snort-1 and snort-2 - stale PID file found, process will be restarted at the next 5-minute interval!

[offe...@gmail.com]

Hey all,

There are several post in here relating too this issue...

but none of them or solutions provided has helped me out..

So when i do this

sudo service nsm status

I get this:

Status: securityonion
* sguil server [ OK ]
Status: HIDS
* ossec_agent (sguil) [ OK ]
Status: Bro
Name Type Host Status Pid Peers Started
manager manager 10.10.10.19 running 23862 3 09 Aug 10:11:09
proxy proxy 10.10.10.19 running 23912 3 09 Aug 10:11:11
IDS-Server01-eth0-1 worker 10.10.10.19 running 23972 2 09 Aug 10:11:13
IDS-Server01-eth0-2 worker 10.10.10.19 running 23973 2 09 Aug 10:11:13
Status: IDS-Server01-eth0
* netsniff-ng (full packet data) [ OK ]
* pcap_agent (sguil) [ OK ]
* snort_agent-1 (sguil) [ OK ]
* snort_agent-2 (sguil) [ OK ]
* snort-1 (alert data) [ FAIL ]
* stale PID file found, process will be restarted at the next 5-minute interval!
* snort-2 (alert data) [ FAIL ]
* stale PID file found, process will be restarted at the next 5-minute interval!
* barnyard2-1 (spooler, unified2 format) [ OK ]
* barnyard2-2 (spooler, unified2 format) [ OK ]
* prads (sessions/assets) [ OK ]
* sancp_agent (sguil) [ OK ]
* pads_agent (sguil) [ OK ]
* argus [ OK ]
* http_agent (sguil) [ OK ]


sudo nsm_sensor_ps-restart didn't help..

ps aux | grep -i "snort" showed this:

root 2934 0.0 0.0 4344 356 ? S 08:55 0:00 tail -n 1 -f /nsm/sensor_data/IDS-Server01-eth0/snort-1.stats
root 2955 0.0 0.0 4344 608 ? S 08:55 0:00 tail -n 1 -f /nsm/sensor_data/IDS-Server01-eth0/snort-2.stats
sguil 24056 1.1 1.4 288060 261676 pts/0 SL 10:11 0:47 netsniff-ng -i eth0 -o /nsm/sensor_data/IDS-Server01-eth0/dailylogs/2013-08-09/ --user 1004 --group 1001 -s --prefix snort.log. --interval 150 iB
root 24134 0.0 0.0 35724 4576 pts/0 S 10:11 0:00 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/IDS-Server01-eth0/snort_agent-1.conf
root 24136 0.0 0.0 7196 616 pts/0 S 10:11 0:00 tail -n 1 -f /nsm/sensor_data/IDS-Server01-eth0/snort-1.stats
root 29538 0.0 0.0 35388 4148 pts/0 S 10:22 0:00 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/IDS-Server01-eth0/snort_agent-2.conf
root 29540 0.0 0.0 7196 616 pts/0 S 10:22 0:00 tail -n 1 -f /nsm/sensor_data/IDS-Server01-eth0/snort-2.stats
root 29695 0.4 0.3 165112 64228 pts/0 S 10:22 0:15 barnyard2 -c /etc/nsm/IDS-Server01-eth0/barnyard2-1.conf -d /nsm/sensor_data/IDS-Server01-eth0/snort-1 -f snort.unified2 -w /etc/nsm/IDS-Server01-eth0/barnyard2.waldo-1 -i 1 -U
root 29735 0.4 0.3 165112 63960 pts/0 S 10:22 0:15 barnyard2 -c /etc/nsm/IDS-Server01-eth0/barnyard2-2.conf -d /nsm/sensor_data/IDS-Server01-eth0/snort-2 -f snort.unified2 -w /etc/nsm/IDS-Server01-eth0/barnyard2.waldo-2 -i 2 -U
support 41210 0.0 0.0 9392 928 pts/0 R+ 11:20 0:00 grep --color=auto -i snort


ls /var/log/nsm/servername-eth0/ has the following logs:

support@IDS-Server01:~$ ls /var/log/nsm/IDS-Server01-eth0/
argus.log barnyard2-1.log.20130806070146 barnyard2-2.log.20130806070147 http_agent.log.20130809000008 snort_agent-1.log.20130809101117 snortu-2.log
argus.log.20130801000004 barnyard2-1.log.20130806070502 barnyard2-2.log.20130807070150 http_agent.log.20130809102239 snort_agent-2.log snortu-2.log.20130809103503
argus.log.20130802000004 barnyard2-1.log.20130807070147 barnyard2-2.log.20130808070117 netsniff-ng.log snort_agent-2.log.20130809102226 snortu-2.log.20130809104002
argus.log.20130803000004 barnyard2-1.log.20130808070115 barnyard2-2.log.20130809070159 netsniff-ng.log.20130716000001 snortu-1.log snortu-2.log.20130809104503
argus.log.20130804000004 barnyard2-1.log.20130808070502 barnyard2-2.log.20130809102230 netsniff-ng.log.20130806000002 snortu-1.log.20130809103502 snortu-2.log.20130809105003
argus.log.20130805000004 barnyard2-1.log.20130809070156 http_agent.log pads_agent.log snortu-1.log.20130809104001 snortu-2.log.20130809105503
argus.log.20130806000004 barnyard2-1.log.20130809070501 http_agent.log.20130801000005 pads_agent.log.20130809102235 snortu-1.log.20130809104501 snortu-2.log.20130809110002
argus.log.20130807000008 barnyard2-1.log.20130809102229 http_agent.log.20130802000006 pcap_agent.log snortu-1.log.20130809105002 snortu-2.log.20130809110503
argus.log.20130808000004 barnyard2-2.log http_agent.log.20130803000005 pcap_agent.log.20130809101116 snortu-1.log.20130809105502 snortu-2.log.20130809111002
argus.log.20130809000007 barnyard2-2.log.20130801070159 http_agent.log.20130804000005 prads.log snortu-1.log.20130809110001 snortu-2.log.20130809111502
argus.log.20130809102238 barnyard2-2.log.20130802070131 http_agent.log.20130805000005 prads.log.20130809102233 snortu-1.log.20130809110501 snortu-2.log.20130809112003
barnyard2-1.log barnyard2-2.log.20130803070129 http_agent.log.20130806000006 sancp_agent.log snortu-1.log.20130809111001
barnyard2-1.log.20130804070114 barnyard2-2.log.20130804070116 http_agent.log.20130807000010 sancp_agent.log.20130809102236 snortu-1.log.20130809111501
barnyard2-1.log.20130805070113 barnyard2-2.log.20130805070115 http_agent.log.20130808000005 snort_agent-1.log snortu-1.log.20130809112001


but i don't know which to tail if you want to see anything in them.. i don't get it :)

tail -100 /var/log/nsm/securityonion/sguild.log

showed:

2013-08-09 11:21:50 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:50', last_uid='1' WHERE sid=7 AND cid=6650090
2013-08-09 11:21:50 pid(9096) Sending sock15: ConfirmEvent 6650090
2013-08-09 11:21:50 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650091 6650091 55524C206261636B75702E69742D6772702E646B 87.54.37.154 10.10.10.22 6 35946 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A202F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D7362733230303840707274726164696E672E646B267665723D392E302E30266F733D57696E646F77732B323030332669703D31302E34352E33352E31302052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031333820526573706F6E736520426F6479204C656E6774683A20343439362053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A20564941202D3E205765626361742D536B65696E2D4330323031323439303033362D49324A43455A204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2062767656384D5168345331
2013-08-09 11:21:50 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650091 {URL backup.it-grp.dk} 87.54.37.154 10.10.10.22 6 35946 80 10001 420042 1 6650091 6650091
2013-08-09 11:21:50 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:50 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:50', last_uid='1' WHERE sid=7 AND cid=6650091
2013-08-09 11:21:50 pid(9096) Sending sock15: ConfirmEvent 6650091
2013-08-09 11:21:50 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650092 6650092 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 35945 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A202F7264722F6F62632F6C6F636174654F6273722E6F62633F753D7362733230303840707274726164696E672E646B2052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20313032312053746174757320436F64653A2034303420537461747573204D6573736167653A204E6F7420466F756E6420496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A20564941202D3E205765626361742D536B65696E2D4330323031323439303033362D49324A43455A204D494D4520547970653A20746578742F68746D6C204D44353A202D2045787472616374696F6E2046696C653A202D205549443A20356A6A5A547A44787A4E37
2013-08-09 11:21:50 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650092 {URL backup.it-grp.dk} 87.54.37.154 10.10.10.22 6 35945 80 10001 420042 1 6650092 6650092
2013-08-09 11:21:50 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:50 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:50', last_uid='1' WHERE sid=7 AND cid=6650092
2013-08-09 11:21:50 pid(9096) Sending sock15: ConfirmEvent 6650092
2013-08-09 11:21:50 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650093 6650093 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 35946 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A202F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D7362733230303840707274726164696E672E646B267665723D392E302E30266F733D57696E646F77732B323030332669703D31302E34352E33352E31302052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031333820526573706F6E736520426F6479204C656E6774683A20343439362053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A20564941202D3E205765626361742D536B65696E2D4330323031323439303033362D49324A43455A204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A20376A51644C35557A6B6936
2013-08-09 11:21:50 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:49} 7 6650093 {URL backup.it-grp.dk} 87.54.37.154 10.10.10.22 6 35946 80 10001 420042 1 6650093 6650093
2013-08-09 11:21:50 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:50 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:50', last_uid='1' WHERE sid=7 AND cid=6650093
2013-08-09 11:21:50 pid(9096) Sending sock15: ConfirmEvent 6650093
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650094 6650094 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 43005 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F7264722F6F62632F6C6F636174654F6273722E6F62633F753D68732D7362733230313140686F74656C736B6F7673686F7665642E646B2052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A20373020526573706F6E736520426F6479204C656E6774683A20313032312053746174757320436F64653A2034303420537461747573204D6573736167653A204E6F7420466F756E6420496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A20746578742F68746D6C204D44353A202D2045787472616374696F6E2046696C653A202D205549443A20356B5450536A3242755937
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650094 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 43005 80 10001 420042 1 6650094 6650094
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650094
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650094
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650095 6650095 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 43006 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D68732D7362733230313140686F74656C736B6F7673686F7665642E646B267665723D392E302E30266F733D57696E646F77732B5365727665722B323030382B52322669703D3139322E3136382E39322E32312052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031343220526573706F6E736520426F6479204C656E6774683A20393930332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A20354777536F486869474338
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650095 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 43006 80 10001 420042 1 6650095 6650095
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650095
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650095
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650096 6650096 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2033205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2067544559514A36796A3569
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650096 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650096 6650096
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650096
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650096
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650097 6650097 55524C206261636B75702E69742D6772702E646B 93.163.45.226 10.10.10.22 6 43005 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F7264722F6F62632F6C6F636174654F6273722E6F62633F753D68732D7362733230313140686F74656C736B6F7673686F7665642E646B2052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A20373020526573706F6E736520426F6479204C656E6774683A20313032312053746174757320436F64653A2034303420537461747573204D6573736167653A204E6F7420466F756E6420496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A20746578742F68746D6C204D44353A202D2045787472616374696F6E2046696C653A202D205549443A204F383159634C525A453368
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650097 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 43005 80 10001 420042 1 6650097 6650097
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650097
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650097
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650098 6650098 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 43006 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D68732D7362733230313140686F74656C736B6F7673686F7665642E646B267665723D392E302E30266F733D57696E646F77732B5365727665722B323030382B52322669703D3139322E3136382E39322E32312052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031343220526573706F6E736520426F6479204C656E6774683A20393930332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2053433935746C6E616D6637
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650098 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 43006 80 10001 420042 1 6650098 6650098
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650098
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650098
2013-08-09 11:21:51 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650099 6650099 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2033205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2047346E4B71486830536364
2013-08-09 11:21:51 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:21:50} 7 6650099 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650099 6650099
2013-08-09 11:21:51 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:21:51 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:21:51', last_uid='1' WHERE sid=7 AND cid=6650099
2013-08-09 11:21:51 pid(9096) Sending sock15: ConfirmEvent 6650099
2013-08-09 11:22:12 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650100 6650100 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 54204 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F7264722F6F62632F6C6F636174654F6273722E6F62633F753D68732D666964656C696F40686F74656C736B6F7673686F7665642E646B2052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A20373020526573706F6E736520426F6479204C656E6774683A20313032312053746174757320436F64653A2034303420537461747573204D6573736167653A204E6F7420466F756E6420496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A20746578742F68746D6C204D44353A202D2045787472616374696F6E2046696C653A202D205549443A20534658447675644C72306B
2013-08-09 11:22:12 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650100 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 54204 80 10001 420042 1 6650100 6650100
2013-08-09 11:22:12 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:12 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:12', last_uid='1' WHERE sid=7 AND cid=6650100
2013-08-09 11:22:12 pid(9096) Sending sock15: ConfirmEvent 6650100
2013-08-09 11:22:12 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650101 6650101 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 54205 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D68732D666964656C696F40686F74656C736B6F7673686F7665642E646B267665723D392E302E30266F733D57696E646F77732B5365727665722B323030382B52322669703D3139322E3136382E39322E332052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031343220526573706F6E736520426F6479204C656E6774683A20363830352053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A205A6F6F4756794C76417736
2013-08-09 11:22:12 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650101 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 54205 80 10001 420042 1 6650101 6650101
2013-08-09 11:22:12 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:12 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:12', last_uid='1' WHERE sid=7 AND cid=6650101
2013-08-09 11:22:12 pid(9096) Sending sock15: ConfirmEvent 6650101
2013-08-09 11:22:12 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650102 6650102 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 54204 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F7264722F6F62632F6C6F636174654F6273722E6F62633F753D68732D666964656C696F40686F74656C736B6F7673686F7665642E646B2052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A20373020526573706F6E736520426F6479204C656E6774683A20313032312053746174757320436F64653A2034303420537461747573204D6573736167653A204E6F7420466F756E6420496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A20746578742F68746D6C204D44353A202D2045787472616374696F6E2046696C653A202D205549443A204F59514E474B3246436769
2013-08-09 11:22:12 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650102 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 54204 80 10001 420042 1 6650102 6650102
2013-08-09 11:22:12 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:12 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:12', last_uid='1' WHERE sid=7 AND cid=6650102
2013-08-09 11:22:12 pid(9096) Sending sock15: ConfirmEvent 6650102
2013-08-09 11:22:12 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650103 6650103 55524C206261636B75702E69742D6772702E646B XX.XX.XX.XX XX.XX.XX.XX 6 54205 80 10001 420042 1 4D6574686F643A20504F535420486F73743A206261636B75702E69742D6772702E646B205552493A20687474703A2F2F6261636B75702E69742D6772702E646B3A38302F6F62732F6F626D362F66696C652F47657450726F66696C652E6F62633F753D68732D666964656C696F40686F74656C736B6F7673686F7665642E646B267665723D392E302E30266F733D57696E646F77732B5365727665722B323030382B52322669703D3139322E3136382E39322E332052656665727265723A202D2055413A204A6176612C56656E646F723D53756E204D6963726F73797374656D7320496E632E2C56657273696F6E3D312E362E305F3233205472616E732044657074683A2031205265717565737420426F6479204C656E6774683A2031343220526573706F6E736520426F6479204C656E6774683A20363830352053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A2050524F58592D434F4E4E454354494F4E202D3E204B6565702D416C697665204D494D4520547970653A206170706C69636174696F6E2F6F637465742D73747265616D204D44353A202D2045787472616374696F6E2046696C653A202D205549443A205561684138684C62513668
2013-08-09 11:22:12 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:10} 7 6650103 {URL backup.it-grp.dk} 93.163.45.226 10.10.10.22 6 54205 80 10001 420042 1 6650103 6650103
2013-08-09 11:22:12 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:12 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:12', last_uid='1' WHERE sid=7 AND cid=6650103
2013-08-09 11:22:12 pid(9096) Sending sock15: ConfirmEvent 6650103
2013-08-09 11:22:18 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:16} 7 6650104 6650104 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2034205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2067544559514A36796A3569
2013-08-09 11:22:18 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:16} 7 6650104 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650104 6650104
2013-08-09 11:22:18 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:18 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:18', last_uid='1' WHERE sid=7 AND cid=6650104
2013-08-09 11:22:18 pid(9096) Sending sock15: ConfirmEvent 6650104
2013-08-09 11:22:18 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:16} 7 6650105 6650105 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2034205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2047346E4B71486830536364
2013-08-09 11:22:18 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:16} 7 6650105 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650105 6650105
2013-08-09 11:22:18 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:18 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:18', last_uid='1' WHERE sid=7 AND cid=6650105
2013-08-09 11:22:18 pid(9096) Sending sock15: ConfirmEvent 6650105
2013-08-09 11:22:26 pid(9096) Sensor Data Rcvd: PING
2013-08-09 11:22:26 pid(9096) Sent sock16: PONG
2013-08-09 11:22:35 pid(9096) Sensor Data Rcvd: PING
2013-08-09 11:22:35 pid(9096) Sent sock19: PONG
2013-08-09 11:22:36 pid(9096) Sensor Data Rcvd: PING
2013-08-09 11:22:36 pid(9096) Sent sock21: PONG
2013-08-09 11:22:36 pid(9096) Sensor agent connect from 127.0.0.1:45414 sock421
2013-08-09 11:22:36 pid(9096) Validating sensor access: 127.0.0.1 :
2013-08-09 11:22:36 pid(9096) Valid sensor agent: 127.0.0.1
2013-08-09 11:22:36 pid(9096) Sensor Data Rcvd: VersionInfo {SGUIL-0.8.0 OPENSSL ENABLED}
2013-08-09 11:22:36 pid(9096) Sensor Data Rcvd: RegisterAgent data IDS-Server01-eth0 IDS-Server01-eth0
2013-08-09 11:22:36 pid(9096) Sensor Data Rcvd: SancpFile 6 parsed.IDS-Server01-eth0.stats.eth0.1376047355.20130809 14003
2013-08-09 11:22:40 pid(9320) loaderd: Loaded /nsm/server_data/securityonion/load/parsed.IDS-Server01-eth0.stats.eth0.1376047355.20130809 into the table sancp_IDS-Server01-eth0_20130809.
2013-08-09 11:22:44 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:42} 7 6650106 6650106 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2035205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2047346E4B71486830536364
2013-08-09 11:22:44 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:42} 7 6650106 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650106 6650106
2013-08-09 11:22:44 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:44 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:44', last_uid='1' WHERE sid=7 AND cid=6650106
2013-08-09 11:22:44 pid(9096) Sending sock15: ConfirmEvent 6650106
2013-08-09 11:22:44 pid(9096) Sensor Data Rcvd: GenericEvent 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:42} 7 6650107 6650107 55524C20656B73747261626C616465742E646B XX.XX.XX.XX XX.XX.XX.XX 6 58311 80 10001 420042 1 4D6574686F643A2047455420486F73743A20656B73747261626C616465742E646B205552493A202F7372746A736F6E2F3F737065633D6465736B746F702F6D61746368757064617465722673706F7274733D31266D6174636865733D333931383230332C343139393433352C343030313539312C333334313831382C333934333633312C343137383139332C343133353538392C343135323038392C343135323039352C3431353230393726706172616D65746572733D7375627365743D6D617463686576656E74732C7465616D732052656665727265723A20687474703A2F2F656B73747261626C616465742E646B2F2055413A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E323B20574F57363429204170706C655765624B69742F3533372E333620284B48544D4C2C206C696B65204765636B6F29204368726F6D652F32382E302E313530302E3935205361666172692F3533372E3336205472616E732044657074683A2035205265717565737420426F6479204C656E6774683A203020526573706F6E736520426F6479204C656E6774683A20383334332053746174757320436F64653A2032303020537461747573204D6573736167653A204F4B20496E666F20436F64653A202D20496E666F204D6573736167653A202D2046696C656E616D653A202D20546167733A2028656D7074792920557365726E616D653A202D2050617373776F72643A202D2050726F786965643A202D204D494D4520547970653A20746578742F706C61696E204D44353A202D2045787472616374696F6E2046696C653A202D205549443A2067544559514A36796A3569
2013-08-09 11:22:44 pid(9096) Alert Received: 0 3 misc-activity IDS-Server01-eth0 {2013-08-09 11:22:42} 7 6650107 {URL ekstrabladet.dk} 10.10.10.102 91.214.22.64 6 58311 80 10001 420042 1 6650107 6650107
2013-08-09 11:22:44 pid(9096) AUTO MARKING EVENT AS : 1
2013-08-09 11:22:44 pid(9096) UPDATE `event_IDS-Server01-eth0_20130809` SET status=1, last_modified='2013-08-09 11:22:44', last_uid='1' WHERE sid=7 AND cid=6650107
2013-08-09 11:22:44 pid(9096) Sending sock15: ConfirmEvent 6650107


I hope the information provided is not too overwhelming..

oops almost forgot the sostat:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.08.09 11:52:54 =~=~=~=~=~=~=~=~=~=~=~=
login as: support
sup...@10.10.10.19's password:
Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.5.0-37-generic x86_64)

* Documentation: https://help.ubuntu.com/

System information as of Fri Aug 9 11:52:59 UTC 2013

System load: 2.65 Processes: 154
Usage of /: 84.7% of 8.10TB Users logged in: 1
Memory usage: 59% IP address for eth1: 10.10.10.19
Swap usage: 0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Fri Aug 9 11:51:21 2013 from term01.itg.local
]0;support@IDS-Server01: ~ support@IDS-Server01:~$ sudo sostat
[sudo] password for support:
Sorry, try again.
[sudo] password for support:
=========================================================================
Service Status
=========================================================================
Status: securityonion
* sguil server[ OK ]
Status: HIDS
* ossec_agent (sguil)[ OK ]
Status: Bro
Name Type Host Status Pid Peers Started
manager manager 10.10.10.19 running 23862 3 09 Aug 10:11:09
proxy proxy 10.10.10.19 running 23912 3 09 Aug 10:11:11
IDS-Server01-eth0-1 worker 10.10.10.19 running 23972 2 09 Aug 10:11:13
IDS-Server01-eth0-2 worker 10.10.10.19 running 23973 2 09 Aug 10:11:13
Status: IDS-Server01-eth0
* netsniff-ng (full packet data)[ OK ]
* pcap_agent (sguil)[ OK ]
* snort_agent-1 (sguil)[ OK ]
* snort_agent-2 (sguil)[ OK ]
* snort-1 (alert data)[ FAIL ]
* stale PID file found, process will be restarted at the next 5-minute interval!
* snort-2 (alert data)[ FAIL ]
* stale PID file found, process will be restarted at the next 5-minute interval!
* barnyard2-1 (spooler, unified2 format)[ OK ]
* barnyard2-2 (spooler, unified2 format)[ OK ]
* prads (sessions/assets)[ OK ]
* sancp_agent (sguil)[ OK ]
* pads_agent (sguil)[ OK ]
* argus[ OK ]
* http_agent (sguil)[ OK ]

=========================================================================
Interface Status
=========================================================================
eth0 Link encap:Ethernet HWaddr 88:51:fb:28:55:88
UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
RX packets:23555156 errors:0 dropped:42 overruns:0 frame:0
TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21718967460 (21.7 GB) TX bytes:117640 (117.6 KB)
Interrupt:16

eth1 Link encap:Ethernet HWaddr 88:51:fb:28:55:89
inet addr:10.10.10.19 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::8a51:fbff:fe28:5589/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87593 errors:0 dropped:148 overruns:0 frame:0
TX packets:11085 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16455505 (16.4 MB) TX bytes:2525655 (2.5 MB)
Interrupt:17

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:136865 errors:0 dropped:0 overruns:0 frame:0
TX packets:136865 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:169686485 (169.6 MB) TX bytes:169686485 (169.6 MB)


=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/IDS--Server01-root 8.2T 6.9T 848G 90% /
udev 8.8G 4.0K 8.8G 1% /dev
tmpfs 3.6G 328K 3.6G 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 8.9G 0 8.9G 0% /run/shm
/dev/sda2 229M 175M 42M 81% /boot

=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 811 root 3u IPv6 1593 0t0 TCP *:22 (LISTEN)
sshd 811 root 4u IPv4 1595 0t0 TCP *:22 (LISTEN)
mysqld 1072 mysql 10u IPv4 11249 0t0 TCP 127.0.0.1:3306 (LISTEN)
mysqld 1072 mysql 264u IPv4 252804 0t0 TCP 127.0.0.1:3306->127.0.0.1:48467 (ESTABLISHED)
mysqld 1072 mysql 802u IPv4 254017 0t0 TCP 127.0.0.1:3306->127.0.0.1:48381 (ESTABLISHED)
syslog-ng 1096 root 9u IPv4 10738 0t0 TCP *:514 (LISTEN)
syslog-ng 1096 root 10u IPv4 10739 0t0 UDP *:514
searchd 1103 sphinxsearch 7u IPv4 10875 0t0 TCP *:9306 (LISTEN)
searchd 1103 sphinxsearch 8u IPv4 10876 0t0 TCP *:9312 (LISTEN)
ossec-rem 1188 ossecr 4u IPv4 8941 0t0 UDP *:1514
/usr/sbin 1497 root 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1497 root 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1497 root 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1497 root 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 1546 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1546 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1546 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1546 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 1547 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1547 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1547 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1547 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 1548 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1548 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1548 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1548 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 1549 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1549 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1549 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1549 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 1550 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 1550 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 1550 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 1550 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
ntpd 2506 ntp 16u IPv4 13557 0t0 UDP *:123
ntpd 2506 ntp 17u IPv6 13558 0t0 UDP *:123
ntpd 2506 ntp 18u IPv4 13564 0t0 UDP 127.0.0.1:123
ntpd 2506 ntp 19u IPv4 13565 0t0 UDP 10.10.10.19:123
ntpd 2506 ntp 20u IPv6 13566 0t0 UDP [fe80::8a51:fbff:fe28:5589]:123
ntpd 2506 ntp 21u IPv6 13567 0t0 UDP [::1]:123
sshd 7591 root 3u IPv4 24395 0t0 TCP 10.10.10.19:22->10.10.10.113:52983 (ESTABLISHED)
sshd 7777 support 3u IPv4 24395 0t0 TCP 10.10.10.19:22->10.10.10.113:52983 (ESTABLISHED)
sshd 7777 support 8u IPv6 25201 0t0 TCP [::1]:6010 (LISTEN)
sshd 7777 support 9u IPv4 25202 0t0 TCP 127.0.0.1:6010 (LISTEN)
tclsh 9096 root 13u IPv4 254010 0t0 TCP *:7734 (LISTEN)
tclsh 9096 root 14u IPv4 254011 0t0 TCP *:7736 (LISTEN)
tclsh 9096 root 15u IPv4 254012 0t0 TCP 127.0.0.1:7736->127.0.0.1:44710 (ESTABLISHED)
tclsh 9096 root 16u IPv4 254013 0t0 TCP 127.0.0.1:7736->127.0.0.1:44711 (ESTABLISHED)
tclsh 9096 root 17u IPv4 253236 0t0 TCP 127.0.0.1:7736->127.0.0.1:44712 (ESTABLISHED)
tclsh 9096 root 18u IPv4 253238 0t0 TCP 127.0.0.1:7736->127.0.0.1:44713 (ESTABLISHED)
tclsh 9096 root 19u IPv4 252728 0t0 TCP 127.0.0.1:7736->127.0.0.1:44715 (ESTABLISHED)
tclsh 9096 root 20u IPv4 250497 0t0 TCP 127.0.0.1:7736->127.0.0.1:44716 (ESTABLISHED)
tclsh 9096 root 21u IPv4 250498 0t0 TCP 127.0.0.1:7736->127.0.0.1:44717 (ESTABLISHED)
tclsh 9096 root 22u IPv4 250499 0t0 TCP 127.0.0.1:7736->127.0.0.1:44718 (ESTABLISHED)
tclsh 9096 root 23u IPv4 256387 0t0 TCP 127.0.0.1:7736->127.0.0.1:44843 (ESTABLISHED)
tclsh 9096 root 24u IPv4 256388 0t0 TCP 127.0.0.1:7736->127.0.0.1:44842 (ESTABLISHED)
tclsh 9096 root 25u IPv4 253855 0t0 TCP 127.0.0.1:7736->127.0.0.1:44845 (ESTABLISHED)
tclsh 9096 root 26u IPv4 253856 0t0 TCP 127.0.0.1:7736->127.0.0.1:44846 (ESTABLISHED)
tclsh 9096 root 27u IPv4 255284 0t0 TCP 127.0.0.1:7736->127.0.0.1:44847 (ESTABLISHED)
tclsh 9096 root 28u IPv4 255285 0t0 TCP 127.0.0.1:7736->127.0.0.1:44848 (ESTABLISHED)
tclsh 9096 root 29u IPv4 253861 0t0 TCP 127.0.0.1:7736->127.0.0.1:44849 (ESTABLISHED)
tclsh 9096 root 30u IPv4 253862 0t0 TCP 127.0.0.1:7736->127.0.0.1:44850 (ESTABLISHED)
tclsh 9096 root 31u IPv4 254701 0t0 TCP 127.0.0.1:7736->127.0.0.1:44851 (ESTABLISHED)
tclsh 9096 root 32u IPv4 254702 0t0 TCP 127.0.0.1:7736->127.0.0.1:44852 (ESTABLISHED)
tclsh 9096 root 33u IPv4 254703 0t0 TCP 127.0.0.1:7736->127.0.0.1:44853 (ESTABLISHED)
tclsh 9096 root 34u IPv4 254704 0t0 TCP 127.0.0.1:7736->127.0.0.1:44854 (ESTABLISHED)
tclsh 9096 root 35u IPv4 253865 0t0 TCP 127.0.0.1:7736->127.0.0.1:44855 (ESTABLISHED)
tclsh 9096 root 36u IPv4 253866 0t0 TCP 127.0.0.1:7736->127.0.0.1:44856 (ESTABLISHED)
tclsh 9096 root 37u IPv4 256391 0t0 TCP 127.0.0.1:7736->127.0.0.1:44857 (ESTABLISHED)
tclsh 9096 root 38u IPv4 256392 0t0 TCP 127.0.0.1:7736->127.0.0.1:44858 (ESTABLISHED)
tclsh 9096 root 39u IPv4 253867 0t0 TCP 127.0.0.1:7736->127.0.0.1:44859 (ESTABLISHED)
tclsh 9096 root 40u IPv4 253868 0t0 TCP 127.0.0.1:7736->127.0.0.1:44860 (ESTABLISHED)
tclsh 9096 root 41u IPv4 255292 0t0 TCP 127.0.0.1:7736->127.0.0.1:44861 (ESTABLISHED)
tclsh 9096 root 42u IPv4 255293 0t0 TCP 127.0.0.1:7736->127.0.0.1:44862 (ESTABLISHED)
tclsh 9096 root 43u IPv4 256396 0t0 TCP 127.0.0.1:7736->127.0.0.1:44863 (ESTABLISHED)
tclsh 9096 root 44u IPv4 256397 0t0 TCP 127.0.0.1:7736->127.0.0.1:44864 (ESTABLISHED)
tclsh 9096 root 45u IPv4 256398 0t0 TCP 127.0.0.1:7736->127.0.0.1:44865 (ESTABLISHED)
tclsh 9096 root 46u IPv4 256399 0t0 TCP 127.0.0.1:7736->127.0.0.1:44866 (ESTABLISHED)
tclsh 9096 root 47u IPv4 256400 0t0 TCP 127.0.0.1:7736->127.0.0.1:44867 (ESTABLISHED)
tclsh 9096 root 48u IPv4 256401 0t0 TCP 127.0.0.1:7736->127.0.0.1:44868 (ESTABLISHED)
tclsh 9096 root 49u IPv4 253871 0t0 TCP 127.0.0.1:7736->127.0.0.1:44869 (ESTABLISHED)
tclsh 9096 root 50u IPv4 253872 0t0 TCP 127.0.0.1:7736->127.0.0.1:44870 (ESTABLISHED)
tclsh 9096 root 51u IPv4 253874 0t0 TCP 127.0.0.1:7736->127.0.0.1:44871 (ESTABLISHED)
tclsh 9096 root 52u IPv4 253875 0t0 TCP 127.0.0.1:7736->127.0.0.1:44872 (ESTABLISHED)
tclsh 9096 root 53u IPv4 254709 0t0 TCP 127.0.0.1:7736->127.0.0.1:44873 (ESTABLISHED)
tclsh 9096 root 54u IPv4 254710 0t0 TCP 127.0.0.1:7736->127.0.0.1:44874 (ESTABLISHED)
tclsh 9096 root 55u IPv4 254711 0t0 TCP 127.0.0.1:7736->127.0.0.1:44875 (ESTABLISHED)
tclsh 9096 root 56u IPv4 254712 0t0 TCP 127.0.0.1:7736->127.0.0.1:44876 (ESTABLISHED)
tclsh 9096 root 57u IPv4 255297 0t0 TCP 127.0.0.1:7736->127.0.0.1:44877 (ESTABLISHED)
tclsh 9096 root 58u IPv4 255298 0t0 TCP 127.0.0.1:7736->127.0.0.1:44878 (ESTABLISHED)
tclsh 9096 root 59u IPv4 253878 0t0 TCP 127.0.0.1:7736->127.0.0.1:44879 (ESTABLISHED)
tclsh 9096 root 60u IPv4 253879 0t0 TCP 127.0.0.1:7736->127.0.0.1:44880 (ESTABLISHED)
tclsh 9096 root 61u IPv4 255300 0t0 TCP 127.0.0.1:7736->127.0.0.1:44881 (ESTABLISHED)
tclsh 9096 root 62u IPv4 255301 0t0 TCP 127.0.0.1:7736->127.0.0.1:44882 (ESTABLISHED)
tclsh 9096 root 63u IPv4 256408 0t0 TCP 127.0.0.1:7736->127.0.0.1:44883 (ESTABLISHED)
tclsh 9096 root 64u IPv4 256409 0t0 TCP 127.0.0.1:7736->127.0.0.1:44884 (ESTABLISHED)
tclsh 9096 root 65u IPv4 253881 0t0 TCP 127.0.0.1:7736->127.0.0.1:44885 (ESTABLISHED)
tclsh 9096 root 66u IPv4 253882 0t0 TCP 127.0.0.1:7736->127.0.0.1:44886 (ESTABLISHED)
tclsh 9096 root 67u IPv4 253884 0t0 TCP 127.0.0.1:7736->127.0.0.1:44887 (ESTABLISHED)
tclsh 9096 root 68u IPv4 253885 0t0 TCP 127.0.0.1:7736->127.0.0.1:44888 (ESTABLISHED)
tclsh 9096 root 69u IPv4 255303 0t0 TCP 127.0.0.1:7736->127.0.0.1:44889 (ESTABLISHED)
tclsh 9096 root 70u IPv4 255304 0t0 TCP 127.0.0.1:7736->127.0.0.1:44890 (ESTABLISHED)
tclsh 9096 root 71u IPv4 255305 0t0 TCP 127.0.0.1:7736->127.0.0.1:44891 (ESTABLISHED)
tclsh 9096 root 72u IPv4 255306 0t0 TCP 127.0.0.1:7736->127.0.0.1:44892 (ESTABLISHED)
tclsh 9096 root 73u IPv4 254717 0t0 TCP 127.0.0.1:7736->127.0.0.1:44893 (ESTABLISHED)
tclsh 9096 root 74u IPv4 254718 0t0 TCP 127.0.0.1:7736->127.0.0.1:44894 (ESTABLISHED)
tclsh 9096 root 75u IPv4 254719 0t0 TCP 127.0.0.1:7736->127.0.0.1:44895 (ESTABLISHED)
tclsh 9096 root 76u IPv4 255308 0t0 TCP 127.0.0.1:7736->127.0.0.1:44896 (ESTABLISHED)
tclsh 9096 root 77u IPv4 256416 0t0 TCP 127.0.0.1:7736->127.0.0.1:44897 (ESTABLISHED)
tclsh 9096 root 78u IPv4 255309 0t0 TCP 127.0.0.1:7736->127.0.0.1:44898 (ESTABLISHED)
tclsh 9096 root 79u IPv4 255310 0t0 TCP 127.0.0.1:7736->127.0.0.1:44899 (ESTABLISHED)
tclsh 9096 root 80u IPv4 254721 0t0 TCP 127.0.0.1:7736->127.0.0.1:44900 (ESTABLISHED)
tclsh 9096 root 81u IPv4 253888 0t0 TCP 127.0.0.1:7736->127.0.0.1:44901 (ESTABLISHED)
tclsh 9096 root 82u IPv4 256420 0t0 TCP 127.0.0.1:7736->127.0.0.1:44902 (ESTABLISHED)
tclsh 9096 root 83u IPv4 253889 0t0 TCP 127.0.0.1:7736->127.0.0.1:44903 (ESTABLISHED)
tclsh 9096 root 84u IPv4 253890 0t0 TCP 127.0.0.1:7736->127.0.0.1:44904 (ESTABLISHED)
tclsh 9096 root 85u IPv4 254724 0t0 TCP 127.0.0.1:7736->127.0.0.1:44905 (ESTABLISHED)
tclsh 9096 root 86u IPv4 256421 0t0 TCP 127.0.0.1:7736->127.0.0.1:44906 (ESTABLISHED)
tclsh 9096 root 87u IPv4 256422 0t0 TCP 127.0.0.1:7736->127.0.0.1:44907 (ESTABLISHED)
tclsh 9096 root 88u IPv4 255314 0t0 TCP 127.0.0.1:7736->127.0.0.1:44908 (ESTABLISHED)
tclsh 9096 root 89u IPv4 255315 0t0 TCP 127.0.0.1:7736->127.0.0.1:44909 (ESTABLISHED)
tclsh 9096 root 90u IPv4 254728 0t0 TCP 127.0.0.1:7736->127.0.0.1:44910 (ESTABLISHED)
tclsh 9096 root 91u IPv4 253891 0t0 TCP 127.0.0.1:7736->127.0.0.1:44911 (ESTABLISHED)
tclsh 9096 root 92u IPv4 253892 0t0 TCP 127.0.0.1:7736->127.0.0.1:44912 (ESTABLISHED)
tclsh 9096 root 93u IPv4 253893 0t0 TCP 127.0.0.1:7736->127.0.0.1:44913 (ESTABLISHED)
tclsh 9096 root 94u IPv4 253894 0t0 TCP 127.0.0.1:7736->127.0.0.1:44914 (ESTABLISHED)
tclsh 9096 root 95u IPv4 253896 0t0 TCP 127.0.0.1:7736->127.0.0.1:44915 (ESTABLISHED)
tclsh 9096 root 96u IPv4 256424 0t0 TCP 127.0.0.1:7736->127.0.0.1:44916 (ESTABLISHED)
tclsh 9096 root 97u IPv4 253897 0t0 TCP 127.0.0.1:7736->127.0.0.1:44917 (ESTABLISHED)
tclsh 9096 root 98u IPv4 256426 0t0 TCP 127.0.0.1:7736->127.0.0.1:44918 (ESTABLISHED)
tclsh 9096 root 99u IPv4 255319 0t0 TCP 127.0.0.1:7736->127.0.0.1:44919 (ESTABLISHED)
tclsh 9096 root 100u IPv4 253898 0t0 TCP 127.0.0.1:7736->127.0.0.1:44920 (ESTABLISHED)
tclsh 9096 root 101u IPv4 253899 0t0 TCP 127.0.0.1:7736->127.0.0.1:44921 (ESTABLISHED)
tclsh 9096 root 102u IPv4 253900 0t0 TCP 127.0.0.1:7736->127.0.0.1:44922 (ESTABLISHED)
tclsh 9096 root 103u IPv4 253901 0t0 TCP 127.0.0.1:7736->127.0.0.1:44923 (ESTABLISHED)
tclsh 9096 root 104u IPv4 253903 0t0 TCP 127.0.0.1:7736->127.0.0.1:44924 (ESTABLISHED)
tclsh 9096 root 105u IPv4 253904 0t0 TCP 127.0.0.1:7736->127.0.0.1:44925 (ESTABLISHED)
tclsh 9096 root 106u IPv4 256429 0t0 TCP 127.0.0.1:7736->127.0.0.1:44926 (ESTABLISHED)
tclsh 9096 root 107u IPv4 256430 0t0 TCP 127.0.0.1:7736->127.0.0.1:44927 (ESTABLISHED)
tclsh 9096 root 108u IPv4 256431 0t0 TCP 127.0.0.1:7736->127.0.0.1:44928 (ESTABLISHED)
tclsh 9096 root 109u IPv4 256432 0t0 TCP 127.0.0.1:7736->127.0.0.1:44929 (ESTABLISHED)
tclsh 9096 root 110u IPv4 253906 0t0 TCP 127.0.0.1:7736->127.0.0.1:44930 (ESTABLISHED)
tclsh 9096 root 111u IPv4 253907 0t0 TCP 127.0.0.1:7736->127.0.0.1:44931 (ESTABLISHED)
tclsh 9096 root 112u IPv4 254737 0t0 TCP 127.0.0.1:7736->127.0.0.1:44932 (ESTABLISHED)
tclsh 9096 root 113u IPv4 255326 0t0 TCP 127.0.0.1:7736->127.0.0.1:44933 (ESTABLISHED)
tclsh 9096 root 114u IPv4 253909 0t0 TCP 127.0.0.1:7736->127.0.0.1:44934 (ESTABLISHED)
tclsh 9096 root 115u IPv4 253910 0t0 TCP 127.0.0.1:7736->127.0.0.1:44935 (ESTABLISHED)
tclsh 9096 root 116u IPv4 253911 0t0 TCP 127.0.0.1:7736->127.0.0.1:44936 (ESTABLISHED)
tclsh 9096 root 117u IPv4 256434 0t0 TCP 127.0.0.1:7736->127.0.0.1:44937 (ESTABLISHED)
tclsh 9096 root 118u IPv4 256435 0t0 TCP 127.0.0.1:7736->127.0.0.1:44938 (ESTABLISHED)
tclsh 9096 root 119u IPv4 254741 0t0 TCP 127.0.0.1:7736->127.0.0.1:44939 (ESTABLISHED)
tclsh 9096 root 120u IPv4 254742 0t0 TCP 127.0.0.1:7736->127.0.0.1:44940 (ESTABLISHED)
tclsh 9096 root 121u IPv4 255329 0t0 TCP 127.0.0.1:7736->127.0.0.1:44941 (ESTABLISHED)
tclsh 9096 root 122u IPv4 255330 0t0 TCP 127.0.0.1:7736->127.0.0.1:44942 (ESTABLISHED)
tclsh 9096 root 123u IPv4 255331 0t0 TCP 127.0.0.1:7736->127.0.0.1:44943 (ESTABLISHED)
tclsh 9096 root 124u IPv4 254743 0t0 TCP 127.0.0.1:7736->127.0.0.1:44944 (ESTABLISHED)
tclsh 9096 root 125u IPv4 254744 0t0 TCP 127.0.0.1:7736->127.0.0.1:44945 (ESTABLISHED)
tclsh 9096 root 126u IPv4 255334 0t0 TCP 127.0.0.1:7736->127.0.0.1:44946 (ESTABLISHED)
tclsh 9096 root 127u IPv4 255335 0t0 TCP 127.0.0.1:7736->127.0.0.1:44947 (ESTABLISHED)
tclsh 9096 root 128u IPv4 255336 0t0 TCP 127.0.0.1:7736->127.0.0.1:44948 (ESTABLISHED)
tclsh 9096 root 129u IPv4 255337 0t0 TCP 127.0.0.1:7736->127.0.0.1:44949 (ESTABLISHED)
tclsh 9096 root 130u IPv4 253917 0t0 TCP 127.0.0.1:7736->127.0.0.1:44950 (ESTABLISHED)
tclsh 9096 root 131u IPv4 253918 0t0 TCP 127.0.0.1:7736->127.0.0.1:44951 (ESTABLISHED)
tclsh 9096 root 132u IPv4 254746 0t0 TCP 127.0.0.1:7736->127.0.0.1:44952 (ESTABLISHED)
tclsh 9096 root 133u IPv4 254747 0t0 TCP 127.0.0.1:7736->127.0.0.1:44953 (ESTABLISHED)
tclsh 9096 root 134u IPv4 255338 0t0 TCP 127.0.0.1:7736->127.0.0.1:44954 (ESTABLISHED)
tclsh 9096 root 135u IPv4 255339 0t0 TCP 127.0.0.1:7736->127.0.0.1:44955 (ESTABLISHED)
tclsh 9096 root 136u IPv4 253922 0t0 TCP 127.0.0.1:7736->127.0.0.1:44956 (ESTABLISHED)
tclsh 9096 root 137u IPv4 255342 0t0 TCP 127.0.0.1:7736->127.0.0.1:44957 (ESTABLISHED)
tclsh 9096 root 138u IPv4 256441 0t0 TCP 127.0.0.1:7736->127.0.0.1:44958 (ESTABLISHED)
tclsh 9096 root 139u IPv4 255344 0t0 TCP 127.0.0.1:7736->127.0.0.1:44959 (ESTABLISHED)
tclsh 9096 root 140u IPv4 256442 0t0 TCP 127.0.0.1:7736->127.0.0.1:44960 (ESTABLISHED)
tclsh 9096 root 141u IPv4 253924 0t0 TCP 127.0.0.1:7736->127.0.0.1:44961 (ESTABLISHED)
tclsh 9096 root 142u IPv4 255349 0t0 TCP 127.0.0.1:7736->127.0.0.1:44962 (ESTABLISHED)
tclsh 9096 root 143u IPv4 254748 0t0 TCP 127.0.0.1:7736->127.0.0.1:44963 (ESTABLISHED)
tclsh 9096 root 144u IPv4 253925 0t0 TCP 127.0.0.1:7736->127.0.0.1:44964 (ESTABLISHED)
tclsh 9096 root 145u IPv4 256444 0t0 TCP 127.0.0.1:7736->127.0.0.1:44965 (ESTABLISHED)
tclsh 9096 root 146u IPv4 255350 0t0 TCP 127.0.0.1:7736->127.0.0.1:44966 (ESTABLISHED)
tclsh 9096 root 147u IPv4 254751 0t0 TCP 127.0.0.1:7736->127.0.0.1:44967 (ESTABLISHED)
tclsh 9096 root 148u IPv4 254752 0t0 TCP 127.0.0.1:7736->127.0.0.1:44968 (ESTABLISHED)
tclsh 9096 root 149u IPv4 253927 0t0 TCP 127.0.0.1:7736->127.0.0.1:44969 (ESTABLISHED)
tclsh 9096 root 150u IPv4 255352 0t0 TCP 127.0.0.1:7736->127.0.0.1:44970 (ESTABLISHED)
tclsh 9096 root 151u IPv4 254754 0t0 TCP 127.0.0.1:7736->127.0.0.1:44971 (ESTABLISHED)
tclsh 9096 root 152u IPv4 253929 0t0 TCP 127.0.0.1:7736->127.0.0.1:44972 (ESTABLISHED)
tclsh 9096 root 153u IPv4 255353 0t0 TCP 127.0.0.1:7736->127.0.0.1:44973 (ESTABLISHED)
tclsh 9096 root 154u IPv4 253931 0t0 TCP 127.0.0.1:7736->127.0.0.1:44974 (ESTABLISHED)
tclsh 9096 root 155u IPv4 254756 0t0 TCP 127.0.0.1:7736->127.0.0.1:44975 (ESTABLISHED)
tclsh 9096 root 156u IPv4 255354 0t0 TCP 127.0.0.1:7736->127.0.0.1:44976 (ESTABLISHED)
tclsh 9096 root 157u IPv4 256448 0t0 TCP 127.0.0.1:7736->127.0.0.1:44977 (ESTABLISHED)
tclsh 9096 root 158u IPv4 256449 0t0 TCP 127.0.0.1:7736->127.0.0.1:44978 (ESTABLISHED)
tclsh 9096 root 159u IPv4 253935 0t0 TCP 127.0.0.1:7736->127.0.0.1:44979 (ESTABLISHED)
tclsh 9096 root 160u IPv4 254759 0t0 TCP 127.0.0.1:7736->127.0.0.1:44980 (ESTABLISHED)
tclsh 9096 root 161u IPv4 254760 0t0 TCP 127.0.0.1:7736->127.0.0.1:44981 (ESTABLISHED)
tclsh 9096 root 162u IPv4 253936 0t0 TCP 127.0.0.1:7736->127.0.0.1:44982 (ESTABLISHED)
tclsh 9096 root 163u IPv4 256451 0t0 TCP 127.0.0.1:7736->127.0.0.1:44983 (ESTABLISHED)
tclsh 9096 root 164u IPv4 254763 0t0 TCP 127.0.0.1:7736->127.0.0.1:44984 (ESTABLISHED)
tclsh 9096 root 165u IPv4 256453 0t0 TCP 127.0.0.1:7736->127.0.0.1:44985 (ESTABLISHED)
tclsh 9096 root 166u IPv4 255357 0t0 TCP 127.0.0.1:7736->127.0.0.1:44986 (ESTABLISHED)
tclsh 9096 root 167u IPv4 254765 0t0 TCP 127.0.0.1:7736->127.0.0.1:44987 (ESTABLISHED)
tclsh 9096 root 168u IPv4 255358 0t0 TCP 127.0.0.1:7736->127.0.0.1:44988 (ESTABLISHED)
tclsh 9096 root 169u IPv4 256455 0t0 TCP 127.0.0.1:7736->127.0.0.1:44989 (ESTABLISHED)
tclsh 9096 root 170u IPv4 255360 0t0 TCP 127.0.0.1:7736->127.0.0.1:44990 (ESTABLISHED)
tclsh 9096 root 171u IPv4 255362 0t0 TCP 127.0.0.1:7736->127.0.0.1:44991 (ESTABLISHED)
tclsh 9096 root 172u IPv4 254766 0t0 TCP 127.0.0.1:7736->127.0.0.1:44992 (ESTABLISHED)
tclsh 9096 root 173u IPv4 253939 0t0 TCP 127.0.0.1:7736->127.0.0.1:44993 (ESTABLISHED)
tclsh 9096 root 174u IPv4 254768 0t0 TCP 127.0.0.1:7736->127.0.0.1:44994 (ESTABLISHED)
tclsh 9096 root 175u IPv4 255363 0t0 TCP 127.0.0.1:7736->127.0.0.1:44995 (ESTABLISHED)
tclsh 9096 root 176u IPv4 255364 0t0 TCP 127.0.0.1:7736->127.0.0.1:44996 (ESTABLISHED)
tclsh 9096 root 177u IPv4 255365 0t0 TCP 127.0.0.1:7736->127.0.0.1:44997 (ESTABLISHED)
tclsh 9096 root 178u IPv4 254770 0t0 TCP 127.0.0.1:7736->127.0.0.1:44998 (ESTABLISHED)
tclsh 9096 root 179u IPv4 255366 0t0 TCP 127.0.0.1:7736->127.0.0.1:44999 (ESTABLISHED)
tclsh 9096 root 180u IPv4 255367 0t0 TCP 127.0.0.1:7736->127.0.0.1:45000 (ESTABLISHED)
tclsh 9096 root 181u IPv4 255369 0t0 TCP 127.0.0.1:7736->127.0.0.1:45001 (ESTABLISHED)
tclsh 9096 root 182u IPv4 256460 0t0 TCP 127.0.0.1:7736->127.0.0.1:45002 (ESTABLISHED)
tclsh 9096 root 183u IPv4 253944 0t0 TCP 127.0.0.1:7736->127.0.0.1:45003 (ESTABLISHED)
tclsh 9096 root 184u IPv4 256461 0t0 TCP 127.0.0.1:7736->127.0.0.1:45004 (ESTABLISHED)
tclsh 9096 root 185u IPv4 253946 0t0 TCP 127.0.0.1:7736->127.0.0.1:45005 (ESTABLISHED)
tclsh 9096 root 186u IPv4 256462 0t0 TCP 127.0.0.1:7736->127.0.0.1:45006 (ESTABLISHED)
tclsh 9096 root 187u IPv4 254771 0t0 TCP 127.0.0.1:7736->127.0.0.1:45007 (ESTABLISHED)
tclsh 9096 root 188u IPv4 254772 0t0 TCP 127.0.0.1:7736->127.0.0.1:45008 (ESTABLISHED)
tclsh 9096 root 189u IPv4 255373 0t0 TCP 127.0.0.1:7736->127.0.0.1:45009 (ESTABLISHED)
tclsh 9096 root 190u IPv4 256465 0t0 TCP 127.0.0.1:7736->127.0.0.1:45010 (ESTABLISHED)
tclsh 9096 root 191u IPv4 253948 0t0 TCP 127.0.0.1:7736->127.0.0.1:45011 (ESTABLISHED)
tclsh 9096 root 192u IPv4 256466 0t0 TCP 127.0.0.1:7736->127.0.0.1:45012 (ESTABLISHED)
tclsh 9096 root 193u IPv4 256467 0t0 TCP 127.0.0.1:7736->127.0.0.1:45013 (ESTABLISHED)
tclsh 9096 root 194u IPv4 255377 0t0 TCP 127.0.0.1:7736->127.0.0.1:45014 (ESTABLISHED)
tclsh 9096 root 195u IPv4 256468 0t0 TCP 127.0.0.1:7736->127.0.0.1:45015 (ESTABLISHED)
tclsh 9096 root 196u IPv4 254774 0t0 TCP 127.0.0.1:7736->127.0.0.1:45016 (ESTABLISHED)
tclsh 9096 root 197u IPv4 256470 0t0 TCP 127.0.0.1:7736->127.0.0.1:45017 (ESTABLISHED)
tclsh 9096 root 198u IPv4 256471 0t0 TCP 127.0.0.1:7736->127.0.0.1:45018 (ESTABLISHED)
tclsh 9096 root 199u IPv4 256472 0t0 TCP 127.0.0.1:7736->127.0.0.1:45019 (ESTABLISHED)
tclsh 9096 root 200u IPv4 256473 0t0 TCP 127.0.0.1:7736->127.0.0.1:45020 (ESTABLISHED)
tclsh 9096 root 201u IPv4 256474 0t0 TCP 127.0.0.1:7736->127.0.0.1:45021 (ESTABLISHED)
tclsh 9096 root 202u IPv4 254776 0t0 TCP 127.0.0.1:7736->127.0.0.1:45022 (ESTABLISHED)
tclsh 9096 root 203u IPv4 256476 0t0 TCP 127.0.0.1:7736->127.0.0.1:45023 (ESTABLISHED)
tclsh 9096 root 204u IPv4 255384 0t0 TCP 127.0.0.1:7736->127.0.0.1:45024 (ESTABLISHED)
tclsh 9096 root 205u IPv4 253951 0t0 TCP 127.0.0.1:7736->127.0.0.1:45025 (ESTABLISHED)
tclsh 9096 root 206u IPv4 256477 0t0 TCP 127.0.0.1:7736->127.0.0.1:45026 (ESTABLISHED)
tclsh 9096 root 207u IPv4 256478 0t0 TCP 127.0.0.1:7736->127.0.0.1:45027 (ESTABLISHED)
tclsh 9096 root 208u IPv4 254780 0t0 TCP 127.0.0.1:7736->127.0.0.1:45028 (ESTABLISHED)
tclsh 9096 root 209u IPv4 255385 0t0 TCP 127.0.0.1:7736->127.0.0.1:45029 (ESTABLISHED)
tclsh 9096 root 210u IPv4 257025 0t0 TCP 127.0.0.1:7736->127.0.0.1:45030 (ESTABLISHED)
tclsh 9096 root 211u IPv4 254782 0t0 TCP 127.0.0.1:7736->127.0.0.1:45031 (ESTABLISHED)
tclsh 9096 root 212u IPv4 254783 0t0 TCP 127.0.0.1:7736->127.0.0.1:45032 (ESTABLISHED)
tclsh 9096 root 213u IPv4 256481 0t0 TCP 127.0.0.1:7736->127.0.0.1:45033 (ESTABLISHED)
tclsh 9096 root 214u IPv4 257026 0t0 TCP 127.0.0.1:7736->127.0.0.1:45034 (ESTABLISHED)
tclsh 9096 root 215u IPv4 255389 0t0 TCP 127.0.0.1:7736->127.0.0.1:45035 (ESTABLISHED)
tclsh 9096 root 216u IPv4 254785 0t0 TCP 127.0.0.1:7736->127.0.0.1:45036 (ESTABLISHED)
tclsh 9096 root 217u IPv4 255390 0t0 TCP 127.0.0.1:7736->127.0.0.1:45037 (ESTABLISHED)
tclsh 9096 root 218u IPv4 255391 0t0 TCP 127.0.0.1:7736->127.0.0.1:45038 (ESTABLISHED)
tclsh 9096 root 219u IPv4 256483 0t0 TCP 127.0.0.1:7736->127.0.0.1:45039 (ESTABLISHED)
tclsh 9096 root 220u IPv4 254786 0t0 TCP 127.0.0.1:7736->127.0.0.1:45040 (ESTABLISHED)
tclsh 9096 root 221u IPv4 255394 0t0 TCP 127.0.0.1:7736->127.0.0.1:45041 (ESTABLISHED)
tclsh 9096 root 222u IPv4 254787 0t0 TCP 127.0.0.1:7736->127.0.0.1:45042 (ESTABLISHED)
tclsh 9096 root 223u IPv4 254789 0t0 TCP 127.0.0.1:7736->127.0.0.1:45043 (ESTABLISHED)
tclsh 9096 root 224u IPv4 255395 0t0 TCP 127.0.0.1:7736->127.0.0.1:45044 (ESTABLISHED)
tclsh 9096 root 225u IPv4 256486 0t0 TCP 127.0.0.1:7736->127.0.0.1:45045 (ESTABLISHED)
tclsh 9096 root 226u IPv4 254791 0t0 TCP 127.0.0.1:7736->127.0.0.1:45046 (ESTABLISHED)
tclsh 9096 root 227u IPv4 256488 0t0 TCP 127.0.0.1:7736->127.0.0.1:45047 (ESTABLISHED)
tclsh 9096 root 228u IPv4 257031 0t0 TCP 127.0.0.1:7736->127.0.0.1:45048 (ESTABLISHED)
tclsh 9096 root 229u IPv4 256489 0t0 TCP 127.0.0.1:7736->127.0.0.1:45049 (ESTABLISHED)
tclsh 9096 root 230u IPv4 255397 0t0 TCP 127.0.0.1:7736->127.0.0.1:45050 (ESTABLISHED)
tclsh 9096 root 231u IPv4 254793 0t0 TCP 127.0.0.1:7736->127.0.0.1:45051 (ESTABLISHED)
tclsh 9096 root 232u IPv4 256491 0t0 TCP 127.0.0.1:7736->127.0.0.1:45052 (ESTABLISHED)
tclsh 9096 root 233u IPv4 255399 0t0 TCP 127.0.0.1:7736->127.0.0.1:45053 (ESTABLISHED)
tclsh 9096 root 234u IPv4 256492 0t0 TCP 127.0.0.1:7736->127.0.0.1:45054 (ESTABLISHED)
tclsh 9096 root 235u IPv4 255401 0t0 TCP 127.0.0.1:7736->127.0.0.1:45055 (ESTABLISHED)
tclsh 9096 root 236u IPv4 257035 0t0 TCP 127.0.0.1:7736->127.0.0.1:45056 (ESTABLISHED)
tclsh 9096 root 237u IPv4 255403 0t0 TCP 127.0.0.1:7736->127.0.0.1:45057 (ESTABLISHED)
tclsh 9096 root 238u IPv4 256494 0t0 TCP 127.0.0.1:7736->127.0.0.1:45058 (ESTABLISHED)
tclsh 9096 root 239u IPv4 257037 0t0 TCP 127.0.0.1:7736->127.0.0.1:45059 (ESTABLISHED)
tclsh 9096 root 240u IPv4 257038 0t0 TCP 127.0.0.1:7736->127.0.0.1:45060 (ESTABLISHED)
tclsh 9096 root 241u IPv4 255406 0t0 TCP 127.0.0.1:7736->127.0.0.1:45061 (ESTABLISHED)
tclsh 9096 root 242u IPv4 254795 0t0 TCP 127.0.0.1:7736->127.0.0.1:45062 (ESTABLISHED)
tclsh 9096 root 243u IPv4 256496 0t0 TCP 127.0.0.1:7736->127.0.0.1:45063 (ESTABLISHED)
tclsh 9096 root 244u IPv4 257040 0t0 TCP 127.0.0.1:7736->127.0.0.1:45064 (ESTABLISHED)
tclsh 9096 root 245u IPv4 256497 0t0 TCP 127.0.0.1:7736->127.0.0.1:45065 (ESTABLISHED)
tclsh 9096 root 246u IPv4 257042 0t0 TCP 127.0.0.1:7736->127.0.0.1:45066 (ESTABLISHED)
tclsh 9096 root 247u IPv4 257043 0t0 TCP 127.0.0.1:7736->127.0.0.1:45067 (ESTABLISHED)
tclsh 9096 root 248u IPv4 255408 0t0 TCP 127.0.0.1:7736->127.0.0.1:45068 (ESTABLISHED)
tclsh 9096 root 249u IPv4 256500 0t0 TCP 127.0.0.1:7736->127.0.0.1:45069 (ESTABLISHED)
tclsh 9096 root 250u IPv4 256501 0t0 TCP 127.0.0.1:7736->127.0.0.1:45070 (ESTABLISHED)
tclsh 9096 root 251u IPv4 255409 0t0 TCP 127.0.0.1:7736->127.0.0.1:45071 (ESTABLISHED)
tclsh 9096 root 252u IPv4 255410 0t0 TCP 127.0.0.1:7736->127.0.0.1:45072 (ESTABLISHED)
tclsh 9096 root 253u IPv4 256503 0t0 TCP 127.0.0.1:7736->127.0.0.1:45073 (ESTABLISHED)
tclsh 9096 root 254u IPv4 254801 0t0 TCP 127.0.0.1:7736->127.0.0.1:45074 (ESTABLISHED)
tclsh 9096 root 255u IPv4 254802 0t0 TCP 127.0.0.1:7736->127.0.0.1:45075 (ESTABLISHED)
tclsh 9096 root 256u IPv4 254803 0t0 TCP 127.0.0.1:7736->127.0.0.1:45076 (ESTABLISHED)
tclsh 9096 root 257u IPv4 256508 0t0 TCP 127.0.0.1:7736->127.0.0.1:45077 (ESTABLISHED)
tclsh 9096 root 258u IPv4 256509 0t0 TCP 127.0.0.1:7736->127.0.0.1:45078 (ESTABLISHED)
tclsh 9096 root 259u IPv4 255412 0t0 TCP 127.0.0.1:7736->127.0.0.1:45079 (ESTABLISHED)
tclsh 9096 root 260u IPv4 254804 0t0 TCP 127.0.0.1:7736->127.0.0.1:45080 (ESTABLISHED)
tclsh 9096 root 261u IPv4 255413 0t0 TCP 127.0.0.1:7736->127.0.0.1:45081 (ESTABLISHED)
tclsh 9096 root 262u IPv4 254805 0t0 TCP 127.0.0.1:7736->127.0.0.1:45082 (ESTABLISHED)
tclsh 9096 root 263u IPv4 257048 0t0 TCP 127.0.0.1:7736->127.0.0.1:45083 (ESTABLISHED)
tclsh 9096 root 264u IPv4 254806 0t0 TCP 127.0.0.1:7736->127.0.0.1:45084 (ESTABLISHED)
tclsh 9096 root 265u IPv4 255414 0t0 TCP 127.0.0.1:7736->127.0.0.1:45085 (ESTABLISHED)
tclsh 9096 root 266u IPv4 256514 0t0 TCP 127.0.0.1:7736->127.0.0.1:45086 (ESTABLISHED)
tclsh 9096 root 267u IPv4 254809 0t0 TCP 127.0.0.1:7736->127.0.0.1:45087 (ESTABLISHED)
tclsh 9096 root 268u IPv4 256515 0t0 TCP 127.0.0.1:7736->127.0.0.1:45088 (ESTABLISHED)
tclsh 9096 root 269u IPv4 254810 0t0 TCP 127.0.0.1:7736->127.0.0.1:45089 (ESTABLISHED)
tclsh 9096 root 270u IPv4 257050 0t0 TCP 127.0.0.1:7736->127.0.0.1:45090 (ESTABLISHED)
tclsh 9096 root 271u IPv4 254812 0t0 TCP 127.0.0.1:7736->127.0.0.1:45091 (ESTABLISHED)
tclsh 9096 root 272u IPv4 254813 0t0 TCP 127.0.0.1:7736->127.0.0.1:45092 (ESTABLISHED)
tclsh 9096 root 273u IPv4 256518 0t0 TCP 127.0.0.1:7736->127.0.0.1:45093 (ESTABLISHED)
tclsh 9096 root 274u IPv4 256519 0t0 TCP 127.0.0.1:7736->127.0.0.1:45094 (ESTABLISHED)
tclsh 9096 root 275u IPv4 254815 0t0 TCP 127.0.0.1:7736->127.0.0.1:45095 (ESTABLISHED)
tclsh 9096 root 276u IPv4 255416 0t0 TCP 127.0.0.1:7736->127.0.0.1:45096 (ESTABLISHED)
tclsh 9096 root 277u IPv4 257053 0t0 TCP 127.0.0.1:7736->127.0.0.1:45097 (ESTABLISHED)
tclsh 9096 root 278u IPv4 257054 0t0 TCP 127.0.0.1:7736->127.0.0.1:45098 (ESTABLISHED)
tclsh 9096 root 279u IPv4 256521 0t0 TCP 127.0.0.1:7736->127.0.0.1:45099 (ESTABLISHED)
tclsh 9096 root 280u IPv4 257055 0t0 TCP 127.0.0.1:7736->127.0.0.1:45100 (ESTABLISHED)
tclsh 9096 root 281u IPv4 256522 0t0 TCP 127.0.0.1:7736->127.0.0.1:45101 (ESTABLISHED)
tclsh 9096 root 282u IPv4 256523 0t0 TCP 127.0.0.1:7736->127.0.0.1:45102 (ESTABLISHED)
tclsh 9096 root 283u IPv4 256524 0t0 TCP 127.0.0.1:7736->127.0.0.1:45103 (ESTABLISHED)
tclsh 9096 root 284u IPv4 257056 0t0 TCP 127.0.0.1:7736->127.0.0.1:45104 (ESTABLISHED)
tclsh 9096 root 285u IPv4 257057 0t0 TCP 127.0.0.1:7736->127.0.0.1:45105 (ESTABLISHED)
tclsh 9096 root 286u IPv4 256525 0t0 TCP 127.0.0.1:7736->127.0.0.1:45106 (ESTABLISHED)
tclsh 9096 root 287u IPv4 254822 0t0 TCP 127.0.0.1:7736->127.0.0.1:45107 (ESTABLISHED)
tclsh 9096 root 288u IPv4 254823 0t0 TCP 127.0.0.1:7736->127.0.0.1:45108 (ESTABLISHED)
tclsh 9096 root 289u IPv4 257059 0t0 TCP 127.0.0.1:7736->127.0.0.1:45109 (ESTABLISHED)
tclsh 9096 root 290u IPv4 256528 0t0 TCP 127.0.0.1:7736->127.0.0.1:45110 (ESTABLISHED)
tclsh 9096 root 291u IPv4 257060 0t0 TCP 127.0.0.1:7736->127.0.0.1:45111 (ESTABLISHED)
tclsh 9096 root 292u IPv4 255423 0t0 TCP 127.0.0.1:7736->127.0.0.1:45112 (ESTABLISHED)
tclsh 9096 root 293u IPv4 256530 0t0 TCP 127.0.0.1:7736->127.0.0.1:45113 (ESTABLISHED)
tclsh 9096 root 294u IPv4 254824 0t0 TCP 127.0.0.1:7736->127.0.0.1:45114 (ESTABLISHED)
tclsh 9096 root 295u IPv4 255424 0t0 TCP 127.0.0.1:7736->127.0.0.1:45115 (ESTABLISHED)
tclsh 9096 root 296u IPv4 256532 0t0 TCP 127.0.0.1:7736->127.0.0.1:45116 (ESTABLISHED)
tclsh 9096 root 297u IPv4 257063 0t0 TCP 127.0.0.1:7736->127.0.0.1:45117 (ESTABLISHED)
tclsh 9096 root 298u IPv4 254825 0t0 TCP 127.0.0.1:7736->127.0.0.1:45118 (ESTABLISHED)
tclsh 9096 root 299u IPv4 256535 0t0 TCP 127.0.0.1:7736->127.0.0.1:45119 (ESTABLISHED)
tclsh 9096 root 300u IPv4 257065 0t0 TCP 127.0.0.1:7736->127.0.0.1:45120 (ESTABLISHED)
tclsh 9096 root 301u IPv4 257066 0t0 TCP 127.0.0.1:7736->127.0.0.1:45121 (ESTABLISHED)
tclsh 9096 root 302u IPv4 257067 0t0 TCP 127.0.0.1:7736->127.0.0.1:45122 (ESTABLISHED)
tclsh 9096 root 303u IPv4 257068 0t0 TCP 127.0.0.1:7736->127.0.0.1:45123 (ESTABLISHED)
tclsh 9096 root 304u IPv4 257069 0t0 TCP 127.0.0.1:7736->127.0.0.1:45124 (ESTABLISHED)
tclsh 9096 root 305u IPv4 254827 0t0 TCP 127.0.0.1:7736->127.0.0.1:45125 (ESTABLISHED)
tclsh 9096 root 306u IPv4 256537 0t0 TCP 127.0.0.1:7736->127.0.0.1:45126 (ESTABLISHED)
tclsh 9096 root 307u IPv4 256539 0t0 TCP 127.0.0.1:7736->127.0.0.1:45127 (ESTABLISHED)
tclsh 9096 root 308u IPv4 256540 0t0 TCP 127.0.0.1:7736->127.0.0.1:45128 (ESTABLISHED)
tclsh 9096 root 309u IPv4 255431 0t0 TCP 127.0.0.1:7736->127.0.0.1:45129 (ESTABLISHED)
tclsh 9096 root 310u IPv4 256541 0t0 TCP 127.0.0.1:7736->127.0.0.1:45130 (ESTABLISHED)
tclsh 9096 root 311u IPv4 255432 0t0 TCP 127.0.0.1:7736->127.0.0.1:45131 (ESTABLISHED)
tclsh 9096 root 312u IPv4 257072 0t0 TCP 127.0.0.1:7736->127.0.0.1:45132 (ESTABLISHED)
tclsh 9096 root 313u IPv4 255434 0t0 TCP 127.0.0.1:7736->127.0.0.1:45133 (ESTABLISHED)
tclsh 9096 root 314u IPv4 255435 0t0 TCP 127.0.0.1:7736->127.0.0.1:45134 (ESTABLISHED)
tclsh 9096 root 315u IPv4 254831 0t0 TCP 127.0.0.1:7736->127.0.0.1:45135 (ESTABLISHED)
tclsh 9096 root 316u IPv4 254832 0t0 TCP 127.0.0.1:7736->127.0.0.1:45136 (ESTABLISHED)
tclsh 9096 root 317u IPv4 255436 0t0 TCP 127.0.0.1:7736->127.0.0.1:45137 (ESTABLISHED)
tclsh 9096 root 318u IPv4 256546 0t0 TCP 127.0.0.1:7736->127.0.0.1:45138 (ESTABLISHED)
tclsh 9096 root 319u IPv4 255438 0t0 TCP 127.0.0.1:7736->127.0.0.1:45139 (ESTABLISHED)
tclsh 9096 root 320u IPv4 254833 0t0 TCP 127.0.0.1:7736->127.0.0.1:45140 (ESTABLISHED)
tclsh 9096 root 321u IPv4 254835 0t0 TCP 127.0.0.1:7736->127.0.0.1:45141 (ESTABLISHED)
tclsh 9096 root 322u IPv4 256549 0t0 TCP 127.0.0.1:7736->127.0.0.1:45142 (ESTABLISHED)
tclsh 9096 root 323u IPv4 254837 0t0 TCP 127.0.0.1:7736->127.0.0.1:45143 (ESTABLISHED)
tclsh 9096 root 324u IPv4 254838 0t0 TCP 127.0.0.1:7736->127.0.0.1:45144 (ESTABLISHED)
tclsh 9096 root 325u IPv4 257073 0t0 TCP 127.0.0.1:7736->127.0.0.1:45145 (ESTABLISHED)
tclsh 9096 root 326u IPv4 256551 0t0 TCP 127.0.0.1:7736->127.0.0.1:45146 (ESTABLISHED)
tclsh 9096 root 327u IPv4 257074 0t0 TCP 127.0.0.1:7736->127.0.0.1:45147 (ESTABLISHED)
tclsh 9096 root 328u IPv4 257075 0t0 TCP 127.0.0.1:7736->127.0.0.1:45148 (ESTABLISHED)
tclsh 9096 root 329u IPv4 256553 0t0 TCP 127.0.0.1:7736->127.0.0.1:45149 (ESTABLISHED)
tclsh 9096 root 330u IPv4 254840 0t0 TCP 127.0.0.1:7736->127.0.0.1:45150 (ESTABLISHED)
tclsh 9096 root 331u IPv4 257076 0t0 TCP 127.0.0.1:7736->127.0.0.1:45151 (ESTABLISHED)
tclsh 9096 root 332u IPv4 255443 0t0 TCP 127.0.0.1:7736->127.0.0.1:45152 (ESTABLISHED)
tclsh 9096 root 333u IPv4 255444 0t0 TCP 127.0.0.1:7736->127.0.0.1:45153 (ESTABLISHED)
tclsh 9096 root 334u IPv4 254841 0t0 TCP 127.0.0.1:7736->127.0.0.1:45154 (ESTABLISHED)
tclsh 9096 root 335u IPv4 257078 0t0 TCP 127.0.0.1:7736->127.0.0.1:45155 (ESTABLISHED)
tclsh 9096 root 336u IPv4 256558 0t0 TCP 127.0.0.1:7736->127.0.0.1:45156 (ESTABLISHED)
tclsh 9096 root 337u IPv4 255446 0t0 TCP 127.0.0.1:7736->127.0.0.1:45157 (ESTABLISHED)
tclsh 9096 root 338u IPv4 254844 0t0 TCP 127.0.0.1:7736->127.0.0.1:45158 (ESTABLISHED)
tclsh 9096 root 339u IPv4 255447 0t0 TCP 127.0.0.1:7736->127.0.0.1:45159 (ESTABLISHED)
tclsh 9096 root 340u IPv4 257080 0t0 TCP 127.0.0.1:7736->127.0.0.1:45160 (ESTABLISHED)
tclsh 9096 root 341u IPv4 256561 0t0 TCP 127.0.0.1:7736->127.0.0.1:45161 (ESTABLISHED)
tclsh 9096 root 342u IPv4 256562 0t0 TCP 127.0.0.1:7736->127.0.0.1:45162 (ESTABLISHED)
tclsh 9096 root 343u IPv4 255449 0t0 TCP 127.0.0.1:7736->127.0.0.1:45163 (ESTABLISHED)
tclsh 9096 root 344u IPv4 255450 0t0 TCP 127.0.0.1:7736->127.0.0.1:45164 (ESTABLISHED)
tclsh 9096 root 345u IPv4 254848 0t0 TCP 127.0.0.1:7736->127.0.0.1:45165 (ESTABLISHED)
tclsh 9096 root 346u IPv4 254849 0t0 TCP 127.0.0.1:7736->127.0.0.1:45166 (ESTABLISHED)
tclsh 9096 root 347u IPv4 256565 0t0 TCP 127.0.0.1:7736->127.0.0.1:45167 (ESTABLISHED)
tclsh 9096 root 348u IPv4 254850 0t0 TCP 127.0.0.1:7736->127.0.0.1:45168 (ESTABLISHED)
tclsh 9096 root 349u IPv4 256567 0t0 TCP 127.0.0.1:7736->127.0.0.1:45169 (ESTABLISHED)
tclsh 9096 root 350u IPv4 254852 0t0 TCP 127.0.0.1:7736->127.0.0.1:45170 (ESTABLISHED)
tclsh 9096 root 351u IPv4 254853 0t0 TCP 127.0.0.1:7736->127.0.0.1:45171 (ESTABLISHED)
tclsh 9096 root 352u IPv4 256569 0t0 TCP 127.0.0.1:7736->127.0.0.1:45172 (ESTABLISHED)
tclsh 9096 root 353u IPv4 256570 0t0 TCP 127.0.0.1:7736->127.0.0.1:45173 (ESTABLISHED)
tclsh 9096 root 354u IPv4 256571 0t0 TCP 127.0.0.1:7736->127.0.0.1:45174 (ESTABLISHED)
tclsh 9096 root 355u IPv4 255451 0t0 TCP 127.0.0.1:7736->127.0.0.1:45175 (ESTABLISHED)
tclsh 9096 root 356u IPv4 256572 0t0 TCP 127.0.0.1:7736->127.0.0.1:45176 (ESTABLISHED)
tclsh 9096 root 357u IPv4 254858 0t0 TCP 127.0.0.1:7736->127.0.0.1:45177 (ESTABLISHED)
tclsh 9096 root 358u IPv4 254859 0t0 TCP 127.0.0.1:7736->127.0.0.1:45178 (ESTABLISHED)
tclsh 9096 root 359u IPv4 254860 0t0 TCP 127.0.0.1:7736->127.0.0.1:45179 (ESTABLISHED)
tclsh 9096 root 360u IPv4 256573 0t0 TCP 127.0.0.1:7736->127.0.0.1:45180 (ESTABLISHED)
tclsh 9096 root 361u IPv4 254862 0t0 TCP 127.0.0.1:7736->127.0.0.1:45181 (ESTABLISHED)
tclsh 9096 root 362u IPv4 255455 0t0 TCP 127.0.0.1:7736->127.0.0.1:45182 (ESTABLISHED)
tclsh 9096 root 363u IPv4 255457 0t0 TCP 127.0.0.1:7736->127.0.0.1:45183 (ESTABLISHED)
tclsh 9096 root 364u IPv4 256575 0t0 TCP 127.0.0.1:7736->127.0.0.1:45184 (ESTABLISHED)
tclsh 9096 root 365u IPv4 255458 0t0 TCP 127.0.0.1:7736->127.0.0.1:45185 (ESTABLISHED)
tclsh 9096 root 366u IPv4 257086 0t0 TCP 127.0.0.1:7736->127.0.0.1:45186 (ESTABLISHED)
tclsh 9096 root 367u IPv4 257087 0t0 TCP 127.0.0.1:7736->127.0.0.1:45187 (ESTABLISHED)
tclsh 9096 root 368u IPv4 257088 0t0 TCP 127.0.0.1:7736->127.0.0.1:45188 (ESTABLISHED)
tclsh 9096 root 369u IPv4 257089 0t0 TCP 127.0.0.1:7736->127.0.0.1:45189 (ESTABLISHED)
tclsh 9096 root 370u IPv4 255463 0t0 TCP 127.0.0.1:7736->127.0.0.1:45190 (ESTABLISHED)
tclsh 9096 root 371u IPv4 255464 0t0 TCP 127.0.0.1:7736->127.0.0.1:45191 (ESTABLISHED)
tclsh 9096 root 372u IPv4 255465 0t0 TCP 127.0.0.1:7736->127.0.0.1:45192 (ESTABLISHED)
tclsh 9096 root 373u IPv4 255466 0t0 TCP 127.0.0.1:7736->127.0.0.1:45193 (ESTABLISHED)
tclsh 9096 root 374u IPv4 256578 0t0 TCP 127.0.0.1:7736->127.0.0.1:45194 (ESTABLISHED)
tclsh 9096 root 375u IPv4 257094 0t0 TCP 127.0.0.1:7736->127.0.0.1:45195 (ESTABLISHED)
tclsh 9096 root 376u IPv4 256579 0t0 TCP 127.0.0.1:7736->127.0.0.1:45196 (ESTABLISHED)
tclsh 9096 root 377u IPv4 257095 0t0 TCP 127.0.0.1:7736->127.0.0.1:45197 (ESTABLISHED)
tclsh 9096 root 378u IPv4 256580 0t0 TCP 127.0.0.1:7736->127.0.0.1:45198 (ESTABLISHED)
tclsh 9096 root 379u IPv4 255470 0t0 TCP 127.0.0.1:7736->127.0.0.1:45199 (ESTABLISHED)
tclsh 9096 root 380u IPv4 256582 0t0 TCP 127.0.0.1:7736->127.0.0.1:45200 (ESTABLISHED)
tclsh 9096 root 381u IPv4 255471 0t0 TCP 127.0.0.1:7736->127.0.0.1:45201 (ESTABLISHED)
tclsh 9096 root 382u IPv4 257096 0t0 TCP 127.0.0.1:7736->127.0.0.1:45202 (ESTABLISHED)
tclsh 9096 root 383u IPv4 254868 0t0 TCP 127.0.0.1:7736->127.0.0.1:45203 (ESTABLISHED)
tclsh 9096 root 384u IPv4 257097 0t0 TCP 127.0.0.1:7736->127.0.0.1:45204 (ESTABLISHED)
tclsh 9096 root 385u IPv4 255473 0t0 TCP 127.0.0.1:7736->127.0.0.1:45205 (ESTABLISHED)
tclsh 9096 root 386u IPv4 254869 0t0 TCP 127.0.0.1:7736->127.0.0.1:45206 (ESTABLISHED)
tclsh 9096 root 387u IPv4 254870 0t0 TCP 127.0.0.1:7736->127.0.0.1:45207 (ESTABLISHED)
tclsh 9096 root 388u IPv4 255474 0t0 TCP 127.0.0.1:7736->127.0.0.1:45208 (ESTABLISHED)
tclsh 9096 root 389u IPv4 255475 0t0 TCP 127.0.0.1:7736->127.0.0.1:45209 (ESTABLISHED)
tclsh 9096 root 390u IPv4 254871 0t0 TCP 127.0.0.1:7736->127.0.0.1:45210 (ESTABLISHED)
tclsh 9096 root 391u IPv4 256590 0t0 TCP 127.0.0.1:7736->127.0.0.1:45211 (ESTABLISHED)
tclsh 9096 root 392u IPv4 257098 0t0 TCP 127.0.0.1:7736->127.0.0.1:45212 (ESTABLISHED)
tclsh 9096 root 393u IPv4 255477 0t0 TCP 127.0.0.1:7736->127.0.0.1:45213 (ESTABLISHED)
tclsh 9096 root 394u IPv4 254873 0t0 TCP 127.0.0.1:7736->127.0.0.1:45214 (ESTABLISHED)
tclsh 9096 root 395u IPv4 255478 0t0 TCP 127.0.0.1:7736->127.0.0.1:45215 (ESTABLISHED)
tclsh 9096 root 396u IPv4 254874 0t0 TCP 127.0.0.1:7736->127.0.0.1:45216 (ESTABLISHED)
tclsh 9096 root 397u IPv4 255479 0t0 TCP 127.0.0.1:7736->127.0.0.1:45217 (ESTABLISHED)
tclsh 9096 root 398u IPv4 254875 0t0 TCP 127.0.0.1:7736->127.0.0.1:45218 (ESTABLISHED)
tclsh 9096 root 399u IPv4 254876 0t0 TCP 127.0.0.1:7736->127.0.0.1:45219 (ESTABLISHED)
tclsh 9096 root 400u IPv4 255480 0t0 TCP 127.0.0.1:7736->127.0.0.1:45220 (ESTABLISHED)
tclsh 9096 root 401u IPv4 254878 0t0 TCP 127.0.0.1:7736->127.0.0.1:45221 (ESTABLISHED)
tclsh 9096 root 402u IPv4 255482 0t0 TCP 127.0.0.1:7736->127.0.0.1:45222 (ESTABLISHED)
tclsh 9096 root 403u IPv4 255483 0t0 TCP 127.0.0.1:7736->127.0.0.1:45223 (ESTABLISHED)
tclsh 9096 root 404u IPv4 255484 0t0 TCP 127.0.0.1:7736->127.0.0.1:45224 (ESTABLISHED)
tclsh 9096 root 405u IPv4 255485 0t0 TCP 127.0.0.1:7736->127.0.0.1:45225 (ESTABLISHED)
tclsh 9096 root 406u IPv4 254879 0t0 TCP 127.0.0.1:7736->127.0.0.1:45226 (ESTABLISHED)
tclsh 9096 root 407u IPv4 255486 0t0 TCP 127.0.0.1:7736->127.0.0.1:45227 (ESTABLISHED)
tclsh 9096 root 408u IPv4 255487 0t0 TCP 127.0.0.1:7736->127.0.0.1:45228 (ESTABLISHED)
tclsh 9096 root 409u IPv4 256598 0t0 TCP 127.0.0.1:7736->127.0.0.1:45229 (ESTABLISHED)
tclsh 9096 root 410u IPv4 256599 0t0 TCP 127.0.0.1:7736->127.0.0.1:45230 (ESTABLISHED)
tclsh 9096 root 411u IPv4 256600 0t0 TCP 127.0.0.1:7736->127.0.0.1:45231 (ESTABLISHED)
tclsh 9096 root 412u IPv4 254882 0t0 TCP 127.0.0.1:7736->127.0.0.1:45232 (ESTABLISHED)
tclsh 9096 root 413u IPv4 255490 0t0 TCP 127.0.0.1:7736->127.0.0.1:45233 (ESTABLISHED)
tclsh 9096 root 414u IPv4 256601 0t0 TCP 127.0.0.1:7736->127.0.0.1:45234 (ESTABLISHED)
tclsh 9096 root 415u IPv4 254883 0t0 TCP 127.0.0.1:7736->127.0.0.1:45235 (ESTABLISHED)
tclsh 9096 root 416u IPv4 256602 0t0 TCP 127.0.0.1:7736->127.0.0.1:45236 (ESTABLISHED)
tclsh 9096 root 417u IPv4 256603 0t0 TCP 127.0.0.1:7736->127.0.0.1:45237 (ESTABLISHED)
tclsh 9096 root 418u IPv4 254885 0t0 TCP 127.0.0.1:7736->127.0.0.1:45238 (ESTABLISHED)
tclsh 9096 root 419u IPv4 257110 0t0 TCP 127.0.0.1:7736->127.0.0.1:45239 (ESTABLISHED)
tclsh 9096 root 420u IPv4 254886 0t0 TCP 127.0.0.1:7736->127.0.0.1:45240 (ESTABLISHED)
tclsh 9319 root 3u IPv4 253240 0t0 TCP 127.0.0.1:44718->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 7u IPv4 255283 0t0 TCP 127.0.0.1:44842->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 8u IPv4 254700 0t0 TCP 127.0.0.1:44846->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 9u IPv4 253858 0t0 TCP 127.0.0.1:44848->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 10u IPv4 253860 0t0 TCP 127.0.0.1:44850->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 11u IPv4 256390 0t0 TCP 127.0.0.1:44852->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 12u IPv4 255286 0t0 TCP 127.0.0.1:44853->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 13u IPv4 253864 0t0 TCP 127.0.0.1:44855->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 14u IPv4 255289 0t0 TCP 127.0.0.1:44857->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 15u IPv4 256393 0t0 TCP 127.0.0.1:44859->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 16u IPv4 256394 0t0 TCP 127.0.0.1:44861->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 17u IPv4 255294 0t0 TCP 127.0.0.1:44863->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 18u IPv4 254706 0t0 TCP 127.0.0.1:44866->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 19u IPv4 254707 0t0 TCP 127.0.0.1:44868->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 20u IPv4 254708 0t0 TCP 127.0.0.1:44870->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 21u IPv4 255296 0t0 TCP 127.0.0.1:44872->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 22u IPv4 256403 0t0 TCP 127.0.0.1:44874->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 23u IPv4 253876 0t0 TCP 127.0.0.1:44876->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 24u IPv4 256406 0t0 TCP 127.0.0.1:44878->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 25u IPv4 255299 0t0 TCP 127.0.0.1:44880->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 26u IPv4 256407 0t0 TCP 127.0.0.1:44882->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 27u IPv4 254714 0t0 TCP 127.0.0.1:44884->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 28u IPv4 256411 0t0 TCP 127.0.0.1:44886->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 29u IPv4 255302 0t0 TCP 127.0.0.1:44888->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 30u IPv4 256412 0t0 TCP 127.0.0.1:44890->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 31u IPv4 256413 0t0 TCP 127.0.0.1:44892->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 32u IPv4 253886 0t0 TCP 127.0.0.1:44894->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 33u IPv4 254720 0t0 TCP 127.0.0.1:44896->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 34u IPv4 253887 0t0 TCP 127.0.0.1:44898->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 35u IPv4 256419 0t0 TCP 127.0.0.1:44901->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 36u IPv4 255311 0t0 TCP 127.0.0.1:44903->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 37u IPv4 255312 0t0 TCP 127.0.0.1:44905->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 38u IPv4 254725 0t0 TCP 127.0.0.1:44907->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 39u IPv4 256423 0t0 TCP 127.0.0.1:44909->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 40u IPv4 254729 0t0 TCP 127.0.0.1:44911->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 41u IPv4 255317 0t0 TCP 127.0.0.1:44913->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 42u IPv4 255318 0t0 TCP 127.0.0.1:44916->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 43u IPv4 254731 0t0 TCP 127.0.0.1:44918->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 44u IPv4 254733 0t0 TCP 127.0.0.1:44920->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 45u IPv4 256428 0t0 TCP 127.0.0.1:44922->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 46u IPv4 255322 0t0 TCP 127.0.0.1:44924->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 47u IPv4 254734 0t0 TCP 127.0.0.1:44926->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 48u IPv4 255323 0t0 TCP 127.0.0.1:44928->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 49u IPv4 253905 0t0 TCP 127.0.0.1:44930->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 50u IPv4 253908 0t0 TCP 127.0.0.1:44933->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 51u IPv4 254738 0t0 TCP 127.0.0.1:44935->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 52u IPv4 255328 0t0 TCP 127.0.0.1:44937->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 53u IPv4 253912 0t0 TCP 127.0.0.1:44940->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 54u IPv4 256437 0t0 TCP 127.0.0.1:44942->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 55u IPv4 255332 0t0 TCP 127.0.0.1:44944->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 56u IPv4 255333 0t0 TCP 127.0.0.1:44946->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 57u IPv4 256439 0t0 TCP 127.0.0.1:44948->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 58u IPv4 253915 0t0 TCP 127.0.0.1:44950->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 59u IPv4 254745 0t0 TCP 127.0.0.1:44952->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 60u IPv4 253920 0t0 TCP 127.0.0.1:44954->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 61u IPv4 253921 0t0 TCP 127.0.0.1:44955->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 62u IPv4 255340 0t0 TCP 127.0.0.1:44956->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 63u IPv4 255341 0t0 TCP 127.0.0.1:44957->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 64u IPv4 255343 0t0 TCP 127.0.0.1:44958->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 65u IPv4 253923 0t0 TCP 127.0.0.1:44959->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 66u IPv4 255346 0t0 TCP 127.0.0.1:44960->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 67u IPv4 255347 0t0 TCP 127.0.0.1:44961->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 68u IPv4 255348 0t0 TCP 127.0.0.1:44962->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 69u IPv4 256443 0t0 TCP 127.0.0.1:44963->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 70u IPv4 254749 0t0 TCP 127.0.0.1:44964->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 71u IPv4 254750 0t0 TCP 127.0.0.1:44965->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 72u IPv4 253926 0t0 TCP 127.0.0.1:44966->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 73u IPv4 256445 0t0 TCP 127.0.0.1:44967->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 74u IPv4 256446 0t0 TCP 127.0.0.1:44968->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 75u IPv4 254753 0t0 TCP 127.0.0.1:44969->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 76u IPv4 255351 0t0 TCP 127.0.0.1:44970->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 77u IPv4 256447 0t0 TCP 127.0.0.1:44971->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 78u IPv4 253928 0t0 TCP 127.0.0.1:44972->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 79u IPv4 253930 0t0 TCP 127.0.0.1:44973->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 80u IPv4 254755 0t0 TCP 127.0.0.1:44974->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 81u IPv4 253932 0t0 TCP 127.0.0.1:44975->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 82u IPv4 253933 0t0 TCP 127.0.0.1:44976->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 83u IPv4 253934 0t0 TCP 127.0.0.1:44977->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 84u IPv4 254757 0t0 TCP 127.0.0.1:44978->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 85u IPv4 254758 0t0 TCP 127.0.0.1:44979->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 86u IPv4 255355 0t0 TCP 127.0.0.1:44980->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 87u IPv4 256450 0t0 TCP 127.0.0.1:44981->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 88u IPv4 254761 0t0 TCP 127.0.0.1:44982->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 89u IPv4 254762 0t0 TCP 127.0.0.1:44983->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 90u IPv4 256452 0t0 TCP 127.0.0.1:44984->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 91u IPv4 255356 0t0 TCP 127.0.0.1:44985->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 92u IPv4 254764 0t0 TCP 127.0.0.1:44986->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 93u IPv4 256454 0t0 TCP 127.0.0.1:44987->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 94u IPv4 253937 0t0 TCP 127.0.0.1:44988->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 95u IPv4 255359 0t0 TCP 127.0.0.1:44989->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 96u IPv4 253938 0t0 TCP 127.0.0.1:44990->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 97u IPv4 255361 0t0 TCP 127.0.0.1:44991->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 98u IPv4 256456 0t0 TCP 127.0.0.1:44992->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 99u IPv4 254767 0t0 TCP 127.0.0.1:44993->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 100u IPv4 256457 0t0 TCP 127.0.0.1:44994->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 101u IPv4 253940 0t0 TCP 127.0.0.1:44995->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 102u IPv4 253941 0t0 TCP 127.0.0.1:44996->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 103u IPv4 254769 0t0 TCP 127.0.0.1:44997->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 104u IPv4 256458 0t0 TCP 127.0.0.1:44998->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 105u IPv4 253942 0t0 TCP 127.0.0.1:44999->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 106u IPv4 253943 0t0 TCP 127.0.0.1:45000->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 107u IPv4 255368 0t0 TCP 127.0.0.1:45001->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 108u IPv4 256459 0t0 TCP 127.0.0.1:45002->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 109u IPv4 255370 0t0 TCP 127.0.0.1:45003->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 110u IPv4 255371 0t0 TCP 127.0.0.1:45004->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 111u IPv4 253945 0t0 TCP 127.0.0.1:45005->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 112u IPv4 255372 0t0 TCP 127.0.0.1:45006->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 113u IPv4 256463 0t0 TCP 127.0.0.1:45007->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 114u IPv4 256464 0t0 TCP 127.0.0.1:45008->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 115u IPv4 253947 0t0 TCP 127.0.0.1:45009->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 116u IPv4 254773 0t0 TCP 127.0.0.1:45010->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 117u IPv4 255374 0t0 TCP 127.0.0.1:45011->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 118u IPv4 255375 0t0 TCP 127.0.0.1:45012->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 119u IPv4 255376 0t0 TCP 127.0.0.1:45013->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 120u IPv4 253949 0t0 TCP 127.0.0.1:45014->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 121u IPv4 255378 0t0 TCP 127.0.0.1:45015->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 122u IPv4 256469 0t0 TCP 127.0.0.1:45016->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 123u IPv4 255379 0t0 TCP 127.0.0.1:45017->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 124u IPv4 254775 0t0 TCP 127.0.0.1:45018->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 125u IPv4 255380 0t0 TCP 127.0.0.1:45019->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 126u IPv4 255381 0t0 TCP 127.0.0.1:45020->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 127u IPv4 255382 0t0 TCP 127.0.0.1:45021->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 128u IPv4 255383 0t0 TCP 127.0.0.1:45022->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 129u IPv4 256475 0t0 TCP 127.0.0.1:45023->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 130u IPv4 253950 0t0 TCP 127.0.0.1:45024->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 131u IPv4 254777 0t0 TCP 127.0.0.1:45025->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 132u IPv4 254778 0t0 TCP 127.0.0.1:45026->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 133u IPv4 254779 0t0 TCP 127.0.0.1:45027->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 134u IPv4 256479 0t0 TCP 127.0.0.1:45028->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 135u IPv4 253952 0t0 TCP 127.0.0.1:45029->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 136u IPv4 254781 0t0 TCP 127.0.0.1:45030->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 137u IPv4 256480 0t0 TCP 127.0.0.1:45031->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 138u IPv4 255386 0t0 TCP 127.0.0.1:45032->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 139u IPv4 254784 0t0 TCP 127.0.0.1:45033->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 140u IPv4 255387 0t0 TCP 127.0.0.1:45034->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 141u IPv4 255388 0t0 TCP 127.0.0.1:45035->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 142u IPv4 256482 0t0 TCP 127.0.0.1:45036->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 143u IPv4 257027 0t0 TCP 127.0.0.1:45037->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 144u IPv4 257028 0t0 TCP 127.0.0.1:45038->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 145u IPv4 255392 0t0 TCP 127.0.0.1:45039->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 146u IPv4 257029 0t0 TCP 127.0.0.1:45040->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 147u IPv4 255393 0t0 TCP 127.0.0.1:45041->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 148u IPv4 256484 0t0 TCP 127.0.0.1:45042->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 149u IPv4 254788 0t0 TCP 127.0.0.1:45043->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 150u IPv4 254790 0t0 TCP 127.0.0.1:45044->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 151u IPv4 256485 0t0 TCP 127.0.0.1:45045->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 152u IPv4 256487 0t0 TCP 127.0.0.1:45046->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 153u IPv4 254792 0t0 TCP 127.0.0.1:45047->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 154u IPv4 257030 0t0 TCP 127.0.0.1:45048->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 155u IPv4 255396 0t0 TCP 127.0.0.1:45049->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 156u IPv4 257032 0t0 TCP 127.0.0.1:45050->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 157u IPv4 256490 0t0 TCP 127.0.0.1:45051->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 158u IPv4 255398 0t0 TCP 127.0.0.1:45052->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 159u IPv4 257033 0t0 TCP 127.0.0.1:45053->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 160u IPv4 255400 0t0 TCP 127.0.0.1:45054->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 161u IPv4 257034 0t0 TCP 127.0.0.1:45055->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 162u IPv4 255402 0t0 TCP 127.0.0.1:45056->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 163u IPv4 257036 0t0 TCP 127.0.0.1:45057->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 164u IPv4 256493 0t0 TCP 127.0.0.1:45058->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 165u IPv4 254794 0t0 TCP 127.0.0.1:45059->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 166u IPv4 255405 0t0 TCP 127.0.0.1:45060->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 167u IPv4 257039 0t0 TCP 127.0.0.1:45061->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 168u IPv4 256495 0t0 TCP 127.0.0.1:45062->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 169u IPv4 255407 0t0 TCP 127.0.0.1:45063->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 170u IPv4 254796 0t0 TCP 127.0.0.1:45064->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 171u IPv4 257041 0t0 TCP 127.0.0.1:45065->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 172u IPv4 254797 0t0 TCP 127.0.0.1:45066->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 173u IPv4 254798 0t0 TCP 127.0.0.1:45067->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 174u IPv4 256498 0t0 TCP 127.0.0.1:45068->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 175u IPv4 256499 0t0 TCP 127.0.0.1:45069->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 176u IPv4 254799 0t0 TCP 127.0.0.1:45070->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 177u IPv4 256502 0t0 TCP 127.0.0.1:45071->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 178u IPv4 257044 0t0 TCP 127.0.0.1:45072->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 179u IPv4 254800 0t0 TCP 127.0.0.1:45073->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 180u IPv4 256504 0t0 TCP 127.0.0.1:45074->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 181u IPv4 256505 0t0 TCP 127.0.0.1:45075->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 182u IPv4 256506 0t0 TCP 127.0.0.1:45076->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 183u IPv4 256507 0t0 TCP 127.0.0.1:45077->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 184u IPv4 255411 0t0 TCP 127.0.0.1:45078->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 185u IPv4 256510 0t0 TCP 127.0.0.1:45079->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 186u IPv4 256511 0t0 TCP 127.0.0.1:45080->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 187u IPv4 257045 0t0 TCP 127.0.0.1:45081->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 188u IPv4 257046 0t0 TCP 127.0.0.1:45082->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 189u IPv4 257047 0t0 TCP 127.0.0.1:45083->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 190u IPv4 256512 0t0 TCP 127.0.0.1:45084->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 191u IPv4 256513 0t0 TCP 127.0.0.1:45085->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 192u IPv4 254807 0t0 TCP 127.0.0.1:45086->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 193u IPv4 254808 0t0 TCP 127.0.0.1:45087->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 194u IPv4 257049 0t0 TCP 127.0.0.1:45088->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 195u IPv4 256516 0t0 TCP 127.0.0.1:45089->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 196u IPv4 254811 0t0 TCP 127.0.0.1:45090->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 197u IPv4 255415 0t0 TCP 127.0.0.1:45091->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 198u IPv4 257051 0t0 TCP 127.0.0.1:45092->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 199u IPv4 256517 0t0 TCP 127.0.0.1:45093->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 200u IPv4 254814 0t0 TCP 127.0.0.1:45094->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 201u IPv4 256520 0t0 TCP 127.0.0.1:45095->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 202u IPv4 257052 0t0 TCP 127.0.0.1:45096->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 203u IPv4 254816 0t0 TCP 127.0.0.1:45097->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 204u IPv4 255417 0t0 TCP 127.0.0.1:45098->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 205u IPv4 254817 0t0 TCP 127.0.0.1:45099->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 206u IPv4 255418 0t0 TCP 127.0.0.1:45100->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 207u IPv4 254818 0t0 TCP 127.0.0.1:45101->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 208u IPv4 254819 0t0 TCP 127.0.0.1:45102->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 209u IPv4 254820 0t0 TCP 127.0.0.1:45103->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 210u IPv4 254821 0t0 TCP 127.0.0.1:45104->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 211u IPv4 255419 0t0 TCP 127.0.0.1:45105->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 212u IPv4 255420 0t0 TCP 127.0.0.1:45106->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 213u IPv4 257058 0t0 TCP 127.0.0.1:45107->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 214u IPv4 256526 0t0 TCP 127.0.0.1:45108->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 215u IPv4 255421 0t0 TCP 127.0.0.1:45109->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 216u IPv4 256527 0t0 TCP 127.0.0.1:45110->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 217u IPv4 256529 0t0 TCP 127.0.0.1:45111->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 218u IPv4 255422 0t0 TCP 127.0.0.1:45112->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 219u IPv4 257061 0t0 TCP 127.0.0.1:45113->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 220u IPv4 257062 0t0 TCP 127.0.0.1:45114->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 221u IPv4 256531 0t0 TCP 127.0.0.1:45115->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 222u IPv4 255425 0t0 TCP 127.0.0.1:45116->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 223u IPv4 255426 0t0 TCP 127.0.0.1:45117->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 224u IPv4 256533 0t0 TCP 127.0.0.1:45118->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 225u IPv4 256534 0t0 TCP 127.0.0.1:45119->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 226u IPv4 257064 0t0 TCP 127.0.0.1:45120->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 227u IPv4 255427 0t0 TCP 127.0.0.1:45121->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 228u IPv4 255428 0t0 TCP 127.0.0.1:45122->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 229u IPv4 255429 0t0 TCP 127.0.0.1:45123->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 230u IPv4 254826 0t0 TCP 127.0.0.1:45124->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 231u IPv4 256536 0t0 TCP 127.0.0.1:45125->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 232u IPv4 254828 0t0 TCP 127.0.0.1:45126->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 233u IPv4 256538 0t0 TCP 127.0.0.1:45127->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 234u IPv4 255430 0t0 TCP 127.0.0.1:45128->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 235u IPv4 257070 0t0 TCP 127.0.0.1:45129->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 236u IPv4 254829 0t0 TCP 127.0.0.1:45130->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 237u IPv4 257071 0t0 TCP 127.0.0.1:45131->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 238u IPv4 255433 0t0 TCP 127.0.0.1:45132->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 239u IPv4 256542 0t0 TCP 127.0.0.1:45133->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 240u IPv4 256543 0t0 TCP 127.0.0.1:45134->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 241u IPv4 254830 0t0 TCP 127.0.0.1:45135->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 242u IPv4 256544 0t0 TCP 127.0.0.1:45136->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 243u IPv4 256545 0t0 TCP 127.0.0.1:45137->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 244u IPv4 255437 0t0 TCP 127.0.0.1:45138->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 245u IPv4 256547 0t0 TCP 127.0.0.1:45139->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 246u IPv4 256548 0t0 TCP 127.0.0.1:45140->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 247u IPv4 254834 0t0 TCP 127.0.0.1:45141->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 248u IPv4 254836 0t0 TCP 127.0.0.1:45142->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 249u IPv4 256550 0t0 TCP 127.0.0.1:45143->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 250u IPv4 255439 0t0 TCP 127.0.0.1:45144->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 251u IPv4 255440 0t0 TCP 127.0.0.1:45145->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 252u IPv4 254839 0t0 TCP 127.0.0.1:45146->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 253u IPv4 255441 0t0 TCP 127.0.0.1:45147->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 254u IPv4 256552 0t0 TCP 127.0.0.1:45148->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 255u IPv4 255442 0t0 TCP 127.0.0.1:45149->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 256u IPv4 256554 0t0 TCP 127.0.0.1:45150->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 257u IPv4 256555 0t0 TCP 127.0.0.1:45151->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 258u IPv4 256556 0t0 TCP 127.0.0.1:45152->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 259u IPv4 256557 0t0 TCP 127.0.0.1:45153->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 260u IPv4 257077 0t0 TCP 127.0.0.1:45154->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 261u IPv4 255445 0t0 TCP 127.0.0.1:45155->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 262u IPv4 254842 0t0 TCP 127.0.0.1:45156->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 263u IPv4 254843 0t0 TCP 127.0.0.1:45157->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 264u IPv4 257079 0t0 TCP 127.0.0.1:45158->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 265u IPv4 254845 0t0 TCP 127.0.0.1:45159->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 266u IPv4 256560 0t0 TCP 127.0.0.1:45160->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 267u IPv4 254846 0t0 TCP 127.0.0.1:45161->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 268u IPv4 255448 0t0 TCP 127.0.0.1:45162->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 269u IPv4 256563 0t0 TCP 127.0.0.1:45163->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 270u IPv4 254847 0t0 TCP 127.0.0.1:45164->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 271u IPv4 256564 0t0 TCP 127.0.0.1:45165->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 272u IPv4 257081 0t0 TCP 127.0.0.1:45166->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 273u IPv4 257082 0t0 TCP 127.0.0.1:45167->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 274u IPv4 257083 0t0 TCP 127.0.0.1:45168->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 275u IPv4 256566 0t0 TCP 127.0.0.1:45169->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 276u IPv4 254851 0t0 TCP 127.0.0.1:45170->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 277u IPv4 256568 0t0 TCP 127.0.0.1:45171->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 278u IPv4 254854 0t0 TCP 127.0.0.1:45172->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 279u IPv4 254855 0t0 TCP 127.0.0.1:45173->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 280u IPv4 254856 0t0 TCP 127.0.0.1:45174->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 281u IPv4 254857 0t0 TCP 127.0.0.1:45175->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 282u IPv4 255452 0t0 TCP 127.0.0.1:45176->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 283u IPv4 257084 0t0 TCP 127.0.0.1:45177->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 284u IPv4 255453 0t0 TCP 127.0.0.1:45178->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 285u IPv4 257085 0t0 TCP 127.0.0.1:45179->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 286u IPv4 254861 0t0 TCP 127.0.0.1:45180->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 287u IPv4 255454 0t0 TCP 127.0.0.1:45181->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 288u IPv4 256574 0t0 TCP 127.0.0.1:45182->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 289u IPv4 255456 0t0 TCP 127.0.0.1:45183->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 290u IPv4 254863 0t0 TCP 127.0.0.1:45184->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 291u IPv4 256576 0t0 TCP 127.0.0.1:45185->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 292u IPv4 255459 0t0 TCP 127.0.0.1:45186->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 293u IPv4 255460 0t0 TCP 127.0.0.1:45187->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 294u IPv4 255461 0t0 TCP 127.0.0.1:45188->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 295u IPv4 255462 0t0 TCP 127.0.0.1:45189->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 296u IPv4 257090 0t0 TCP 127.0.0.1:45190->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 297u IPv4 257091 0t0 TCP 127.0.0.1:45191->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 298u IPv4 257092 0t0 TCP 127.0.0.1:45192->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 299u IPv4 256577 0t0 TCP 127.0.0.1:45193->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 300u IPv4 257093 0t0 TCP 127.0.0.1:45194->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 301u IPv4 255467 0t0 TCP 127.0.0.1:45195->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 302u IPv4 255468 0t0 TCP 127.0.0.1:45196->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 303u IPv4 255469 0t0 TCP 127.0.0.1:45197->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 304u IPv4 254864 0t0 TCP 127.0.0.1:45198->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 305u IPv4 256581 0t0 TCP 127.0.0.1:45199->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 306u IPv4 254865 0t0 TCP 127.0.0.1:45200->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 307u IPv4 254866 0t0 TCP 127.0.0.1:45201->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 308u IPv4 254867 0t0 TCP 127.0.0.1:45202->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 309u IPv4 256583 0t0 TCP 127.0.0.1:45203->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 310u IPv4 255472 0t0 TCP 127.0.0.1:45204->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 311u IPv4 256584 0t0 TCP 127.0.0.1:45205->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 312u IPv4 256585 0t0 TCP 127.0.0.1:45206->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 313u IPv4 256586 0t0 TCP 127.0.0.1:45207->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 314u IPv4 256587 0t0 TCP 127.0.0.1:45208->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 315u IPv4 256588 0t0 TCP 127.0.0.1:45209->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 316u IPv4 256589 0t0 TCP 127.0.0.1:45210->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 317u IPv4 254872 0t0 TCP 127.0.0.1:45211->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 318u IPv4 255476 0t0 TCP 127.0.0.1:45212->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 319u IPv4 256591 0t0 TCP 127.0.0.1:45213->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 320u IPv4 257099 0t0 TCP 127.0.0.1:45214->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 321u IPv4 257100 0t0 TCP 127.0.0.1:45215->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 322u IPv4 256592 0t0 TCP 127.0.0.1:45216->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 323u IPv4 257101 0t0 TCP 127.0.0.1:45217->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 324u IPv4 256593 0t0 TCP 127.0.0.1:45218->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 325u IPv4 256594 0t0 TCP 127.0.0.1:45219->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 326u IPv4 254877 0t0 TCP 127.0.0.1:45220->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 327u IPv4 255481 0t0 TCP 127.0.0.1:45221->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 328u IPv4 257102 0t0 TCP 127.0.0.1:45222->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 329u IPv4 257103 0t0 TCP 127.0.0.1:45223->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 330u IPv4 256595 0t0 TCP 127.0.0.1:45224->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 331u IPv4 256596 0t0 TCP 127.0.0.1:45225->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 332u IPv4 257104 0t0 TCP 127.0.0.1:45226->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 333u IPv4 257105 0t0 TCP 127.0.0.1:45227->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 334u IPv4 256597 0t0 TCP 127.0.0.1:45228->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 335u IPv4 254880 0t0 TCP 127.0.0.1:45229->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 336u IPv4 255488 0t0 TCP 127.0.0.1:45230->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 337u IPv4 254881 0t0 TCP 127.0.0.1:45231->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 338u IPv4 255489 0t0 TCP 127.0.0.1:45232->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 339u IPv4 257106 0t0 TCP 127.0.0.1:45233->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 340u IPv4 255491 0t0 TCP 127.0.0.1:45234->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 341u IPv4 257107 0t0 TCP 127.0.0.1:45235->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 342u IPv4 254884 0t0 TCP 127.0.0.1:45236->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 343u IPv4 257108 0t0 TCP 127.0.0.1:45237->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 344u IPv4 257109 0t0 TCP 127.0.0.1:45238->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 345u IPv4 255492 0t0 TCP 127.0.0.1:45239->127.0.0.1:7736 (ESTABLISHED)
tclsh 9319 root 346u IPv4 257111 0t0 TCP 127.0.0.1:45240->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 3u IPv4 254018 0t0 TCP 127.0.0.1:44716->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 7u IPv4 253854 0t0 TCP 127.0.0.1:44843->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 8u IPv4 256389 0t0 TCP 127.0.0.1:44845->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 9u IPv4 253857 0t0 TCP 127.0.0.1:44847->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 10u IPv4 253859 0t0 TCP 127.0.0.1:44849->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 11u IPv4 253863 0t0 TCP 127.0.0.1:44851->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 12u IPv4 255287 0t0 TCP 127.0.0.1:44854->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 13u IPv4 255288 0t0 TCP 127.0.0.1:44856->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 14u IPv4 255290 0t0 TCP 127.0.0.1:44858->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 15u IPv4 255291 0t0 TCP 127.0.0.1:44860->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 16u IPv4 256395 0t0 TCP 127.0.0.1:44862->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 17u IPv4 254705 0t0 TCP 127.0.0.1:44864->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 18u IPv4 253869 0t0 TCP 127.0.0.1:44865->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 19u IPv4 253870 0t0 TCP 127.0.0.1:44867->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 20u IPv4 255295 0t0 TCP 127.0.0.1:44869->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 21u IPv4 253873 0t0 TCP 127.0.0.1:44871->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 22u IPv4 256402 0t0 TCP 127.0.0.1:44873->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 23u IPv4 256404 0t0 TCP 127.0.0.1:44875->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 24u IPv4 256405 0t0 TCP 127.0.0.1:44877->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 25u IPv4 253877 0t0 TCP 127.0.0.1:44879->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 26u IPv4 254713 0t0 TCP 127.0.0.1:44881->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 27u IPv4 253880 0t0 TCP 127.0.0.1:44883->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 28u IPv4 256410 0t0 TCP 127.0.0.1:44885->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 29u IPv4 253883 0t0 TCP 127.0.0.1:44887->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 30u IPv4 254715 0t0 TCP 127.0.0.1:44889->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 31u IPv4 254716 0t0 TCP 127.0.0.1:44891->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 32u IPv4 255307 0t0 TCP 127.0.0.1:44893->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 33u IPv4 256414 0t0 TCP 127.0.0.1:44895->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 34u IPv4 256415 0t0 TCP 127.0.0.1:44897->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 35u IPv4 256417 0t0 TCP 127.0.0.1:44899->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 36u IPv4 256418 0t0 TCP 127.0.0.1:44900->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 37u IPv4 254722 0t0 TCP 127.0.0.1:44902->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 38u IPv4 254723 0t0 TCP 127.0.0.1:44904->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 39u IPv4 255313 0t0 TCP 127.0.0.1:44906->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 40u IPv4 254726 0t0 TCP 127.0.0.1:44908->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 41u IPv4 254727 0t0 TCP 127.0.0.1:44910->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 42u IPv4 255316 0t0 TCP 127.0.0.1:44912->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 43u IPv4 254730 0t0 TCP 127.0.0.1:44914->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 44u IPv4 253895 0t0 TCP 127.0.0.1:44915->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 45u IPv4 256425 0t0 TCP 127.0.0.1:44917->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 46u IPv4 254732 0t0 TCP 127.0.0.1:44919->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 47u IPv4 256427 0t0 TCP 127.0.0.1:44921->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 48u IPv4 255321 0t0 TCP 127.0.0.1:44923->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 49u IPv4 253902 0t0 TCP 127.0.0.1:44925->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 50u IPv4 254735 0t0 TCP 127.0.0.1:44927->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 51u IPv4 254736 0t0 TCP 127.0.0.1:44929->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 52u IPv4 255324 0t0 TCP 127.0.0.1:44931->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 53u IPv4 255325 0t0 TCP 127.0.0.1:44932->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 54u IPv4 255327 0t0 TCP 127.0.0.1:44934->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 55u IPv4 256433 0t0 TCP 127.0.0.1:44936->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 56u IPv4 254739 0t0 TCP 127.0.0.1:44938->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 57u IPv4 254740 0t0 TCP 127.0.0.1:44939->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 58u IPv4 256436 0t0 TCP 127.0.0.1:44941->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 59u IPv4 256438 0t0 TCP 127.0.0.1:44943->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 60u IPv4 253913 0t0 TCP 127.0.0.1:44945->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 61u IPv4 253914 0t0 TCP 127.0.0.1:44947->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 62u IPv4 256440 0t0 TCP 127.0.0.1:44949->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 63u IPv4 253916 0t0 TCP 127.0.0.1:44951->127.0.0.1:7736 (ESTABLISHED)
tclsh 22937 root 64u IPv4 253919 0t0 TCP 127.0.0.1:44953->127.0.0.1:7736 (ESTABLISHED)
bro 23862 root 4u IPv4 214972 0t0 UDP 10.10.10.19:57814->10.10.10.12:53
bro 23870 root 0u IPv4 217720 0t0 TCP *:47761 (LISTEN)
bro 23870 root 1u IPv6 217721 0t0 TCP *:47761 (LISTEN)
bro 23870 root 2u IPv4 215036 0t0 TCP 10.10.10.19:47761->10.10.10.19:36872 (ESTABLISHED)
bro 23870 root 4u IPv4 214972 0t0 UDP 10.10.10.19:57814->10.10.10.12:53
bro 23870 root 8u IPv4 218180 0t0 TCP 10.10.10.19:47761->10.10.10.19:36873 (ESTABLISHED)
bro 23870 root 10u IPv4 218183 0t0 TCP 10.10.10.19:47761->10.10.10.19:36875 (ESTABLISHED)
bro 23912 root 4u IPv4 215034 0t0 UDP 10.10.10.19:49197->10.10.10.12:53
bro 23919 root 0u IPv4 215035 0t0 TCP 10.10.10.19:36872->10.10.10.19:47761 (ESTABLISHED)
bro 23919 root 1u IPv4 216734 0t0 TCP *:47762 (LISTEN)
bro 23919 root 2u IPv6 216735 0t0 TCP *:47762 (LISTEN)
bro 23919 root 4u IPv4 215034 0t0 UDP 10.10.10.19:49197->10.10.10.12:53
bro 23919 root 7u IPv4 218181 0t0 TCP 10.10.10.19:47762->10.10.10.19:48851 (ESTABLISHED)
bro 23919 root 9u IPv4 215835 0t0 TCP 10.10.10.19:47762->10.10.10.19:48853 (ESTABLISHED)
bro 23972 root 4u IPv4 215831 0t0 UDP 10.10.10.19:42216->10.10.10.12:53
bro 23973 root 4u IPv4 218173 0t0 UDP 10.10.10.19:34363->10.10.10.12:53
bro 23982 root 0u IPv4 216764 0t0 TCP 10.10.10.19:36875->10.10.10.19:47761 (ESTABLISHED)
bro 23982 root 1u IPv4 216765 0t0 TCP 10.10.10.19:48853->10.10.10.19:47762 (ESTABLISHED)
bro 23982 root 2u IPv4 216768 0t0 TCP *:47763 (LISTEN)
bro 23982 root 4u IPv4 215831 0t0 UDP 10.10.10.19:42216->10.10.10.12:53
bro 23982 root 8u IPv6 216769 0t0 TCP *:47763 (LISTEN)
bro 23983 root 0u IPv4 218179 0t0 TCP 10.10.10.19:36873->10.10.10.19:47761 (ESTABLISHED)
bro 23983 root 1u IPv4 215834 0t0 TCP 10.10.10.19:48851->10.10.10.19:47762 (ESTABLISHED)
bro 23983 root 2u IPv4 218185 0t0 TCP *:47764 (LISTEN)
bro 23983 root 4u IPv4 218173 0t0 UDP 10.10.10.19:34363->10.10.10.12:53
bro 23983 root 8u IPv6 218186 0t0 TCP *:47764 (LISTEN)
tclsh 24096 root 3u IPv4 252727 0t0 TCP 127.0.0.1:44712->127.0.0.1:7736 (ESTABLISHED)
tclsh 24134 root 3u IPv4 216939 0t0 TCP 127.0.0.1:8001 (LISTEN)
tclsh 24134 root 5u IPv4 248540 0t0 TCP 127.0.0.1:8001->127.0.0.1:44742 (ESTABLISHED)
tclsh 24134 root 7u IPv4 253237 0t0 TCP 127.0.0.1:44713->127.0.0.1:7736 (ESTABLISHED)
tclsh 29538 root 3u IPv4 247203 0t0 TCP 127.0.0.1:8002 (LISTEN)
tclsh 29538 root 5u IPv4 249306 0t0 TCP 127.0.0.1:8002->127.0.0.1:60263 (ESTABLISHED)
tclsh 29538 root 7u IPv4 250493 0t0 TCP 127.0.0.1:44711->127.0.0.1:7736 (ESTABLISHED)
barnyard2 29695 root 3u IPv4 247557 0t0 TCP 127.0.0.1:44742->127.0.0.1:8001 (ESTABLISHED)
barnyard2 29695 root 4u IPv4 250563 0t0 TCP 127.0.0.1:48467->127.0.0.1:3306 (ESTABLISHED)
barnyard2 29735 root 3u IPv4 249305 0t0 TCP 127.0.0.1:60263->127.0.0.1:8002 (ESTABLISHED)
barnyard2 29735 root 4u IPv4 254016 0t0 TCP 127.0.0.1:48381->127.0.0.1:3306 (ESTABLISHED)
tclsh 29813 root 6u IPv4 250496 0t0 TCP 127.0.0.1:44715->127.0.0.1:7736 (ESTABLISHED)
tclsh 29851 root 3u IPv4 253239 0t0 TCP 127.0.0.1:44717->127.0.0.1:7736 (ESTABLISHED)
tclsh 29942 root 3u IPv4 253235 0t0 TCP 127.0.0.1:44710->127.0.0.1:7736 (ESTABLISHED)
/usr/sbin 30952 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 30952 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 30952 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 30952 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
/usr/sbin 44939 www-data 4u IPv4 11447 0t0 TCP *:443 (LISTEN)
/usr/sbin 44939 www-data 5u IPv4 11450 0t0 TCP *:9876 (LISTEN)
/usr/sbin 44939 www-data 6u IPv4 11452 0t0 TCP *:3154 (LISTEN)
/usr/sbin 44939 www-data 7u IPv4 11461 0t0 TCP *:444 (LISTEN)
sshd 48117 root 3u IPv4 309077 0t0 TCP 10.10.10.19:22->10.10.10.17:59063 (ESTABLISHED)
sshd 48262 support 3u IPv4 309077 0t0 TCP 10.10.10.19:22->10.10.10.17:59063 (ESTABLISHED)

=========================================================================
IDS Rules Update
=========================================================================
Fri Aug 9 07:01:01 UTC 2013
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Running PulledPork.
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.6.1 the Smoking Pig <////~
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for emerging.rules.tar.gz....
No Match
Done
Rules tarball download of emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
Done
Reading rules...
Reading rules...
Reading rules...
Processing /etc/nsm/pulledpork/enablesid.conf....
Modified 0 rules
Done
Processing /etc/nsm/pulledpork/dropsid.conf....
Modified 0 rules
Done
Processing /etc/nsm/pulledpork/disablesid.conf....
Modified 0 rules
Done
Modifying Sids....
Done!
Setting Flowbit State....
Enabled 30 flowbits
Done
Writing /etc/nsm/rules/downloaded.rules....
Done
Writing /etc/nsm/rules/so_rules.rules....
Done
Generating sid-msg.map....
Done
Writing /etc/nsm/rules/sid-msg.map....
Done
Writing /var/log/sid_changes.log....
Done
Rule Stats....
New:-------9
Deleted:---16
Enabled Rules:----14923
Dropped Rules:----0
Disabled Rules:---3361
Total Rules:------18284
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
Restarting Barnyard2.
Restarting: IDS-Server01-eth0
* stopping: barnyard2-1 (spooler, unified2 format)[ OK ]
* starting: barnyard2-1 (spooler, unified2 format)[ OK ]
* stopping: barnyard2-2 (spooler, unified2 format)[ OK ]
* starting: barnyard2-2 (spooler, unified2 format)[ OK ]
Restarting IDS Engine.
Restarting: IDS-Server01-eth0
* stopping: snort-1 (alert data)[ OK ]
* starting: snort-1 (alert data)[ OK ]
* stopping: snort-2 (alert data)[ OK ]
* starting: snort-2 (alert data)[ OK ]

=========================================================================
CPU Usage
=========================================================================
top - 11:53:14 up 2:59, 2 users, load average: 2.41, 2.72, 2.46
Tasks: 155 total, 2 running, 153 sleeping, 0 stopped, 0 zombie
Cpu(s): 18.4%us, 12.3%sy, 2.6%ni, 58.6%id, 7.9%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 18456192k total, 18209580k used, 246612k free, 123816k buffers
Swap: 18833404k total, 12964k used, 18820440k free, 7245312k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
23972 root 20 0 238m 56m 15m S 20 0.3 18:16.11 bro
23973 root 20 0 238m 56m 15m R 20 0.3 18:05.70 bro
23870 root 25 5 137m 18m 944 S 18 0.1 16:53.63 bro
23919 root 25 5 66988 18m 948 S 18 0.1 16:23.61 bro
23983 root 25 5 69044 22m 5020 S 18 0.1 14:54.03 bro
23982 root 25 5 69048 22m 5020 S 16 0.1 14:59.60 bro
29900 sguil 20 0 111m 8416 1180 S 4 0.0 1:58.35 argus
23862 root 20 0 1790m 24m 3992 S 2 0.1 1:02.22 bro
23912 root 20 0 277m 22m 3984 S 2 0.1 0:52.73 bro
1 root 20 0 24456 2156 1360 S 0 0.0 0:00.84 init
2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0 0.0 0:00.73 ksoftirqd/0
6 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/0
7 root RT 0 0 0 0 S 0 0.0 0:00.01 watchdog/0
8 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/1
10 root 20 0 0 0 0 S 0 0.0 0:00.82 ksoftirqd/1
11 root RT 0 0 0 0 S 0 0.0 0:00.01 watchdog/1
12 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/2
14 root 20 0 0 0 0 S 0 0.0 0:00.85 ksoftirqd/2
15 root RT 0 0 0 0 S 0 0.0 0:00.01 watchdog/2
16 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/3
18 root 20 0 0 0 0 S 0 0.0 0:00.86 ksoftirqd/3
19 root RT 0 0 0 0 S 0 0.0 0:00.01 watchdog/3
20 root 0 -20 0 0 0 S 0 0.0 0:00.00 cpuset
21 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper
22 root 20 0 0 0 0 S 0 0.0 0:00.00 kdevtmpfs
23 root 0 -20 0 0 0 S 0 0.0 0:00.00 netns
25 root 20 0 0 0 0 S 0 0.0 0:00.00 sync_supers
26 root 20 0 0 0 0 S 0 0.0 0:00.00 bdi-default
27 root 0 -20 0 0 0 S 0 0.0 0:00.00 kintegrityd
28 root 0 -20 0 0 0 S 0 0.0 0:00.00 kblockd
29 root 0 -20 0 0 0 S 0 0.0 0:00.00 ata_sff
30 root 20 0 0 0 0 S 0 0.0 0:00.00 khubd
31 root 0 -20 0 0 0 S 0 0.0 0:00.00 md
34 root 20 0 0 0 0 S 0 0.0 0:00.00 khungtaskd
35 root 20 0 0 0 0 S 0 0.0 0:02.26 kswapd0
36 root 25 5 0 0 0 S 0 0.0 0:00.00 ksmd
37 root 39 19 0 0 0 S 0 0.0 0:00.00 khugepaged
38 root 20 0 0 0 0 S 0 0.0 0:00.00 fsnotify_mark
39 root 20 0 0 0 0 S 0 0.0 0:00.00 ecryptfs-kthrea
40 root 0 -20 0 0 0 S 0 0.0 0:00.00 crypto
49 root 0 -20 0 0 0 S 0 0.0 0:00.00 kthrotld
50 root 20 0 0 0 0 S 0 0.0 0:00.02 scsi_eh_0
51 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_1
52 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/u:2
53 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_2
54 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_3
55 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/u:3
57 root 0 -20 0 0 0 S 0 0.0 0:00.00 binder
77 root 0 -20 0 0 0 S 0 0.0 0:00.00 deferwq
78 root 0 -20 0 0 0 S 0 0.0 0:00.00 charger_manager
79 root 0 -20 0 0 0 S 0 0.0 0:00.00 devfreq_wq
80 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:1
81 root 20 0 0 0 0 S 0 0.0 0:03.59 kworker/3:1
83 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:2
165 root 20 0 0 0 0 S 0 0.0 0:04.72 kworker/1:2
173 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:2
177 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_4
253 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
265 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
274 root 20 0 0 0 0 S 0 0.0 0:03.83 jbd2/dm-0-8
275 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
372 root 20 0 17364 448 448 S 0 0.0 0:00.03 upstart-udev-br
375 root 20 0 21864 808 804 S 0 0.0 0:00.02 udevd
533 root 20 0 21860 376 372 S 0 0.0 0:00.00 udevd
537 root 20 0 21860 364 360 S 0 0.0 0:00.00 udevd
574 root 0 -20 0 0 0 S 0 0.0 0:00.00 kpsmoused
615 root 0 -20 0 0 0 S 0 0.0 0:00.00 kvm-irqfd-clean
711 messageb 20 0 23816 648 644 S 0 0.0 0:00.00 dbus-daemon
811 root 20 0 50032 2384 2276 S 0 0.0 0:00.00 sshd
967 root 20 0 15188 196 196 S 0 0.0 0:00.00 upstart-socket-
1019 root 20 0 15784 804 800 S 0 0.0 0:00.00 getty
1034 root 20 0 15784 804 800 S 0 0.0 0:00.00 getty
1040 root 20 0 15784 804 800 S 0 0.0 0:00.00 getty
1041 root 20 0 15784 804 800 S 0 0.0 0:00.00 getty
1044 root 20 0 15784 804 800 S 0 0.0 0:00.00 getty
1049 root 20 0 4328 564 560 S 0 0.0 0:00.00 acpid
1065 root 20 0 19112 892 780 S 0 0.0 0:00.02 cron
1066 daemon 20 0 16908 236 220 S 0 0.0 0:00.00 atd
1072 mysql 20 0 1699m 220m 8316 S 0 1.2 4:24.04 mysqld
1084 sphinxse 20 0 42080 1028 1028 S 0 0.0 0:00.00 su
1085 root 20 0 15980 636 540 S 0 0.0 0:00.91 irqbalance
1095 root 20 0 26780 236 196 S 0 0.0 0:00.00 syslog-ng
1096 root 20 0 81224 9948 2972 S 0 0.1 0:09.36 syslog-ng
1103 sphinxse 20 0 326m 41m 19m S 0 0.2 0:07.58 searchd
1104 root 20 0 4400 516 512 S 0 0.0 0:00.00 sh
1105 root 20 0 205m 37m 3780 S 0 0.2 0:15.32 perl
1121 root 20 0 0 0 0 S 0 0.0 0:04.64 flush-252:0
1159 whoopsie 20 0 195m 4700 3712 S 0 0.0 0:00.04 whoopsie
1161 root 20 0 12804 536 348 S 0 0.0 0:00.00 ossec-execd
1175 ossec 20 0 15560 3256 788 S 0 0.0 0:02.31 ossec-analysisd
1182 root 20 0 4528 540 404 S 0 0.0 0:00.00 ossec-logcollec
1188 ossecr 20 0 31664 1048 752 S 0 0.0 0:03.00 ossec-remoted
1322 root 20 0 5468 1804 640 S 0 0.0 0:09.48 ossec-syscheckd
1327 ossec 20 0 13060 544 364 S 0 0.0 0:00.00 ossec-monitord
1497 root 20 0 176m 12m 6592 S 0 0.1 0:00.16 /usr/sbin/apach
1509 root 20 0 215m 2060 1768 S 0 0.0 0:00.00 PassengerWatchd
1514 root 20 0 288m 2284 1996 S 0 0.0 0:00.04 PassengerHelper
1516 root 20 0 108m 8196 2164 S 0 0.0 0:00.04 ruby1.9.1
1519 nobody 20 0 165m 4664 3636 S 0 0.0 0:00.00 PassengerLoggin
1543 root 20 0 15784 964 800 S 0 0.0 0:00.00 getty
1546 www-data 20 0 176m 7400 1132 S 0 0.0 0:00.00 /usr/sbin/apach
1547 www-data 20 0 176m 7400 1132 S 0 0.0 0:00.00 /usr/sbin/apach
1548 www-data 20 0 176m 7400 1132 S 0 0.0 0:00.00 /usr/sbin/apach
1549 www-data 20 0 176m 7400 1132 S 0 0.0 0:00.00 /usr/sbin/apach
1550 www-data 20 0 176m 7400 1132 S 0 0.0 0:00.00 /usr/sbin/apach
2506 ntp 20 0 37772 2232 1604 S 0 0.0 0:00.25 ntpd
2934 root 20 0 4344 356 280 S 0 0.0 0:00.00 tail
2955 root 20 0 4344 608 504 S 0 0.0 0:00.00 tail
3431 root 19 -1 14888 1928 308 S 0 0.0 0:00.37 dema
7546 www-data 20 0 422m 91m 3812 S 0 0.5 0:07.51 ruby
7591 root 20 0 77564 3600 2784 S 0 0.0 0:00.01 sshd
7777 support 20 0 77564 1904 1060 S 0 0.0 0:00.18 sshd
7778 support 20 0 26788 8084 1764 S 0 0.0 0:00.42 bash
9096 root 20 0 9212m 8.9g 3828 S 0 50.3 75:32.71 tclsh
9319 root 20 0 68340 18m 2728 S 0 0.1 0:00.58 tclsh
9320 root 20 0 121m 4300 1044 S 0 0.0 0:00.21 tclsh
9321 root 20 0 121m 3936 732 S 0 0.0 0:00.00 tclsh
11190 root 20 0 0 0 0 S 0 0.0 0:03.78 kworker/2:1
22937 root 20 0 45816 7880 2728 S 0 0.0 0:00.24 tclsh
23791 root 20 0 12332 1512 1276 S 0 0.0 0:00.00 bash
23903 root 20 0 12336 1520 1276 S 0 0.0 0:00.00 bash
23953 root 20 0 12336 1520 1276 S 0 0.0 0:00.00 bash
23956 root 20 0 12336 1520 1276 S 0 0.0 0:00.00 bash
24056 sguil 20 0 281m 255m 239m S 0 1.4 1:10.84 netsniff-ng
24096 root 20 0 35944 4892 3016 S 0 0.0 0:00.07 tclsh
24134 root 20 0 35724 4576 2876 S 0 0.0 0:00.07 tclsh
24136 root 20 0 7196 616 520 S 0 0.0 0:00.00 tail
29538 root 20 0 35388 4148 2832 S 0 0.0 0:00.01 tclsh
29540 root 20 0 7196 616 520 S 0 0.0 0:00.00 tail
29695 root 20 0 161m 62m 1800 S 0 0.3 0:15.32 barnyard2
29735 root 20 0 161m 62m 1776 S 0 0.3 0:15.15 barnyard2
29776 sguil 20 0 26388 7712 3784 S 0 0.0 1:08.28 prads
29813 root 20 0 35392 4144 2824 S 0 0.0 0:00.06 tclsh
29815 root 20 0 7180 360 280 S 0 0.0 0:00.00 cat
29851 root 20 0 36952 5872 3048 S 0 0.0 0:02.99 tclsh
29942 root 20 0 35872 4680 3008 S 0 0.0 0:21.81 tclsh
30916 root 20 0 7228 716 604 S 0 0.0 0:00.07 tail
30918 root 20 0 7196 616 520 S 0 0.0 0:00.00 tail
30919 root 20 0 7196 616 520 S 0 0.0 0:00.00 tail
30952 www-data 20 0 176m 7396 1128 S 0 0.0 0:00.00 /usr/sbin/apach
44939 www-data 20 0 176m 6920 660 S 0 0.0 0:00.00 /usr/sbin/apach
44954 support 20 0 15668 3208 1212 S 0 0.0 0:00.65 nano
45142 root 20 0 0 0 0 S 0 0.0 0:00.40 kworker/0:0
45594 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:2
46250 root 20 0 4400 612 508 S 0 0.0 0:00.00 sh
46253 root 20 0 4400 324 220 S 0 0.0 0:00.00 sh
46258 root 20 0 4308 352 276 S 0 0.0 0:00.00 sleep
46871 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0
48117 root 20 0 77568 3632 2804 S 0 0.0 0:00.01 sshd
48262 support 20 0 77568 1736 916 S 0 0.0 0:00.00 sshd
48263 support 20 0 26652 7792 1628 S 0 0.0 0:00.20 bash
48365 root 20 0 43300 1904 1412 S 0 0.0 0:00.01 sudo
48371 root 20 0 12320 1468 1244 S 0 0.0 0:00.00 sostat
48659 root 20 0 17336 1272 916 R 0 0.0 0:00.00 top


=========================================================================
Log Archive
=========================================================================
/nsm/sensor_data/IDS-Server01-eth0/dailylogs/
6.8T .
159G ./2013-06-29
167G ./2013-06-30
175G ./2013-07-01
196G ./2013-07-02
177G ./2013-07-03
66G ./2013-07-04
182G ./2013-07-05
158G ./2013-07-06
157G ./2013-07-07
173G ./2013-07-08
177G ./2013-07-09
204G ./2013-07-10
175G ./2013-07-11
39G ./2013-07-12
44G ./2013-07-13
142G ./2013-07-14
159G ./2013-07-15
245G ./2013-07-16
106G ./2013-07-17
53G ./2013-07-18
170G ./2013-07-19
164G ./2013-07-20
265G ./2013-07-21
302G ./2013-07-22
240G ./2013-07-23
230G ./2013-07-24
38G ./2013-07-25
277G ./2013-07-26
142G ./2013-07-27
165G ./2013-07-28
169G ./2013-07-29
90G ./2013-07-30
103G ./2013-07-31
49G ./2013-08-01
187G ./2013-08-02
163G ./2013-08-03
172G ./2013-08-04
170G ./2013-08-05
541G ./2013-08-06
183G ./2013-08-07
102G ./2013-08-08
99G ./2013-08-09

/nsm/bro/logs/
2.4G .
30M ./2013-06-28
20M ./2013-06-29
19M ./2013-06-30
29M ./2013-07-01
30M ./2013-07-02
30M ./2013-07-03
30M ./2013-07-04
33M ./2013-07-05
24M ./2013-07-06
24M ./2013-07-07
32M ./2013-07-08
31M ./2013-07-09
34M ./2013-07-10
31M ./2013-07-11
28M ./2013-07-12
23M ./2013-07-13
23M ./2013-07-14
31M ./2013-07-15
28M ./2013-07-16
27M ./2013-07-17
28M ./2013-07-18
26M ./2013-07-19
21M ./2013-07-20
266M ./2013-07-21
256M ./2013-07-22
236M ./2013-07-23
337M ./2013-07-24
27M ./2013-07-25
210M ./2013-07-26
22M ./2013-07-27
21M ./2013-07-28
28M ./2013-07-29
28M ./2013-07-30
27M ./2013-07-31
30M ./2013-08-01
27M ./2013-08-02
21M ./2013-08-03
22M ./2013-08-04
27M ./2013-08-05
30M ./2013-08-06
28M ./2013-08-07
28M ./2013-08-08
16M ./2013-08-09
71M ./stats

=========================================================================
IDS Engine (snort) packet drops
=========================================================================
/nsm/sensor_data/IDS-Server01-eth0/snort-1.stats last reported pkt_drop_percent as 0.000
/nsm/sensor_data/IDS-Server01-eth0/snort-2.stats last reported pkt_drop_percent as 0.000

=========================================================================
pf_ring stats
=========================================================================
egrep: /proc/net/pf_ring/*: No such file or directory

=========================================================================
Sguil Uncategorized Events
=========================================================================
+----------+
| COUNT(*) |
+----------+
| 4825796 |
+----------+

=========================================================================
Sguil events summary for yesterday
=========================================================================
+--------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Totals | GenID:SigID | Signature |
+--------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 4501 | 1:2101411 | GPL SNMP public access udp |
| 1664 | 1:2001330 | ET POLICY RDP connection confirm |
| 1661 | 1:2001329 | ET POLICY RDP connection request |
| 1613 | 1:2013497 | ET TROJAN MS Terminal Server User A Login, possible Morto inbound |
| 1494 | 1:2001331 | ET POLICY RDP disconnect request |
| 918 | 1:2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System |
| 522 | 1:2008795 | ET POLICY TeamViewer Keep-alive inbound |
| 506 | 1:2013504 | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
| 453 | 1:2013030 | ET POLICY libwww-perl User-Agent |
| 305 | 1:2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) |
| 283 | 1:2001219 | ET SCAN Potential SSH Scan |
| 241 | 1:2000419 | ET POLICY PE EXE or DLL Windows file download |
| 239 | 1:2101390 | GPL SHELLCODE x86 inc ebx NOOP |
| 212 | 1:2006435 | ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool |
| 211 | 1:2006546 | ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! |
| 113 | 1:2016774 | ET INFO Generic HTTP EXE Upload Inbound |
| 103 | 1:2500040 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (21) |
| 93 | 1:2010935 | ET POLICY Suspicious inbound to MSSQL port 1433 |
| 93 | 1:2010937 | ET POLICY Suspicious inbound to mySQL port 3306 |
| 65 | 1:2014819 | ET INFO Packed Executable Download |
| 57 | 1:2014726 | ET POLICY Outdated Windows Flash Version IE |
| 52 | 1:2013224 | ET POLICY Suspicious User-Agent Containing .exe |
| 31 | 1:2002910 | ET SCAN Potential VNC Scan 5800-5820 |
| 28 | 1:2011582 | ET POLICY Vulnerable Java Version 1.6.x Detected |
| 15 | 1:2006380 | ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted |
| 14 | 1:2002087 | ET POLICY Inbound Frequent Emails - Possible Spambot Inbound |
| 13 | 1:2406173 | ET RBN Known Russian Business Network IP UDP (87) |
| 13 | 1:2001972 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) |
| 13 | 1:2500042 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (22) |
| 13 | 1:2017054 | ET WEB_SERVER WebShell Generic - ELF File Uploaded |
| 12 | 1:2406169 | ET RBN Known Russian Business Network IP UDP (85) |
| 12 | 1:2406159 | ET RBN Known Russian Business Network IP UDP (80) |
| 11 | 1:648 | GPL SHELLCODE x86 NOOP |
| 11 | 1:2009475 | ET POLICY TeamViewer Dyngate User-Agent |
| 9 | 1:2002334 | ET CHAT Google IM traffic Jabber client sign-on |
| 9 | 1:100000230 | GPL CHAT MISC Jabber/Google Talk Outgoing Traffic |
| 9 | 1:100000232 | GPL CHAT Google Talk Logon |
| 8 | 1:653 | GPL SHELLCODE x86 0x90 unicode NOOP |
| 7 | 1:2016977 | ET WEB_SERVER allow_url_include PHP config option in uri |
| 7 | 1:2016983 | ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013 |
| 7 | 1:2016979 | ET WEB_SERVER suhosin.simulation PHP config option in uri |
| 7 | 1:2009702 | ET POLICY DNS Update From External net |
| 7 | 1:2016978 | ET WEB_SERVER safe_mode PHP config option in uri |
| 7 | 1:2406177 | ET RBN Known Russian Business Network IP UDP (89) |
| 7 | 1:2016980 | ET WEB_SERVER disable_functions PHP config option in uri |
| 6 | 1:2014384 | ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt |
| 5 | 1:2013031 | ET POLICY Python-urllib/ Suspicious User Agent |
| 4 | 1:2002878 | ET POLICY iTunes User Agent |
| 3 | 1:2101413 | GPL SNMP private access udp |
| 3 | 1:2003310 | ET P2P Edonkey Publicize File |
| 3 | 1:2102314 | GPL SHELLCODE x86 0x90 NOOP unicode |
| 3 | 10000:1 | PADS New Asset - ssl TLS 1.0 Client Hello |
| 3 | 1:2003317 | ET P2P Edonkey Search Request (any type file) |
| 3 | 1:2406003 | ET RBN Known Russian Business Network IP UDP (2) |
| 2 | 10000:1 | PADS New Asset - http Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MALC) |
| 2 | 1:2003313 | ET P2P Edonkey Connect Reply and Server List |
| 2 | 1:2009970 | ET P2P eMule Kademlia Hello Request |
| 2 | 10000:1 | PADS New Asset - unknown @domain |
| 2 | 1:2406711 | ET RBN Known Russian Business Network IP UDP (356) |
| 2 | 1:2016178 | ET SNMP missing community string attempt 1 |
| 2 | 1:2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
| 2 | 1:2406521 | ET RBN Known Russian Business Network IP UDP (261) |
| 2 | 1:2015878 | ET POLICY Maxmind geoip check to /app/geoip.js |
| 2 | 1:2008597 | ET SCAN Cisco Torch SNMP Scan |
| 2 | 1:2404123 | ET CNC ZeusTracker/SpyeyeTracker Reported CnC Server UDP (group 12) |
| 2 | 1:2406870 | ET RBN Known Russian Business Network IP TCP (436) |
| 2 | 1:2009971 | ET P2P eMule KAD Network Hello Request (2) |
| 1 | 10000:2 | PADS Changed Asset - ssl TLS 1.0 Client Hello |
| 1 | 1:2012252 | ET SHELLCODE Common 0a0a0a0a Heap Spray String |
| 1 | 1:2406861 | ET RBN Known Russian Business Network IP UDP (431) |
| 1 | 10000:2 | PADS Changed Asset - http Microsoft BITS/7.6 |
| 1 | 10000:2 | PADS Changed Asset - http TMUFE |
| 1 | 10000:1 | PADS New Asset - http Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0; MSAppHost/1.0) |
| 1 | 10000:1 | PADS New Asset - http Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Microsoft Outlook 14.0.7012; ms (office; MSOffice 14)) |
| 1 | 1:2406002 | ET RBN Known Russian Business Network IP TCP (2) |
| 1 | 10000:2 | PADS Changed Asset - http MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT |
| 1 | 10000:2 | PADS Changed Asset - ssl Generic TLS 1.0 SSL |
| 1 | 10000:2 | PADS Changed Asset - unknown @domain |
| 1 | 10000:2 | PADS Changed Asset - http Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 |
| 1 | 1:2012078 | ET POLICY Windows-Based OpenSSL Tunnel Outbound |
| 1 | 10000:2 | PADS Changed Asset - http Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0 |
| 1 | 1:2406144 | ET RBN Known Russian Business Network IP TCP (73) |
| 1 | 1:2500056 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (29) |
| 1 | 1:2406696 | ET RBN Known Russian Business Network IP TCP (349) |
| 1 | 10000:2 | PADS Changed Asset - http Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 |
| 1 | 10000:2 | PADS Changed Asset - ssh OpenSSH 5.9p1 (Protocol 2.0) |
| 1 | 10000:2 | PADS Changed Asset - domain DNS SQR No Error |
| 1 | 10000:2 | PADS Changed Asset - http CaptiveNetworkSupport (209.39 wispr) |
| 1 | 1:2012889 | ET POLICY Http Client Body contains pw= in cleartext |
| 1 | 10000:1 | PADS New Asset - unknown @www |
| 1 | 10000:1 | PADS New Asset - http Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 |
| 1 | 1:2406145 | ET RBN Known Russian Business Network IP UDP (73) |
+--------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-------+
| Total |
+-------+
| 15753 |
+-------+

=========================================================================
Top 50 All time Sguil Events
=========================================================================
+---------+-------------+---------------------------------------------------------------------------------------------------+
| Totals | GenID:SigID | Signature |
+---------+-------------+---------------------------------------------------------------------------------------------------+
| 2712430 | 1:2013531 | ET TROJAN MS Terminal Server User A Login, possible Morto Outbound |
| 359228 | 1:2001330 | ET POLICY RDP connection confirm |
| 358009 | 1:2001329 | ET POLICY RDP connection request |
| 355194 | 1:2101411 | GPL SNMP public access udp |
| 341692 | 1:2001331 | ET POLICY RDP disconnect request |
| 157838 | 1:2000419 | ET POLICY PE EXE or DLL Windows file download |
| 102321 | 1:2013497 | ET TROJAN MS Terminal Server User A Login, possible Morto inbound |
| 89682 | 1:2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System |
| 45789 | 1:2008795 | ET POLICY TeamViewer Keep-alive inbound |
| 41323 | 1:2013030 | ET POLICY libwww-perl User-Agent |
| 30359 | 1:2001219 | ET SCAN Potential SSH Scan |
| 29604 | 1:2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) |
| 25355 | 1:2101390 | GPL SHELLCODE x86 inc ebx NOOP |
| 20267 | 1:2013504 | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
| 18741 | 1:2006435 | ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool |
| 18476 | 1:2014819 | ET INFO Packed Executable Download |
| 17862 | 1:2006546 | ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! |
| 10718 | 1:2016774 | ET INFO Generic HTTP EXE Upload Inbound |
| 8411 | 1:2010935 | ET POLICY Suspicious inbound to MSSQL port 1433 |
| 8365 | 1:2010937 | ET POLICY Suspicious inbound to mySQL port 3306 |
| 7274 | 1:2012647 | ET POLICY Dropbox.com Offsite File Backup in Use |
| 4187 | 1:2013224 | ET POLICY Suspicious User-Agent Containing .exe |
| 3926 | 1:2000357 | ET P2P BitTorrent Traffic |
| 3157 | 1:2000334 | ET P2P BitTorrent peer sync |
| 2791 | 1:2002910 | ET SCAN Potential VNC Scan 5800-5820 |
| 2506 | 1:2014726 | ET POLICY Outdated Windows Flash Version IE |
| 2364 | 1:2011582 | ET POLICY Vulnerable Java Version 1.6.x Detected |
| 2245 | 1:2012709 | ET POLICY MS Remote Desktop Administrator Login Request |
| 2141 | 1:2016360 | ET INFO JAVA - ClassID |
| 2100 | 1:2002087 | ET POLICY Inbound Frequent Emails - Possible Spambot Inbound |
| 1686 | 1:2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| 1626 | 1:2010144 | ET P2P Vuze BT UDP Connection (5) |
| 1546 | 1:2001972 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) |
| 1385 | 1:2009218 | ET SCAN Tomcat admin-blank login credentials |
| 1314 | 1:2014519 | ET INFO EXE - Served Inline HTTP |
| 1313 | 1:2102181 | GPL P2P BitTorrent transfer |
| 1108 | 1:2014919 | ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1) |
| 1059 | 1:2014920 | ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2) |
| 1042 | 1:2009475 | ET POLICY TeamViewer Dyngate User-Agent |
| 907 | 1:2002157 | ET POLICY Skype User-Agent detected |
| 899 | 1:2100538 | GPL NETBIOS SMB IPC$ unicode share access |
| 885 | 1:2006380 | ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted |
| 784 | 1:2013479 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Outbound) |
| 766 | 1:2012648 | ET POLICY Dropbox Client Broadcasting |
| 697 | 1:2014520 | ET INFO EXE - Served Attached HTTP |
| 674 | 1:2001595 | ET POLICY Skype VOIP Checking Version (Startup) |
| 660 | 1:2012247 | ET P2P BTWebClient UA uTorrent in use |
| 648 | 1:2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
| 629 | 1:100000230 | GPL CHAT MISC Jabber/Google Talk Outgoing Traffic |
| 469 | 1:2002334 | ET CHAT Google IM traffic Jabber client sign-on |
+---------+-------------+---------------------------------------------------------------------------------------------------+
+---------+
| Total |
+---------+
| 4823719 |
+---------+

=========================================================================
Top 50 URLs for yesterday
=========================================================================
+--------+------------------------------------------+
| Totals | Signature |
+--------+------------------------------------------+
| 34247 | URL backup.it-grp.dk |
| 1528 | URL www.google.dk |
| 838 | URL ekstrabladet.dk |
| 830 | URL csm80-en.url.trendmicro.com |
| 781 | URL wfbs80-p.activeupdate.trendmicro.com |
| 749 | URL multimedia.ekstrabladet.dk |
| 660 | URL adserver.adtech.de |
| 628 | URL v4.download.windowsupdate.com |
| 625 | URL fg.v4.download.windowsupdate.com |
| 468 | URL crl.microsoft.com |
| 405 | URL ds.download.windowsupdate.com |
| 392 | URL bg.v4.a.dl.ws.microsoft.com |
| 373 | URL www.navitotal.com |
| 370 | URL www.google-analytics.com |
| 355 | URL au.v4.download.windowsupdate.com |
| 290 | URL updates.cudasvc.com |
| 272 | URL m.c.lnkd.licdn.com |
| 235 | URL dk.archive.ubuntu.com |
| 229 | URL t2.gstatic.com |
| 225 | URL cm.g.doubleclick.net |
| 213 | URL gadk.hit.gemius.pl |
| 212 | URL www.dr.dk |
| 210 | URL ad1.emediate.dk |
| 206 | URL www.nespresso.com |
| 206 | URL ping.chartbeat.net |
| 202 | URL s.c.lnkd.licdn.com |
| 201 | URL image.gamespotcdn.net |
| 198 | URL track.adform.net |
| 191 | URL tubby.scene7.com |
| 190 | URL m1.femjoy.com |
| 190 | URL m1.joymii.com |
| 187 | URL b.bimg.dk |
| 186 | URL a.bimg.dk |
| 185 | URL t3.gstatic.com |
| 184 | URL pubads.g.doubleclick.net |
| 177 | URL ib.adnxs.com |
| 177 | URL safebrowsing-cache.google.com |
| 176 | URL www.it-grp.dk |
| 173 | URL www.computerworld.dk |
| 171 | URL t1.gstatic.com |
| 170 | URL t0.gstatic.com |
| 165 | URL download.windowsupdate.com |
| 161 | URL go.microsoft.com |
| 157 | URL pagead2.googlesyndication.com |
| 157 | URL www.facebook.com |
| 153 | URL www.2x.com |
| 152 | URL www.rejseplanen.dk |
| 146 | URL dmd.metaservices.microsoft.com |
| 146 | URL ct44.prod.livefyre.com |
| 144 | URL pixel.rubiconproject.com |
+--------+------------------------------------------+
+-------+
| Total |
+-------+
| 63812 |
+-------+

=========================================================================
Snorby Events Summary for yesterday
=========================================================================
+--------+-------------+--------------------------------------------------------------------------------------------------+
| Totals | GenID:SigID | SignatureName |
+--------+-------------+--------------------------------------------------------------------------------------------------+
| 4501 | 1:2101411 | GPL SNMP public access udp |
| 1664 | 1:2001330 | ET POLICY RDP connection confirm |
| 1661 | 1:2001329 | ET POLICY RDP connection request |
| 1613 | 1:2013497 | ET TROJAN MS Terminal Server User A Login, possible Morto inbound |
| 1494 | 1:2001331 | ET POLICY RDP disconnect request |
| 918 | 1:2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System |
| 522 | 1:2008795 | ET POLICY TeamViewer Keep-alive inbound |
| 454 | 1:2013504 | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
| 453 | 1:2013030 | ET POLICY libwww-perl User-Agent |
| 305 | 1:2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) |
| 283 | 1:2001219 | ET SCAN Potential SSH Scan |
| 241 | 1:2000419 | ET POLICY PE EXE or DLL Windows file download |
| 239 | 1:2101390 | GPL SHELLCODE x86 inc ebx NOOP |
| 212 | 1:2006435 | ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool |
| 211 | 1:2006546 | ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! |
| 113 | 1:2016774 | ET INFO Generic HTTP EXE Upload Inbound |
| 103 | 1:2500040 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (21) |
| 93 | 1:2010935 | ET POLICY Suspicious inbound to MSSQL port 1433 |
| 93 | 1:2010937 | ET POLICY Suspicious inbound to mySQL port 3306 |
| 65 | 1:2014819 | ET INFO Packed Executable Download |
| 57 | 1:2014726 | ET POLICY Outdated Windows Flash Version IE |
| 52 | 1:2013224 | ET POLICY Suspicious User-Agent Containing .exe |
| 31 | 1:2002910 | ET SCAN Potential VNC Scan 5800-5820 |
| 28 | 1:2011582 | ET POLICY Vulnerable Java Version 1.6.x Detected |
| 15 | 1:2006380 | ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted |
| 14 | 1:2002087 | ET POLICY Inbound Frequent Emails - Possible Spambot Inbound |
| 13 | 1:2001972 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) |
| 13 | 1:2406173 | ET RBN Known Russian Business Network IP UDP (87) |
| 13 | 1:2500042 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (22) |
| 13 | 1:2017054 | ET WEB_SERVER WebShell Generic - ELF File Uploaded |
| 12 | 1:2406159 | ET RBN Known Russian Business Network IP UDP (80) |
| 12 | 1:2406169 | ET RBN Known Russian Business Network IP UDP (85) |
| 11 | 1:2009475 | ET POLICY TeamViewer Dyngate User-Agent |
| 11 | 1:648 | GPL SHELLCODE x86 NOOP |
| 9 | 1:100000232 | GPL CHAT Google Talk Logon |
| 9 | 1:2002334 | ET CHAT Google IM traffic Jabber client sign-on |
| 9 | 1:100000230 | GPL CHAT MISC Jabber/Google Talk Outgoing Traffic |
| 8 | 1:653 | GPL SHELLCODE x86 0x90 unicode NOOP |
| 7 | 1:2016979 | ET WEB_SERVER suhosin.simulation PHP config option in uri |
| 7 | 1:2016980 | ET WEB_SERVER disable_functions PHP config option in uri |
| 7 | 1:2016977 | ET WEB_SERVER allow_url_include PHP config option in uri |
| 7 | 1:2016983 | ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013 |
| 7 | 1:2016978 | ET WEB_SERVER safe_mode PHP config option in uri |
| 7 | 1:2009702 | ET POLICY DNS Update From External net |
| 7 | 1:2406177 | ET RBN Known Russian Business Network IP UDP (89) |
| 6 | 1:2014384 | ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt |
| 5 | 1:2013031 | ET POLICY Python-urllib/ Suspicious User Agent |
| 4 | 1:2002878 | ET POLICY iTunes User Agent |
| 3 | 1:2406003 | ET RBN Known Russian Business Network IP UDP (2) |
| 3 | 1:2003310 | ET P2P Edonkey Publicize File |
| 3 | 1:2003317 | ET P2P Edonkey Search Request (any type file) |
| 3 | 1:2102314 | GPL SHELLCODE x86 0x90 NOOP unicode |
| 3 | 1:2101413 | GPL SNMP private access udp |
| 2 | 1:2404123 | ET CNC ZeusTracker/SpyeyeTracker Reported CnC Server UDP (group 12) |
| 2 | 1:2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
| 2 | 1:2003313 | ET P2P Edonkey Connect Reply and Server List |
| 2 | 1:2009971 | ET P2P eMule KAD Network Hello Request (2) |
| 2 | 1:2009970 | ET P2P eMule Kademlia Hello Request |
| 2 | 1:2406870 | ET RBN Known Russian Business Network IP TCP (436) |
| 2 | 1:2406711 | ET RBN Known Russian Business Network IP UDP (356) |
| 2 | 1:2015878 | ET POLICY Maxmind geoip check to /app/geoip.js |
| 2 | 1:2406521 | ET RBN Known Russian Business Network IP UDP (261) |
| 2 | 1:2008597 | ET SCAN Cisco Torch SNMP Scan |
| 2 | 1:2016178 | ET SNMP missing community string attempt 1 |
| 1 | 1:2406002 | ET RBN Known Russian Business Network IP TCP (2) |
| 1 | 1:2406696 | ET RBN Known Russian Business Network IP TCP (349) |
| 1 | 1:2406861 | ET RBN Known Russian Business Network IP UDP (431) |
| 1 | 1:2012078 | ET POLICY Windows-Based OpenSSL Tunnel Outbound |
| 1 | 1:2406144 | ET RBN Known Russian Business Network IP TCP (73) |
| 1 | 1:2406145 | ET RBN Known Russian Business Network IP UDP (73) |
| 1 | 1:2012889 | ET POLICY Http Client Body contains pw= in cleartext |
| 1 | 1:2012252 | ET SHELLCODE Common 0a0a0a0a Heap Spray String |
| 1 | 1:2500056 | ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (29) |
+--------+-------------+--------------------------------------------------------------------------------------------------+
+-------+
| Total |
+-------+
| 15678 |
+-------+

=========================================================================
Top 50 All Time Snorby Events
=========================================================================
+---------+-------------+---------------------------------------------------------------------------------------------------+
| Totals | GenID:SigID | SignatureName |
+---------+-------------+---------------------------------------------------------------------------------------------------+
| 2712437 | 1:2013531 | ET TROJAN MS Terminal Server User A Login, possible Morto Outbound |
| 359230 | 1:2001330 | ET POLICY RDP connection confirm |
| 358010 | 1:2001329 | ET POLICY RDP connection request |
| 355197 | 1:2101411 | GPL SNMP public access udp |
| 341692 | 1:2001331 | ET POLICY RDP disconnect request |
| 157838 | 1:2000419 | ET POLICY PE EXE or DLL Windows file download |
| 102322 | 1:2013497 | ET TROJAN MS Terminal Server User A Login, possible Morto inbound |
| 89683 | 1:2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System |
| 45790 | 1:2008795 | ET POLICY TeamViewer Keep-alive inbound |
| 41323 | 1:2013030 | ET POLICY libwww-perl User-Agent |
| 30360 | 1:2001219 | ET SCAN Potential SSH Scan |
| 29604 | 1:2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) |
| 25355 | 1:2101390 | GPL SHELLCODE x86 inc ebx NOOP |
| 18741 | 1:2006435 | ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool |
| 18476 | 1:2014819 | ET INFO Packed Executable Download |
| 17862 | 1:2006546 | ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! |
| 15203 | 1:2013504 | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
| 10718 | 1:2016774 | ET INFO Generic HTTP EXE Upload Inbound |
| 8411 | 1:2010935 | ET POLICY Suspicious inbound to MSSQL port 1433 |
| 8365 | 1:2010937 | ET POLICY Suspicious inbound to mySQL port 3306 |
| 7216 | 1:2012647 | ET POLICY Dropbox.com Offsite File Backup in Use |
| 3926 | 1:2000357 | ET P2P BitTorrent Traffic |
| 3157 | 1:2000334 | ET P2P BitTorrent peer sync |
| 2791 | 1:2002910 | ET SCAN Potential VNC Scan 5800-5820 |
| 2775 | 1:2013224 | ET POLICY Suspicious User-Agent Containing .exe |
| 2364 | 1:2011582 | ET POLICY Vulnerable Java Version 1.6.x Detected |
| 2245 | 1:2012709 | ET POLICY MS Remote Desktop Administrator Login Request |
| 2141 | 1:2016360 | ET INFO JAVA - ClassID |
| 2100 | 1:2002087 | ET POLICY Inbound Frequent Emails - Possible Spambot Inbound |
| 1686 | 1:2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| 1627 | 1:2010144 | ET P2P Vuze BT UDP Connection (5) |
| 1546 | 1:2001972 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) |
| 1412 | 1:2013224 | ET POLICY Suspicious User-Agent Containing .exe |
| 1385 | 1:2009218 | ET SCAN Tomcat admin-blank login credentials |
| 1314 | 1:2014519 | ET INFO EXE - Served Inline HTTP |
| 1313 | 1:2102181 | GPL P2P BitTorrent transfer |
| 1244 | 1:2014726 | ET POLICY Outdated Windows Flash Version IE |
| 1108 | 1:2014919 | ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1) |
| 1059 | 1:2014920 | ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2) |
| 1042 | 1:2009475 | ET POLICY TeamViewer Dyngate User-Agent |
| 1001 | 1:2014726 | ET POLICY Outdated Windows Flash Version IE |
| 907 | 1:2002157 | ET POLICY Skype User-Agent detected |
| 899 | 1:2100538 | GPL NETBIOS SMB IPC$ unicode share access |
| 885 | 1:2006380 | ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted |
| 784 | 1:2013479 | ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Outbound) |
| 766 | 1:2012648 | ET POLICY Dropbox Client Broadcasting |
| 697 | 1:2014520 | ET INFO EXE - Served Attached HTTP |
| 674 | 1:2001595 | ET POLICY Skype VOIP Checking Version (Startup) |
| 660 | 1:2012247 | ET P2P BTWebClient UA uTorrent in use |
| 648 | 1:2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
+---------+-------------+---------------------------------------------------------------------------------------------------+
+---------+
| Total |
+---------+
| 4816910 |
+---------+
]0;support@IDS-Server01: ~ support@IDS-Server01:~$

I have no clue what to do now?

THANKS

Casper

[Doug Burks]

From your sostat output under "pf_ring stats":

egrep: /proc/net/pf_ring/*: No such file or directory

Please see:
https://code.google.com/p/security-onion/wiki/Upgrade

You should also log into Sguil and categorize your events:

=========================================================================
Sguil Uncategorized Events
=========================================================================
+----------+
| COUNT(*) |
+----------+
| 4825796 |
+----------+

Doug

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



--
Doug Burks
http://securityonion.blogspot.com

[offe...@gmail.com]

Doug... I LOVE YOU!! worked like a charm...

in the end it warned me that i was using 90% of my diskspace... i would assume my SO cron job/s would handle that when they start right?

This is a test / demostration server... That being said I will have to get into how to categorize events and all that.. just not gotten around to it yet....if you remember me you will know im currently devoting all my spare enenrgy to learning how to make classes in ELSA... but i will get to it :)

THANKS!!

Casper

[Heine Lysemose]

Hi Casper

On Aug 9, 2013 5:55 PM, <offe...@gmail.com> wrote:
>
> Doug... I LOVE YOU!! worked like a charm...
>
> in the end it warned me that i was using 90% of my diskspace... i would assume my SO cron job/s would handle that when they start right?
>

The cron job should handle the for you as long as your data are older than 1 day/24 hours.

> This is a test / demostration server...  That being said I will have to get into how to categorize events and all that.. just not gotten around to it yet....if you remember me you will know im currently devoting all my spare enenrgy to learning how to make classes in ELSA... but i will get to it :)
>
> THANKS!!
>
> Casper
>

Regards,
Lysemose

[offe...@gmail.com]

Thanks Heine :)