App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.223 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.223/0.223/0.223/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.152.119) 56(84) bytes of data. 64 bytes from 142.251.152.119 (142.251.152.119): icmp_seq=1 ttl=108 time=5.20 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.202/5.202/5.202/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 79824 0 79824 0 0 156k 0 --:--:-- --:--:-- --:--:-- 156k
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:33 ssl-host:www.google.com\]Show output
Apr 06 18:03:23.287076 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:23.288110 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:23.288190 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:23.296670 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:23.493541 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:23.703385 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:23.758563 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:23.853672 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:23.903515 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:24.000081 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Apr 06 18:03:24.050341 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:24.146865 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Apr 06 18:03:24.203412 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Apr 06 18:03:24.294063 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:24.348682 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:24.437755 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:24.493929 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:24.617009 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:24.680895 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:24.764907 osdx ubnt-cfgd[163385]: inactive Apr 06 18:03:24.805318 osdx INFO[163409]: FRR daemons did not change Apr 06 18:03:24.988119 osdx kernel: app-detect: module init Apr 06 18:03:24.988190 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:24.988206 osdx kernel: app-detect: expression init Apr 06 18:03:24.988218 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:24.988235 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:25.028114 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:25.074080 osdx WARNING[163510]: No supported link modes on interface eth0 Apr 06 18:03:25.075392 osdx modulelauncher[163510]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:25.075403 osdx modulelauncher[163510]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:25.076531 osdx modulelauncher[163510]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:25.076539 osdx modulelauncher[163510]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:25.347462 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:25.362903 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:25.379375 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:25.543560 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 06 18:03:25.678986 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Apr 06 18:03:25.862606 osdx file_operation[163663]: using src url: https://www.google.com dst url: running://index.html Apr 06 18:03:25.888137 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24787 PROTO=TCP SPT=443 DPT=47716 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.914021 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24788 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.914116 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2767 TOS=0x00 PREC=0x00 TTL=113 ID=24789 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932115 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24791 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932153 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=24793 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932163 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=24792 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.940108 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24794 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272623 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1044 TOS=0x00 PREC=0x00 TTL=113 ID=24795 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272710 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24796 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272739 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24797 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272748 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24798 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272756 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1283 TOS=0x00 PREC=0x00 TTL=113 ID=24799 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330789 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24800 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24801 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330912 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24802 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330965 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24803 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330987 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24804 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332113 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24805 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332134 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24806 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332143 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24807 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24808 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332160 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24809 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332168 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24810 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332182 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24811 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336109 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24812 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336130 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24813 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24814 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336147 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24815 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336155 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24817 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336163 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24816 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336174 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24818 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24819 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24821 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24820 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336213 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24823 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24822 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336241 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24825 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24824 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24826 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336319 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24827 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336331 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24828 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336339 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24829 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24830 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336357 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24831 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336365 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24832 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336374 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24833 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24834 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336392 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24835 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.340112 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=986 TOS=0x00 PREC=0x00 TTL=113 ID=24837 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.340139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24836 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364127 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24839 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364178 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24838 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24840 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24841 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364214 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24842 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24843 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24844 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364242 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24845 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24846 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24847 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364266 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24849 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364274 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24848 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364282 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=24850 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2072 TOS=0x00 PREC=0x00 TTL=113 ID=24853 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24852 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364308 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=113 ID=24855 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.370023 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24856 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.381053 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4586 0 4586 0 0 1750k 0 --:--:-- --:--:-- --:--:-- 2239k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:34 http-host:10.215.168.1\]Show output
Apr 06 18:03:23.287076 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:23.288110 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:23.288190 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:23.296670 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:23.493541 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:23.703385 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:23.758563 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:23.853672 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:23.903515 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:24.000081 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Apr 06 18:03:24.050341 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:24.146865 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Apr 06 18:03:24.203412 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Apr 06 18:03:24.294063 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:24.348682 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:24.437755 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:24.493929 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:24.617009 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:24.680895 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:24.764907 osdx ubnt-cfgd[163385]: inactive Apr 06 18:03:24.805318 osdx INFO[163409]: FRR daemons did not change Apr 06 18:03:24.988119 osdx kernel: app-detect: module init Apr 06 18:03:24.988190 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:24.988206 osdx kernel: app-detect: expression init Apr 06 18:03:24.988218 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:24.988235 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:25.028114 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:25.074080 osdx WARNING[163510]: No supported link modes on interface eth0 Apr 06 18:03:25.075392 osdx modulelauncher[163510]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:25.075403 osdx modulelauncher[163510]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:25.076531 osdx modulelauncher[163510]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:25.076539 osdx modulelauncher[163510]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:25.347462 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:25.362903 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:25.379375 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:25.543560 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 06 18:03:25.678986 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Apr 06 18:03:25.862606 osdx file_operation[163663]: using src url: https://www.google.com dst url: running://index.html Apr 06 18:03:25.888137 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24787 PROTO=TCP SPT=443 DPT=47716 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.914021 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24788 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.914116 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2767 TOS=0x00 PREC=0x00 TTL=113 ID=24789 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932115 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24791 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932153 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=24793 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.932163 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=24792 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:25.940108 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24794 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272623 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1044 TOS=0x00 PREC=0x00 TTL=113 ID=24795 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272710 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24796 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272739 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24797 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272748 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24798 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.272756 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1283 TOS=0x00 PREC=0x00 TTL=113 ID=24799 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330789 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24800 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24801 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330912 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24802 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330965 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24803 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.330987 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24804 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332113 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24805 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332134 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24806 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332143 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24807 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24808 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332160 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24809 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332168 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24810 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.332182 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24811 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336109 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24812 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336130 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24813 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24814 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336147 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24815 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336155 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24817 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336163 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24816 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336174 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24818 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336187 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24819 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24821 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24820 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336213 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24823 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24822 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336241 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24825 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24824 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24826 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336319 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24827 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336331 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24828 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336339 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24829 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24830 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336357 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24831 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336365 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24832 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336374 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24833 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24834 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.336392 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24835 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.340112 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=986 TOS=0x00 PREC=0x00 TTL=113 ID=24837 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.340139 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24836 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364127 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24839 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364178 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24838 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364196 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24840 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364205 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24841 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364214 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24842 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24843 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24844 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364242 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24845 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24846 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24847 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364266 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24849 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364274 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24848 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364282 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=24850 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=2072 TOS=0x00 PREC=0x00 TTL=113 ID=24853 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=24852 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.364308 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=113 ID=24855 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.370023 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.153.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24856 PROTO=TCP SPT=443 DPT=47716 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Apr 06 18:03:26.381053 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Apr 06 18:03:26.570806 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal show | cat'. Apr 06 18:03:27.032623 osdx file_operation[163685]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Apr 06 18:03:27.036130 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=25025 DF PROTO=TCP SPT=80 DPT=57148 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Apr 06 18:03:27.036158 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=4806 TOS=0x00 PREC=0x00 TTL=64 ID=25026 DF PROTO=TCP SPT=80 DPT=57148 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Apr 06 18:03:27.040119 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=25030 DF PROTO=TCP SPT=80 DPT=57148 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Apr 06 18:03:27.057493 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by a provider dictionary
Description
This example illustrates how to match all traffic in a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.177 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.177/0.177/0.177/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.151.119) 56(84) bytes of data. 64 bytes from 142.251.151.119 (142.251.151.119): icmp_seq=1 ttl=109 time=5.25 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.249/5.249/5.249/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 24.4M 0 --:--:-- --:--:-- --:--:-- 32.5M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 79876 0 79876 0 0 191k 0 --:--:-- --:--:-- --:--:-- 191k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:6 ssl-host:www.google.com\]Show output
Apr 06 18:03:32.272889 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:32.276325 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:32.276389 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:32.284689 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:32.494512 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:32.730995 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:32.830121 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:32.938246 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:33.061622 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:33.149472 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Apr 06 18:03:33.248417 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:33.341731 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:33.394343 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:33.497002 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:33.565274 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:33.659730 osdx ubnt-cfgd[163962]: inactive Apr 06 18:03:33.701059 osdx INFO[163986]: FRR daemons did not change Apr 06 18:03:33.720330 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:33.767278 osdx WARNING[164054]: No supported link modes on interface eth0 Apr 06 18:03:33.768762 osdx modulelauncher[164054]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:33.768775 osdx modulelauncher[164054]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:33.769879 osdx modulelauncher[164054]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:33.769888 osdx modulelauncher[164054]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:33.912673 osdx bash[164150]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Apr 06 18:03:33.912772 osdx modulelauncher[164148]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Apr 06 18:03:33.912776 osdx modulelauncher[164148]: Apr 06 18:03:34.011200 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:34.022667 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:34.042774 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:34.182650 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 06 18:03:34.274467 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Apr 06 18:03:34.415019 osdx file_operation[164204]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Apr 06 18:03:34.436712 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Apr 06 18:03:34.586417 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:34.642962 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Apr 06 18:03:34.747293 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:34.855318 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:34.932521 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show changes'. Apr 06 18:03:35.042494 osdx ubnt-cfgd[164221]: inactive Apr 06 18:03:35.066593 osdx INFO[164227]: FRR daemons did not change Apr 06 18:03:35.292339 osdx kernel: app-detect: module init Apr 06 18:03:35.292403 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:35.292418 osdx kernel: app-detect: expression init Apr 06 18:03:35.292430 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:35.292443 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:35.487935 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:35.489615 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:35.511213 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:35.703665 osdx file_operation[164282]: using src url: https://www.google.com dst url: running://index.html Apr 06 18:03:35.729290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56102 PROTO=TCP SPT=443 DPT=35264 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755582 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1365 TOS=0x00 PREC=0x00 TTL=113 ID=56105 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755658 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56104 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755678 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56103 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.761753 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=56106 PROTO=TCP SPT=443 DPT=35264 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.764327 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=56107 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.772329 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56108 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.069694 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1042 TOS=0x00 PREC=0x00 TTL=113 ID=56109 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1000 TOS=0x00 PREC=0x00 TTL=113 ID=56113 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072378 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56112 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072404 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56111 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072419 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56110 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.073676 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56114 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.105532 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56116 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.105560 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56115 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108322 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56117 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108335 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56118 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56119 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56123 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108364 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56122 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56121 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108380 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56120 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108388 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56128 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108400 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56127 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108412 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56126 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108420 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56125 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108428 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56124 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56136 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108444 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56134 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56133 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56132 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108469 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56131 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108477 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56130 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108485 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56129 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108493 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56138 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108501 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56137 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109204 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56144 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109225 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56143 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56142 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109247 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56141 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109257 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56140 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109268 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56139 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109416 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56146 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109430 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56145 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109577 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56147 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109959 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56152 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109969 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56156 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109980 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56155 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109991 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56154 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110003 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56153 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110042 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56151 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110054 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56150 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110063 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56149 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110845 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56164 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110855 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56166 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110863 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56163 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110871 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56162 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110880 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56165 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110905 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56159 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110915 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56158 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56160 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110931 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56157 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111734 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=571 TOS=0x00 PREC=0x00 TTL=113 ID=56169 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111779 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56168 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111788 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56167 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116324 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=4252 TOS=0x00 PREC=0x00 TTL=113 ID=56170 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116365 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56174 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116375 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56173 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56175 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.120322 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56176 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.130465 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4703 0 4703 0 0 1625k 0 --:--:-- --:--:-- --:--:-- 2296k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:30 http-host:10.215.168.1\]Show output
Apr 06 18:03:32.272889 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:32.276325 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:32.276389 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:32.284689 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:32.494512 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:32.730995 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:32.830121 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:32.938246 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:33.061622 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:33.149472 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Apr 06 18:03:33.248417 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:33.341731 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:33.394343 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:33.497002 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:33.565274 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:33.659730 osdx ubnt-cfgd[163962]: inactive Apr 06 18:03:33.701059 osdx INFO[163986]: FRR daemons did not change Apr 06 18:03:33.720330 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:33.767278 osdx WARNING[164054]: No supported link modes on interface eth0 Apr 06 18:03:33.768762 osdx modulelauncher[164054]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:33.768775 osdx modulelauncher[164054]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:33.769879 osdx modulelauncher[164054]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:33.769888 osdx modulelauncher[164054]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:33.912673 osdx bash[164150]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Apr 06 18:03:33.912772 osdx modulelauncher[164148]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Apr 06 18:03:33.912776 osdx modulelauncher[164148]: Apr 06 18:03:34.011200 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:34.022667 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:34.042774 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:34.182650 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 06 18:03:34.274467 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Apr 06 18:03:34.415019 osdx file_operation[164204]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Apr 06 18:03:34.436712 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Apr 06 18:03:34.586417 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:34.642962 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Apr 06 18:03:34.747293 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:34.855318 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:34.932521 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show changes'. Apr 06 18:03:35.042494 osdx ubnt-cfgd[164221]: inactive Apr 06 18:03:35.066593 osdx INFO[164227]: FRR daemons did not change Apr 06 18:03:35.292339 osdx kernel: app-detect: module init Apr 06 18:03:35.292403 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:35.292418 osdx kernel: app-detect: expression init Apr 06 18:03:35.292430 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:35.292443 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:35.487935 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:35.489615 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:35.511213 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:35.703665 osdx file_operation[164282]: using src url: https://www.google.com dst url: running://index.html Apr 06 18:03:35.729290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56102 PROTO=TCP SPT=443 DPT=35264 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755582 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1365 TOS=0x00 PREC=0x00 TTL=113 ID=56105 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755658 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56104 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.755678 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56103 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.761753 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=56106 PROTO=TCP SPT=443 DPT=35264 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.764327 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=56107 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:35.772329 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56108 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.069694 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1042 TOS=0x00 PREC=0x00 TTL=113 ID=56109 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1000 TOS=0x00 PREC=0x00 TTL=113 ID=56113 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072378 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56112 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072404 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56111 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.072419 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56110 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.073676 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56114 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.105532 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56116 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.105560 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56115 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108322 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56117 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108335 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56118 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56119 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56123 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108364 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56122 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56121 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108380 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56120 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108388 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56128 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108400 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56127 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108412 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56126 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108420 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56125 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108428 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56124 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56136 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108444 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56134 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56133 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56132 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108469 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56131 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108477 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56130 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108485 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56129 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108493 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56138 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.108501 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56137 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109204 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56144 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109225 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56143 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56142 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109247 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56141 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109257 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56140 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109268 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56139 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109416 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56146 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109430 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56145 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109577 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56147 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109959 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56152 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109969 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56156 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109980 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56155 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.109991 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56154 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110003 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56153 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110042 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56151 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110054 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56150 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110063 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56149 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110845 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56164 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110855 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56166 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110863 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56163 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110871 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56162 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110880 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56165 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110905 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56159 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110915 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56158 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=56160 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.110931 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56157 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111734 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=571 TOS=0x00 PREC=0x00 TTL=113 ID=56169 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111779 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56168 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.111788 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56167 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116324 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=4252 TOS=0x00 PREC=0x00 TTL=113 ID=56170 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116365 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56174 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116375 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=56173 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.116384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56175 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.120322 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=142.251.156.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=56176 PROTO=TCP SPT=443 DPT=35264 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Apr 06 18:03:36.130465 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Apr 06 18:03:36.329282 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal show | cat'. Apr 06 18:03:36.777982 osdx file_operation[164304]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Apr 06 18:03:36.780825 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56509 DF PROTO=TCP SPT=80 DPT=57860 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Apr 06 18:03:36.784330 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=4923 TOS=0x00 PREC=0x00 TTL=64 ID=56510 DF PROTO=TCP SPT=80 DPT=57860 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Apr 06 18:03:36.784361 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56514 DF PROTO=TCP SPT=80 DPT=57860 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Apr 06 18:03:36.798698 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.193.50) 56(84) bytes of data. 64 bytes from 199.232.193.50 (199.232.193.50): icmp_seq=1 ttl=49 time=4.52 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.518/4.518/4.518/0.000 ms
Step 3: Ping IP address www.facebook.es from DUT0:
admin@DUT0$ ping www.facebook.es count 1 size 56 timeout 1Show output
PING star-mini.c10r.facebook.com (31.13.83.36) 56(84) bytes of data. 64 bytes from edge-star-mini-shv-01-mad1.facebook.com (31.13.83.36): icmp_seq=1 ttl=47 time=4.89 ms --- star-mini.c10r.facebook.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.888/4.888/4.888/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Apr 06 18:03:41.000216 osdx systemd-timedated[162496]: Changed local time to Mon 2026-04-06 18:03:41 UTC Apr 06 18:03:41.001177 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'set date 2026-04-06 18:03:41'. Apr 06 18:03:41.004308 osdx systemd-journald[141360]: Time jumped backwards, rotating. Apr 06 18:03:41.279022 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:41.280309 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:41.280365 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:41.289407 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:41.493334 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:41.739230 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:41.800751 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:41.896490 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:41.947809 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:42.077405 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Apr 06 18:03:42.165548 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Apr 06 18:03:42.274657 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:42.351022 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Apr 06 18:03:42.462844 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Apr 06 18:03:42.537443 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:42.680347 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:42.736121 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:42.835041 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:42.909495 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:43.007762 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:43.089018 osdx ubnt-cfgd[164589]: inactive Apr 06 18:03:43.133832 osdx INFO[164613]: FRR daemons did not change Apr 06 18:03:43.292314 osdx kernel: app-detect: module init Apr 06 18:03:43.292373 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:43.292397 osdx kernel: app-detect: expression init Apr 06 18:03:43.292409 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:43.292420 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:43.332320 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:43.379990 osdx WARNING[164714]: No supported link modes on interface eth0 Apr 06 18:03:43.381621 osdx modulelauncher[164714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:43.381636 osdx modulelauncher[164714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:43.383282 osdx modulelauncher[164714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:43.383293 osdx modulelauncher[164714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:43.655419 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:43.668546 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:43.683867 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:43.871426 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Apr 06 18:03:44.008233 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Apr 06 18:03:44.184736 osdx file_operation[164864]: using src url: https://www.marca.com dst url: running://index.html Apr 06 18:03:44.212313 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=34031 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216319 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=34035 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216353 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34034 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216363 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34033 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216384 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34032 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.250640 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=34036 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.407511 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34037 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.467163 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34038 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.615990 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34039 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.907177 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34040 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.027853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34041 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.787221 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34042 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.859983 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34043 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:47.523970 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34044 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:47.609204 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=46 ID=34045 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:49.108360 osdx file_operation.py[164864]: Operation aborted by user. Apr 06 18:03:49.127205 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Apr 06 18:03:49.172320 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=34046 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.facebook.es\]Show output
Apr 06 18:03:41.000216 osdx systemd-timedated[162496]: Changed local time to Mon 2026-04-06 18:03:41 UTC Apr 06 18:03:41.001177 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'set date 2026-04-06 18:03:41'. Apr 06 18:03:41.004308 osdx systemd-journald[141360]: Time jumped backwards, rotating. Apr 06 18:03:41.279022 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.8M, max 13.8M, 11.9M free. Apr 06 18:03:41.280309 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:41.280365 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:41.289407 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:41.493334 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:41.739230 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:41.800751 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:03:41.896490 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:03:41.947809 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:03:42.077405 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Apr 06 18:03:42.165548 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Apr 06 18:03:42.274657 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:03:42.351022 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Apr 06 18:03:42.462844 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Apr 06 18:03:42.537443 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:03:42.680347 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:03:42.736121 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:03:42.835041 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:03:42.909495 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:03:43.007762 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:03:43.089018 osdx ubnt-cfgd[164589]: inactive Apr 06 18:03:43.133832 osdx INFO[164613]: FRR daemons did not change Apr 06 18:03:43.292314 osdx kernel: app-detect: module init Apr 06 18:03:43.292373 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:03:43.292397 osdx kernel: app-detect: expression init Apr 06 18:03:43.292409 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:03:43.292420 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:03:43.332320 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:03:43.379990 osdx WARNING[164714]: No supported link modes on interface eth0 Apr 06 18:03:43.381621 osdx modulelauncher[164714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:03:43.381636 osdx modulelauncher[164714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:03:43.383282 osdx modulelauncher[164714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:03:43.383293 osdx modulelauncher[164714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:03:43.655419 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:03:43.668546 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:03:43.683867 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:03:43.871426 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Apr 06 18:03:44.008233 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Apr 06 18:03:44.184736 osdx file_operation[164864]: using src url: https://www.marca.com dst url: running://index.html Apr 06 18:03:44.212313 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=34031 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216319 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=34035 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216353 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34034 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216363 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34033 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.216384 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34032 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.250640 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=34036 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.407511 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34037 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.467163 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34038 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.615990 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34039 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:44.907177 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34040 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.027853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34041 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.787221 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=34042 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:45.859983 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34043 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:47.523970 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34044 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:47.609204 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=46 ID=34045 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:49.108360 osdx file_operation.py[164864]: Operation aborted by user. Apr 06 18:03:49.127205 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Apr 06 18:03:49.172320 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=34046 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:49.329002 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal show | cat'. Apr 06 18:03:49.500635 osdx file_operation[164884]: using src url: http://www.facebook.es dst url: running://index.html Apr 06 18:03:49.516310 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19302 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:49.516355 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19303 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:49.646104 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19304 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:49.720113 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19305 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:49.853879 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19306 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:49.931079 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19307 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:50.062909 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19308 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:50.372194 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19309 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:50.477872 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19310 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:50.883240 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=34047 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:51.129101 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=46 ID=34048 DF PROTO=TCP SPT=443 DPT=36488 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:03:51.236168 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19311 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:51.366860 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19312 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:52.932057 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19313 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:53.029780 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=19314 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:54.466794 osdx file_operation.py[164884]: Operation aborted by user. Apr 06 18:03:54.480309 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=19315 DF PROTO=TCP SPT=80 DPT=48170 WINDOW=261 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Apr 06 18:03:54.481271 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://www.facebook.es running://index.html force'.
Drop Traffic not in a provider dictionary
Description
This example illustrates how to drop all traffic that does not belong to a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.215 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.215/0.215/0.215/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=49 time=3.93 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.927/3.927/3.927/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 22.1M 0 --:--:-- --:--:-- --:--:-- 32.5M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Apr 06 18:03:59.330284 osdx systemd-journald[141360]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 1.9M, max 13.8M, 11.8M free. Apr 06 18:03:59.330714 osdx systemd-journald[141360]: Received client request to rotate journal, rotating. Apr 06 18:03:59.330746 osdx systemd-journald[141360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1. Apr 06 18:03:59.341703 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system journal clear'. Apr 06 18:03:59.635059 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'system coredump delete all'. Apr 06 18:03:59.873512 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:03:59.968431 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 06 18:04:00.019075 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Apr 06 18:04:00.143863 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 06 18:04:00.203165 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show working'. Apr 06 18:04:00.299207 osdx ubnt-cfgd[165150]: inactive Apr 06 18:04:00.318279 osdx INFO[165156]: FRR daemons did not change Apr 06 18:04:00.342519 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 06 18:04:00.380456 osdx WARNING[165224]: No supported link modes on interface eth0 Apr 06 18:04:00.381874 osdx modulelauncher[165224]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 06 18:04:00.381888 osdx modulelauncher[165224]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 06 18:04:00.383051 osdx modulelauncher[165224]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 06 18:04:00.383061 osdx modulelauncher[165224]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 06 18:04:00.450614 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:04:00.461510 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:04:00.477740 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:04:00.626824 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 06 18:04:00.730456 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Apr 06 18:04:00.902660 osdx file_operation[165351]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Apr 06 18:04:00.925022 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Apr 06 18:04:01.063248 osdx OSDxCLI[149721]: User 'admin' entered the configuration menu. Apr 06 18:04:01.131061 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Apr 06 18:04:01.227603 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Apr 06 18:04:01.278688 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Apr 06 18:04:01.372597 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Apr 06 18:04:01.426221 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Apr 06 18:04:01.559565 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Apr 06 18:04:01.626949 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Apr 06 18:04:01.726609 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Apr 06 18:04:01.776956 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 06 18:04:01.871835 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Apr 06 18:04:01.928483 osdx OSDxCLI[149721]: User 'admin' added a new cfg line: 'show changes'. Apr 06 18:04:02.027003 osdx ubnt-cfgd[165381]: inactive Apr 06 18:04:02.065871 osdx INFO[165405]: FRR daemons did not change Apr 06 18:04:02.214519 osdx kernel: app-detect: module init Apr 06 18:04:02.214593 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 06 18:04:02.214608 osdx kernel: app-detect: expression init Apr 06 18:04:02.214620 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 06 18:04:02.214632 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 06 18:04:02.597286 osdx cfgd[1668]: [149721]Completed change to active configuration Apr 06 18:04:02.599255 osdx OSDxCLI[149721]: User 'admin' committed the configuration. Apr 06 18:04:02.622663 osdx OSDxCLI[149721]: User 'admin' left the configuration menu. Apr 06 18:04:02.818342 osdx file_operation[165483]: using src url: https://www.marca.com dst url: running://index.html Apr 06 18:04:02.842416 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=16052 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:02.846511 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=16056 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:02.846532 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=2940 TOS=0x00 PREC=0x00 TTL=50 ID=16054 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:02.846546 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=16053 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:02.875598 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=16057 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:03.041531 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=16058 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:03.093757 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=16059 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:03.253592 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=16060 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:03.524791 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=16061 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:03.682005 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=16062 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:04.429745 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=16063 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:04.550967 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=16064 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:06.158082 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=48 ID=16065 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:06.242350 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=16066 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:07.766483 osdx file_operation.py[165483]: Operation aborted by user. Apr 06 18:04:07.782522 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:55:11:47:30:d3:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=16067 DF PROTO=TCP SPT=443 DPT=40140 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Apr 06 18:04:07.784287 osdx OSDxCLI[149721]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'.