e 412e 4558  ackdoor_Qaz.A.EX
>>        0x0050:  4520 4854 5450 2f31 2e30 0d0a 5573 6572  E.HTTP/1.0..User
>>        0x0060:  2d41 6765 6e74 3a20 5767 6574 2f31 2e31  -Agent:.Wget/1.1
>>        0x0070:  312e 3420 5265 6420 4861 7420 6d6f 6469  1.4.Red.Hat.modi
>>        0x0080:  6669 6564 0d0a 4163 6365 7074 3a20 2a2f  fied..Accept:.*/
>>        0x0090:  2a0d 0a48 6f73 743a 206d 312e 6361 2d6a  *..Host:.m1.ca-j
>>        0x00a0:  632e 636f 6d0d 0a43 6f6e 6e65 6374 696f  c.com..Connectio
>>        0x00b0:  6e3a 204b 6565 702d 416c 6976 650d 0a0d  n:.Keep-Alive...
>>        0x00c0:  0a
>> 17:37:14.976419 IP 192.168.88.1.http > 192.168.88.108.45459: P
>> 1:307(306) ack 142 win 57920 <nop,nop,timestamp 37614415 24101882>
>>        0x0000:  4500 0166 7fb2 4000 4006 8821 c0a8 5801  E..f.. at .@..!..X.
>>        0x0010:  c0a8 586c 0050 b193 3610 b684 1a8b 3391  ..Xl.P..6.....3.
>>        0x0020:  8018 e240 eb45 0000 0101 080a 023d f34f  ... at .E.......=.O
>>        0x0030:  016f c3fa 4854 5450 2f31 2e31 2032 3030  .o..HTTP/1.1.200
>>        0x0040:  204f 4b0d 0a44 6174 653a 2046 7269 2c20  .OK..Date:.Fri,.
>>        0x0050:  3135 2041 7072 2032 3031 3120 3039 3a34  15.Apr.2011.09:4
>>        0x0060:  323a 3135 2047 4d54 0d0a 5365 7276 6572  2:15.GMT..Server
>>        0x0070:  3a20 4170 6163 6865 2f32 2e30 2e34 3720  :.Apache/2.0.47.
>>        0x0080:  2855 6e69 7829 0d0a 4c61 7374 2d4d 6f64  (Unix)..Last-Mod
>>        0x0090:  6966 6965 643a 2054 6875 2c20 3136 204a  ified:.Thu,.16.J
>>        0x00a0:  756e 2032 3030 3520 3039 3a30 333a 3433  un.2005.09:03:43
>>        0x00b0:  2047 4d54 0d0a 4554 6167 3a20 2235 3362  .GMT..ETag:."53b
>>        0x00c0:  6438 652d 3164 3630 302d 3235 3664 6239  d8e-1d600-256db9
>>        0x00d0:  6330 220d 0a41 6363 6570 742d 5261 6e67  c0"..Accept-Rang
>>        0x00e0:  6573 3a20 6279 7465 730d 0a43 6f6e 7465  es:.bytes..Conte
>>        0x00f0:  6e74 2d4c 656e 6774 683a 2031 3230 3332  nt-Length:.12032
>>        0x0100:  300d 0a4b 6565 702d 416c 6976 653a 2074  0..Keep-Alive:.t
>>        0x0110:  696d 656f 7574 3d31 352c 206d 6178 3d31  imeout=15,.max=1
>>        0x0120:  3030 0d0a 436f 6e6e 6563 7469 6f6e 3a20  00..Connection:.
>>        0x0130:  4b65 6570 2d41 6c69 7665 0d0a 436f 6e74  Keep-Alive..Cont
>>        0x0140:  656e 742d 5479 7065 3a20 6170 706c 6963  ent-Type:.applic
>>        0x0150:  6174 696f 6e2f 6f63 7465 742d 7374 7265  ation/octet-stre
>>        0x0160:  616d 0d0a 0d0a
>> 17:37:14.976669 IP 192.168.88.108.45459 > 192.168.88.1.http: . ack 307
>> win 108 <nop,nop,timestamp 24101886 37614415>
>>        0x0000:  4500 0034 f0f7 4000 4006 180e c0a8 586c  E..4.. at .@.....Xl
>>        0x0010:  c0a8 5801 b193 0050 1a8b 3391 3610 b7b6  ..X....P..3.6...
>>        0x0020:  8010 006c 9bd1 0000 0101 080a 016f c3fe  ...l.........o..
>>        0x0030:  023d f34f
>> 17:37:14.976672 IP 192.168.88.1.http > 192.168.88.108.45459: .
>> 307:1755(1448) ack 142 win 57920 <nop,nop,timestamp 37614415 24101882>
>>        0x0000:  4500 05dc 7fb3 4000 4006 83aa c0a8 5801  E..... at .@.....X.
>>        0x0010:  c0a8 586c 0050 b193 3610 b7b6 1a8b 3391  ..Xl.P..6.....3.
>>        0x0020:  8010 e240 d518 0000 0101 080a 023d f34f  ... at .........=.O
>>        0x0030:  016f c3fa 4d5a 9000 0300 0000 0400 0000  .o..MZ..........
>>        0x0040:  ffff 0000 b800 0000 0000 0000 4000 0000  ............ at ...
>>        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>        0x0070:  8000 0000 0e1f ba0e 00b4 09cd 21b8 014c  ............!..L
>>        0x0080:  cd21 5468 6973 2070 726f 6772 616d 2063  .!This.program.c
>>        0x0090:  616e 6e6f 7420 6265 2072 756e 2069 6e20  annot.be.run.in.
>>        0x00a0:  444f 5320 6d6f 6465 2e0d 0d0a 2400 0000  DOS.mode....$...
>>        0x00b0:  0000 0000 5045 0000 4c01 0600 d778 4439  ....PE..L....xD9
>>        0x00c0:  0000 0000 0000 0000 e000 0a01 0b01 0500  ................
>>        0x00d0:  004c 0100 009e 0000 0000 0000 203d 0000  .L...........=..
>>        0x00e0:  0010 0000 0060 0100 0000 4000 0010 0000  .....`.... at .....
>>        0x00f0:  0002 0000 0400 0000 0000 0000 0400 0000  ................
>>        0x0100:  0000 0000 0020 0200 0004 0000 0000 0000  ................
>>        0x0110:  0200 0000 0000 1000 0010 0000 0000 1000  ................
>>        .
>>        .
>>        .
>>
>>
>> using IE:
>> 17:56:12.253588 IP 192.168.88.1.http > 192.168.88.194.aic-oncrpc: F
>> 2555400009:2555400009(0) ack 369119585 win 57960
>>        0x0000:  4500 0028 e7a0 4000 4006 211b c0a8 5801  E..(.. at .@.!...X.
>>        0x0010:  c0a8 58c2 0050 0ae2 9850 4f49 1600 5161  ..X..P...POI..Qa
>>        0x0020:  5011 e268 4129 0000 0000 0000 0000       P..hA)........
>> 17:56:12.253772 IP 192.168.88.194.aic-oncrpc > 192.168.88.1.http: . ack
>> 1 win 64495
>>        0x0000:  4500 0028 a642 4000 8006 2279 c0a8 58c2  E..(.B at ..."y..X.
>>        0x0010:  c0a8 5801 0ae2 0050 1600 5161 9850 4f4a  ..X....P..Qa.POJ
>>        0x0020:  5010 fbef 27a2 0000 0000 0000 0000       P...'.........
>> 17:56:12.263456 IP 192.168.88.1.http > 192.168.88.194.aic-np: F
>> 2619006725:2619006725(0) ack 4174295162 win 57960
>>        0x0000:  4500 0028 e7a1 4000 4006 211a c0a8 5801  E..(.. at .@.!...X.
>>        0x0010:  c0a8 58c2 0050 0ae1 9c1a df05 f8ce b07a  ..X..P.........z
>>        0x0020:  5011 e268 6bbb 0000 0000 0000 0000       P..hk.........
>> 17:56:12.263605 IP 192.168.88.194.aic-np > 192.168.88.1.http: . ack 1
>> win 64328
>>        0x0000:  4500 0028 a643 4000 8006 2278 c0a8 58c2  E..(.C at ..."x..X.
>>        0x0010:  c0a8 5801 0ae1 0050 f8ce b07a 9c1a df06  ..X....P...z....
>>        0x0020:  5010 fb48 52db 0000 0000 0000 0000       P..HR.........
>> 17:56:14.770380 IP 192.168.88.194.aic-oncrpc > 192.168.88.1.http: F
>> 1:1(0) ack 1 win 64495
>>        0x0000:  4500 0028 a644 4000 8006 2277 c0a8 58c2  E..(.D at ..."w..X.
>>        0x0010:  c0a8 5801 0ae2 0050 1600 5161 9850 4f4a  ..X....P..Qa.POJ
>>        0x0020:  5011 fbef 27a1 0000 0000 0000 0000       P...'.........
>> 17:56:14.770530 IP 192.168.88.194.aic-np > 192.168.88.1.http: F 1:1(0)
>> ack 1 win 64328
>>        0x0000:  4500 0028 a645 4000 8006 2276 c0a8 58c2  E..(.E at ..."v..X.
>>        0x0010:  c0a8 5801 0ae1 0050 f8ce b07a 9c1a df06  ..X....P...z....
>>        0x0020:  5011 fb48 52da 0000 0000 0000 0000       P..HR.........
>> 17:56:14.770534 IP 192.168.88.1.http > 192.168.88.194.aic-oncrpc: . ack
>> 2 win 57960
>>        0x0000:  4500 0028 e7a2 4000 4006 2119 c0a8 5801  E..(.. at .@.!...X.
>>        0x0010:  c0a8 58c2 0050 0ae2 9850 4f4a 1600 5162  ..X..P...POJ..Qb
>>        0x0020:  5010 e268 4128 0000 0000 0000 0000       P..hA(........
>> 17:56:14.770630 IP 192.168.88.1.http > 192.168.88.194.aic-np: . ack 2
>> win 57960
>>        0x0000:  4500 0028 e7a3 4000 4006 2118 c0a8 5801  E..(.. at .@.!...X.
>>        0x0010:  c0a8 58c2 0050 0ae1 9c1a df06 f8ce b07b  ..X..P.........{
>>        0x0020:  5010 e268 6bba 0000 0000 0000 0000       P..hk.........
>> 17:56:14.773076 IP 192.168.88.194.piccolo > 192.168.88.1.http: S
>> 1112711939:1112711939(0) win 65535 <mss 1260,nop,nop,sackOK>
>>        0x0000:  4500 0030 a646 4000 8006 226d c0a8 58c2  E..0.F at ..."m..X.
>>        0x0010:  c0a8 5801 0ae3 0050 4252 a303 0000 0000  ..X....PBR......
>>        0x0020:  7002 ffff 614a 0000 0204 04ec 0101 0402  p...aJ..........
>> 17:56:14.773226 IP 192.168.88.1.http > 192.168.88.194.piccolo: S
>> 2494653860:2494653860(0) ack 1112711940 win 57344 <mss 1460>
>>        0x0000:  4500 002c e7a4 4000 4006 2113 c0a8 5801  E..,.. at .@.!...X.
>>        0x0010:  c0a8 58c2 0050 0ae3 94b1 65a4 4252 a304  ..X..P....e.BR..
>>        0x0020:  6012 e000 9b21 0000 0204 05b4 0000       `....!........
>> 17:56:14.773326 IP 192.168.88.194.piccolo > 192.168.88.1.http: . ack 1
>> win 65535
>>        0x0000:  4500 0028 a647 4000 8006 2274 c0a8 58c2  E..(.G at ..."t..X.
>>        0x0010:  c0a8 5801 0ae3 0050 4252 a304 94b1 65a5  ..X....PBR....e.
>>        0x0020:  5010 ffff 92df 0000 0000 0000 0000       P.............
>> 17:56:14.777768 IP 192.168.88.194.piccolo > 192.168.88.1.http: P
>> 1:265(264) ack 1 win 65535
>>        0x0000:  4500 0130 a649 4000 8006 216a c0a8 58c2  E..0.I at ...!j..X.
>>        0x0010:  c0a8 5801 0ae3 0050 4252 a304 94b1 65a5  ..X....PBR....e.
>>        0x0020:  5018 ffff 1fcf 0000 4745 5420 2f76 6972  P.......GET./vir
>>        0x0030:  7573 2f42 6163 6b64 6f6f 725f 5161 7a2e  us/Backdoor_Qaz.
>>        0x0040:  412e 4558 4520 4854 5450 2f31 2e31 0d0a  A.EXE.HTTP/1.1..
>>        0x0050:  4163 6365 7074 3a20 2a2f 2a0d 0a41 6363  Accept:.*/*..Acc
>>        0x0060:  6570 742d 456e 636f 6469 6e67 3a20 677a  ept-Encoding:.gz
>>        0x0070:  6970 2c20 6465 666c 6174 650d 0a55 7365  ip,.deflate..Use
>>        0x0080:  722d 4167 656e 743a 204d 6f7a 696c 6c61  r-Agent:.Mozilla
>>        0x0090:  2f34 2e30 2028 636f 6d70 6174 6962 6c65  /4.0.(compatible
>>        0x00a0:  3b20 4d53 4945 2036 2e30 3b20 5769 6e64  ;.MSIE.6.0;.Wind
>>        0x00b0:  6f77 7320 4e54 2035 2e31 3b20 5356 313b  ows.NT.5.1;.SV1;
>>        0x00c0:  202e 4e45 5420 434c 5220 322e 302e 3530  ..NET.CLR.2.0.50
>>        0x00d0:  3732 373b 202e 4e45 5420 434c 5220 332e  727;..NET.CLR.3.
>>        0x00e0:  302e 3435 3036 2e32 3135 323b 202e 4e45  0.4506.2152;..NE
>>        0x00f0:  5420 434c 5220 332e 352e 3330 3732 3929  T.CLR.3.5.30729)
>>        0x0100:  0d0a 486f 7374 3a20 3139 322e 3136 382e  ..Host:.192.168.
>>        0x0110:  3838 2e31 0d0a 436f 6e6e 6563 7469 6f6e  88.1..Connection
>>        0x0120:  3a20 4b65 6570 2d41 6c69 7665 0d0a 0d0a  :.Keep-Alive....
>>
>> 17:56:14.779215 IP 192.168.88.1.http > 192.168.88.194.piccolo: P
>> 1:307(306) ack 265 win 57960
>>        0x0000:  4500 015a e7a5 4000 4006 1fe4 c0a8 5801  E..Z.. at .@.....X.
>>        0x0010:  c0a8 58c2 0050 0ae3 94b1 65a5 4252 a40c  ..X..P....e.BR..
>>        0x0020:  5018 e268 df8e 0000 4854 5450 2f31 2e31  P..h....HTTP/1.1
>>        0x0030:  2032 3030 204f 4b0d 0a44 6174 653a 2046  .200.OK..Date:.F
>>        0x0040:  7269 2c20 3135 2041 7072 2032 3031 3120  ri,.15.Apr.2011.
>>        0x0050:  3130 3a30 313a 3135 2047 4d54 0d0a 5365  10:01:15.GMT..Se
>>        0x0060:  7276 6572 3a20 4170 6163 6865 2f32 2e30  rver:.Apache/2.0
>>        0x0070:  2e34 3720 2855 6e69 7829 0d0a 4c61 7374  .47.(Unix)..Last
>>        0x0080:  2d4d 6f64 6966 6965 643a 2054 6875 2c20  -Modified:.Thu,.
>>        0x0090:  3136 204a 756e 2032 3030 3520 3039 3a30  16.Jun.2005.09:0
>>        0x00a0:  333a 3433 2047 4d54 0d0a 4554 6167 3a20  3:43.GMT..ETag:.
>>        0x00b0:  2235 3362 6438 652d 3164 3630 302d 3235  "53bd8e-1d600-25
>>        0x00c0:  3664 6239 6330 220d 0a41 6363 6570 742d  6db9c0"..Accept-
>>        0x00d0:  5261 6e67 6573 3a20 6279 7465 730d 0a43  Ranges:.bytes..C
>>        0x00e0:  6f6e 7465 6e74 2d4c 656e 6774 683a 2031  ontent-Length:.1
>>        0x00f0:  3230 3332 300d 0a4b 6565 702d 416c 6976  20320..Keep-Aliv
>>        0x0100:  653a 2074 696d 656f 7574 3d31 352c 206d  e:.timeout=15,.m
>>        0x0110:  6178 3d31 3030 0d0a 436f 6e6e 6563 7469  ax=100..Connecti
>>        0x0120:  6f6e 3a20 4b65 6570 2d41 6c69 7665 0d0a  on:.Keep-Alive..
>>        0x0130:  436f 6e74 656e 742d 5479 7065 3a20 6170  Content-Type:.ap
>>        0x0140:  706c 6963 6174 696f 6e2f 6f63 7465 742d  plication/octet-
>>        0x0150:  7374 7265 616d 0d0a 0d0a                 stream....
>> 17:56:14.779415 IP 192.168.88.1.http > 192.168.88.194.piccolo: .
>> 307:1567(1260) ack 265 win 57960
>>        0x0000:  4500 0514 e7a6 4000 4006 1c29 c0a8 5801  E..... at .@..)..X.
>>        0x0010:  c0a8 58c2 0050 0ae3 94b1 66d7 4252 a40c  ..X..P....f.BR..
>>        0x0020:  5010 e268 7f34 0000 4d5a 9000 0300 0000  P..h.4..MZ......
>>        0x0030:  0400 0000 ffff 0000 b800 0000 0000 0000  ................
>>        0x0040:  4000 0000 0000 0000 0000 0000 0000 0000  @...............
>>        0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>        0x0060:  0000 0000 8000 0000 0e1f ba0e 00b4 09cd  ................
>>        0x0070:  21b8 014c cd21 5468 6973 2070 726f 6772  !..L.!This.progr
>>        0x0080:  616d 2063 616e 6e6f 7420 6265 2072 756e  am.cannot.be.run
>>        0x0090:  2069 6e20 444f 5320 6d6f 6465 2e0d 0d0a  .in.DOS.mode....
>>        0x00a0:  2400 0000 0000 0000 5045 0000 4c01 0600  $.......PE..L...
>>        0x00b0:  d778 4439 0000 0000 0000 0000 e000 0a01  .xD9............
>>        0x00c0:  0b01 0500 004c 0100 009e 0000 0000 0000  .....L..........
>>        0x00d0:  203d 0000 0010 0000 0060 0100 0000 4000  .=.......`.... at .
>>        0x00e0:  0010 0000 0002 0000 0400 0000 0000 0000  ................
>>        0x00f0:  0400 0000 0000 0000 0020 0200 0004 0000  ................
>>        0x0100:  0000 0000 0200 0000 0000 1000 0010 0000  ................
>>        0x0110:  0000 1000 0010 0000 0000 0000 1000 0000  ................
>>        0x0120:  0000 0000 0000 0000 00e0 0100 a000 0000  ................
>>        0x0130:  00f0 0100 1b08 0000 0000 0000 0000 0000  ................
>>        0x0140:  0000 0000 0000 0000 0000 0200 140f 0000  ................
>>        .
>>        .
>>        .
>>
>>
>> ----- Original Message ----- From: "Victor Julien" <victor at inliniac.net>
>> To: <oisf-devel at openinfosecfoundation.org>
>> Sent: Saturday, April 16, 2011 5:35 PM
>> Subject: Re: [Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
>>
>>
>>> Can you share a pcap?
>>>
>>> Btw, what Suricata version are you using?
>>>
>>> On 04/16/2011 11:29 AM, ZhouLi wrote:
>>>>   With --enable-debug, I found the packet been ignored by
>>>> STREAM_GAP,  I think it's a bug.
>>>>
>>>> //ZhouLi
>>>>   ----- Original Message -----   From: ZhouLi
>>>>   To: oisf-devel at openinfosecfoundation.org
>>>>   Sent: Saturday, April 16, 2011 11:50 AM
>>>>   Subject: [Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
>>>>
>>>>
>>>>   Hi, Victor
>>>>
>>>>     I am writing some testing code for suricata with clamav and I got
>>>> a error log when GET a .exe file by wget or curl, it
>>>>   won't occour when using IE to GET a .exe file. using tcpdump and
>>>> found the log will be trigger when the first chunk packet
>>>>   arrive. bug?
>>>>     error log just like this,
>>>>   (app-layer-parser.c:943) <Error> (AppLayerParse) -- [ERRCODE:
>>>> SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app
>>>>   layer protocol, using network protocol 6, source IP address
>>>> 192.168.88.108, destination IP address 192.168.88.1, src port
>>>>   36047 and dst port 80
>>>>
>>>>   //ZhouLi
>>>>
>>>>   ____ KILL Mail Shield Gateway scanned ____
>>>>
>>>>   ____ KILL Mail Shield Gateway scanned ____
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>   _______________________________________________
>>>>   Oisf-devel mailing list
>>>>   Oisf-devel at openinfosecfoundation.org
>>>>   http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>>
>>>>
>>>>   ____ KILL Mail Shield Gateway scanned ____
>>>>
>>>>
>>>>
>>>> ____ KILL Mail Shield Gateway scanned ____
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Oisf-devel mailing list
>>>> Oisf-devel at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>
>>>
>>> -- 
>>> ---------------------------------------------
>>> Victor Julien
>>> http://www.inliniac.net/
>>> PGP: http://www.inliniac.net/victorjulien.asc
>>> ---------------------------------------------
>>>
>>>
>>>
>>> ____ KILL Mail Shield Gateway scanned ____
>>>
>>>
>>
>>
>> --------------------------------------------------------------------------------
>>
>>
>>
>>> _______________________________________________
>>> Oisf-devel mailing list
>>> Oisf-devel at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>
>>>
>>> ____ KILL Mail Shield Gateway scanned ____
>>>
>>>
>>
>>
>>
>>
>> ____ KILL Mail Shield Gateway scanned ____
>>
>>
>>
>>
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
> -- 
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> ____ KILL Mail Shield Gateway scanned ____
>
>


--------------------------------------------------------------------------------


> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
> ____ KILL Mail Shield Gateway scanned ____
>
> 


____ KILL Mail Shield Gateway scanned ____

-------------- next part --------------
A non-text attachment was scrubbed...
Name: curl.pcap
Type: application/octet-stream
Size: 131057 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110417/94fb0521/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ie.pcap
Type: application/octet-stream
Size: 132914 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110417/94fb0521/attachment-0001.obj>


More information about the Oisf-devel mailing list