App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.204 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.152.119) 56(84) bytes of data. 64 bytes from 142.251.152.119 (142.251.152.119): icmp_seq=1 ttl=109 time=4.49 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.489/4.489/4.489/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 80943 0 80943 0 0 324k 0 --:--:-- --:--:-- --:--:-- 325k
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:33 ssl-host:www.google.com\]Show output
Jun 02 07:51:44.323253 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.9M free. Jun 02 07:51:44.323978 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 07:51:44.324018 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 07:51:44.334743 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal clear'. Jun 02 07:51:44.584019 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 07:51:44.804484 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:44.868480 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 02 07:51:44.967586 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 02 07:51:45.022859 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 02 07:51:45.124432 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Jun 02 07:51:45.179472 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 02 07:51:45.290775 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Jun 02 07:51:45.348585 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 02 07:51:45.442986 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 07:51:45.513141 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 02 07:51:45.608916 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 07:51:45.664001 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 02 07:51:45.780155 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 07:51:45.847277 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show working'. Jun 02 07:51:45.943330 osdx ubnt-cfgd[21856]: inactive Jun 02 07:51:45.981945 osdx INFO[21878]: FRR daemons did not change Jun 02 07:51:46.171969 osdx kernel: app-detect: module init Jun 02 07:51:46.172021 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 07:51:46.172032 osdx kernel: app-detect: expression init Jun 02 07:51:46.172044 osdx kernel: app-detect: appid cache initialized Jun 02 07:51:46.172052 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 07:51:46.223998 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 07:51:46.524926 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:46.536230 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:46.564727 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:46.701371 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 07:51:46.826948 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 02 07:51:46.972074 osdx file_operation[22123]: using src url: https://www.google.com dst url: running://index.html Jun 02 07:51:47.009537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59662 PROTO=TCP SPT=443 DPT=42180 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.029742 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=4169 TOS=0x00 PREC=0x00 TTL=113 ID=59663 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.055974 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59666 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.056018 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=59667 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.056038 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=59668 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.059961 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59669 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.059978 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59670 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198515 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=113 ID=59671 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198587 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59672 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198596 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59673 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198604 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=280 TOS=0x00 PREC=0x00 TTL=113 ID=59674 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205770 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59675 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205920 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59676 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205938 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59677 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.207968 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59678 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208001 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59679 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59680 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208023 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59681 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208031 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59682 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208039 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59683 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208047 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59684 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208055 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59685 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208066 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59686 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208075 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59687 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208088 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59688 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.211976 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59689 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59690 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212036 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59692 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212052 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59693 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212070 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59694 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59696 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212105 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59697 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212119 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59698 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212131 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59699 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212144 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59700 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212160 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59701 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212174 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59703 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59704 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212200 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59705 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212418 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59706 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212451 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59707 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.215964 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59708 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.215988 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59709 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216000 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59710 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216011 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59711 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216021 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1640 TOS=0x00 PREC=0x00 TTL=113 ID=59712 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216034 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59714 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216048 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59715 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216061 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59717 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216077 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59718 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59719 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216105 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59720 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216116 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59721 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216127 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59723 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59724 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216149 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59725 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216162 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59726 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216172 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59727 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216183 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59728 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216194 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59729 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2223 TOS=0x00 PREC=0x00 TTL=113 ID=59731 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.227985 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59733 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.231976 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59734 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.236127 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 845 0 845 0 0 129k 0 --:--:-- --:--:-- --:--:-- 137k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:34 http-host:10.215.168.1\]Show output
Jun 02 07:51:44.323253 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.9M free. Jun 02 07:51:44.323978 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 07:51:44.324018 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 07:51:44.334743 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal clear'. Jun 02 07:51:44.584019 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 07:51:44.804484 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:44.868480 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 02 07:51:44.967586 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 02 07:51:45.022859 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 02 07:51:45.124432 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Jun 02 07:51:45.179472 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 02 07:51:45.290775 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Jun 02 07:51:45.348585 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 02 07:51:45.442986 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 07:51:45.513141 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 02 07:51:45.608916 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 07:51:45.664001 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 02 07:51:45.780155 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 07:51:45.847277 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show working'. Jun 02 07:51:45.943330 osdx ubnt-cfgd[21856]: inactive Jun 02 07:51:45.981945 osdx INFO[21878]: FRR daemons did not change Jun 02 07:51:46.171969 osdx kernel: app-detect: module init Jun 02 07:51:46.172021 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 07:51:46.172032 osdx kernel: app-detect: expression init Jun 02 07:51:46.172044 osdx kernel: app-detect: appid cache initialized Jun 02 07:51:46.172052 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 07:51:46.223998 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 07:51:46.524926 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:46.536230 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:46.564727 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:46.701371 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 07:51:46.826948 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 02 07:51:46.972074 osdx file_operation[22123]: using src url: https://www.google.com dst url: running://index.html Jun 02 07:51:47.009537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59662 PROTO=TCP SPT=443 DPT=42180 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.029742 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=4169 TOS=0x00 PREC=0x00 TTL=113 ID=59663 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.055974 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59666 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.056018 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=59667 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.056038 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=59668 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.059961 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59669 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.059978 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59670 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198515 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=113 ID=59671 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198587 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59672 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198596 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59673 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.198604 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=280 TOS=0x00 PREC=0x00 TTL=113 ID=59674 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205770 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59675 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205920 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59676 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.205938 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59677 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.207968 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59678 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208001 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59679 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59680 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208023 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59681 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208031 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59682 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208039 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59683 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208047 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59684 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208055 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59685 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208066 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59686 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208075 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59687 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.208088 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59688 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.211976 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59689 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59690 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212036 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59692 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212052 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59693 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212070 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59694 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59696 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212105 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59697 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212119 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59698 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212131 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59699 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212144 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59700 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212160 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59701 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212174 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59703 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59704 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212200 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59705 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212418 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59706 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.212451 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59707 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.215964 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59708 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.215988 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59709 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216000 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59710 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216011 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59711 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216021 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1640 TOS=0x00 PREC=0x00 TTL=113 ID=59712 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216034 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59714 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216048 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59715 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216061 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59717 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216077 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59718 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59719 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216105 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59720 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216116 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59721 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216127 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59723 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59724 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216149 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59725 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216162 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59726 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216172 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59727 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216183 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=59728 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216194 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=59729 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.216205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=2223 TOS=0x00 PREC=0x00 TTL=113 ID=59731 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.227985 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59733 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.231976 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.150.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=59734 PROTO=TCP SPT=443 DPT=42180 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Jun 02 07:51:47.236127 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Jun 02 07:51:47.413136 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 07:51:47.763238 osdx file_operation[22145]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 02 07:51:47.770076 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22158 DF PROTO=TCP SPT=80 DPT=53996 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 02 07:51:47.770220 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1064 TOS=0x00 PREC=0x00 TTL=64 ID=22159 DF PROTO=TCP SPT=80 DPT=53996 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 02 07:51:47.771907 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22160 DF PROTO=TCP SPT=80 DPT=53996 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 02 07:51:47.791798 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by an engine dictionary
Description
This example illustrates how to match all traffic in an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.230 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.230/0.230/0.230/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.155.119) 56(84) bytes of data. 64 bytes from 142.251.155.119: icmp_seq=1 ttl=109 time=3.42 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.421/3.421/3.421/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 10.6M 0 --:--:-- --:--:-- --:--:-- 10.8M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 80859 0 80859 0 0 359k 0 --:--:-- --:--:-- --:--:-- 358k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:6 ssl-host:www.google.com\]Show output
Jun 02 07:51:52.000167 osdx systemd-timedated[21372]: Changed local time to Tue 2026-06-02 07:51:52 UTC Jun 02 07:51:52.002128 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'set date 2026-06-02 07:51:52'. Jun 02 07:51:52.003142 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 07:51:52.308924 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 07:51:52.311184 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 07:51:52.311253 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 07:51:52.320715 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal clear'. Jun 02 07:51:52.550116 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 07:51:52.787552 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:52.851062 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 02 07:51:52.975444 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 02 07:51:53.091118 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 02 07:51:53.169814 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Jun 02 07:51:53.263675 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 02 07:51:53.329459 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 07:51:53.442969 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 02 07:51:53.528418 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 07:51:53.636022 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show working'. Jun 02 07:51:53.733798 osdx ubnt-cfgd[22418]: inactive Jun 02 07:51:53.768885 osdx INFO[22440]: FRR daemons did not change Jun 02 07:51:53.795148 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 07:51:54.064333 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:54.076037 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:54.102008 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:54.243663 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 07:51:55.334401 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 02 07:51:55.492601 osdx file_operation[22652]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Jun 02 07:51:55.518614 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Jun 02 07:51:55.692060 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:55.767301 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Jun 02 07:51:55.866990 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 07:51:55.933529 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 02 07:51:56.054051 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show changes'. Jun 02 07:51:56.148745 osdx ubnt-cfgd[22669]: inactive Jun 02 07:51:56.168521 osdx INFO[22675]: FRR daemons did not change Jun 02 07:51:56.331154 osdx kernel: app-detect: module init Jun 02 07:51:56.331216 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 07:51:56.331229 osdx kernel: app-detect: expression init Jun 02 07:51:56.331241 osdx kernel: app-detect: appid cache initialized Jun 02 07:51:56.331262 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 07:51:56.557016 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:56.559681 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:56.590805 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:56.785975 osdx file_operation[22728]: using src url: https://www.google.com dst url: running://index.html Jun 02 07:51:56.812922 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20562 PROTO=TCP SPT=443 DPT=39488 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20563 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833573 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20564 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833587 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=20565 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855075 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20566 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855162 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=20567 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855194 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=20568 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.861403 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20569 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.862052 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20570 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990455 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=112 ID=20571 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20572 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20573 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990564 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=719 TOS=0x00 PREC=0x00 TTL=112 ID=20574 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996057 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20575 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20576 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20577 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996286 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20578 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996440 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20579 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20580 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999156 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20581 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999175 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20582 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20583 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999199 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20584 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999211 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20585 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20586 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999235 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20587 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999247 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20588 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999267 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20589 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999281 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20590 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999293 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20592 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999306 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20593 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999317 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20594 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999330 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20595 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003142 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20596 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003171 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20597 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003184 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20598 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20599 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003208 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20600 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20601 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003244 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20602 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003262 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20604 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003275 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20605 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003287 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20606 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003299 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20608 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003311 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20609 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003323 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20610 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003334 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20611 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003401 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20612 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004051 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20613 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004285 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20614 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004328 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20615 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004399 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20616 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20618 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007183 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20619 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007197 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20620 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007206 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20621 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007213 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20622 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007221 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20623 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007229 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20624 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20625 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007245 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20626 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007253 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20627 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007267 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20628 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007276 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20629 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007284 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1866 TOS=0x00 PREC=0x00 TTL=112 ID=20630 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.015149 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20632 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.015201 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20633 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.031600 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 962 0 962 0 0 179k 0 --:--:-- --:--:-- --:--:-- 187k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:30 http-host:10.215.168.1\]Show output
Jun 02 07:51:52.000167 osdx systemd-timedated[21372]: Changed local time to Tue 2026-06-02 07:51:52 UTC Jun 02 07:51:52.002128 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'set date 2026-06-02 07:51:52'. Jun 02 07:51:52.003142 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 07:51:52.308924 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 07:51:52.311184 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 07:51:52.311253 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 07:51:52.320715 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal clear'. Jun 02 07:51:52.550116 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 07:51:52.787552 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:52.851062 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 02 07:51:52.975444 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 02 07:51:53.091118 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 02 07:51:53.169814 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Jun 02 07:51:53.263675 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 02 07:51:53.329459 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 07:51:53.442969 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 02 07:51:53.528418 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 07:51:53.636022 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show working'. Jun 02 07:51:53.733798 osdx ubnt-cfgd[22418]: inactive Jun 02 07:51:53.768885 osdx INFO[22440]: FRR daemons did not change Jun 02 07:51:53.795148 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 07:51:54.064333 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:54.076037 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:54.102008 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:54.243663 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 07:51:55.334401 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 02 07:51:55.492601 osdx file_operation[22652]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Jun 02 07:51:55.518614 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Jun 02 07:51:55.692060 osdx OSDxCLI[2271]: User 'admin' entered the configuration menu. Jun 02 07:51:55.767301 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Jun 02 07:51:55.866990 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 07:51:55.933529 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 02 07:51:56.054051 osdx OSDxCLI[2271]: User 'admin' added a new cfg line: 'show changes'. Jun 02 07:51:56.148745 osdx ubnt-cfgd[22669]: inactive Jun 02 07:51:56.168521 osdx INFO[22675]: FRR daemons did not change Jun 02 07:51:56.331154 osdx kernel: app-detect: module init Jun 02 07:51:56.331216 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 07:51:56.331229 osdx kernel: app-detect: expression init Jun 02 07:51:56.331241 osdx kernel: app-detect: appid cache initialized Jun 02 07:51:56.331262 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 07:51:56.557016 osdx cfgd[1665]: [2271]Completed change to active configuration Jun 02 07:51:56.559681 osdx OSDxCLI[2271]: User 'admin' committed the configuration. Jun 02 07:51:56.590805 osdx OSDxCLI[2271]: User 'admin' left the configuration menu. Jun 02 07:51:56.785975 osdx file_operation[22728]: using src url: https://www.google.com dst url: running://index.html Jun 02 07:51:56.812922 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20562 PROTO=TCP SPT=443 DPT=39488 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20563 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833573 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20564 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.833587 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=20565 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855075 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20566 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855162 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=20567 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.855194 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=20568 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.861403 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20569 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.862052 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20570 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990455 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=112 ID=20571 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20572 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20573 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.990564 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=719 TOS=0x00 PREC=0x00 TTL=112 ID=20574 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996057 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20575 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20576 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20577 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996286 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20578 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.996440 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20579 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20580 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999156 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20581 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999175 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20582 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20583 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999199 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20584 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999211 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20585 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20586 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999235 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20587 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999247 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20588 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999267 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20589 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999281 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20590 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999293 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20592 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999306 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20593 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999317 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20594 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:56.999330 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20595 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003142 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20596 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003171 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20597 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003184 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20598 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20599 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003208 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20600 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20601 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003244 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20602 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003262 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20604 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003275 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20605 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003287 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20606 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003299 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20608 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003311 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20609 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003323 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20610 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003334 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20611 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.003401 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20612 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004051 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20613 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004285 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20614 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004328 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20615 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.004399 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=20616 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20618 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007183 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20619 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007197 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20620 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007206 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20621 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007213 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20622 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007221 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20623 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007229 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20624 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20625 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007245 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20626 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007253 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20627 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007267 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20628 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007276 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=20629 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.007284 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1866 TOS=0x00 PREC=0x00 TTL=112 ID=20630 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.015149 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20632 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.015201 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=20633 PROTO=TCP SPT=443 DPT=39488 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 02 07:51:57.031600 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Jun 02 07:51:57.247509 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 07:51:57.594315 osdx file_operation[22750]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 02 07:51:57.599877 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=43 DF PROTO=TCP SPT=80 DPT=59276 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 02 07:51:57.600028 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1181 TOS=0x00 PREC=0x00 TTL=64 ID=44 DF PROTO=TCP SPT=80 DPT=59276 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 02 07:51:57.601669 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:2d:e9:56:6e:ea:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45 DF PROTO=TCP SPT=80 DPT=59276 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 02 07:51:57.619839 osdx OSDxCLI[2271]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.