- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAO1kAFE5TE9QTjFFN09RN1lYSDk
dns.answers[0].rrname: AAAAAO1kQA.=auth.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 2
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvOBgAABAA
dns.answers[0].rrname: hvOBgAABAEI5ODFGMjk4MEMyRTFFOEZDREI1MEZGRTA2OEIxQzMwODcyQTlBQjc.=auth.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 4
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvP1kF5BAA
dns.answers[0].rrname: hvP1kF5BAHNzaA.=connect.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 6
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAABGFNTSC0yLjAtT3BlblNTSF81LjVwMSBEZWJpYW4tNitzcXVlZXplMg
dns.answers[0].rrname: hvMAAAABBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 8
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAACGAAAAwwKFGdhVAbbSHrj0XO0W/RFatoAAAB+ZGlmZmllLWhlbGxtYW
dns.answers[0].rrname: hvMAAQACBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 29
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAADGDI1Ni1jYmMsYXJjZm91cixyaWpuZGFlbC1jYmNAbHlzYXRvci5saX
dns.answers[0].rrname: hvMAAAADCFNTSC0yLjAtT3BlblNTSF82LjBwMSBEZWJpYW4tNA0K.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 30
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAEGDYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29tLGhtYWMtc2hhMS
dns.answers[0].rrname: hvMAAAAEBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 31
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAFEA
dns.answers[0].rrname: hvMAAAAFCAAABPQIFCP3jBGyCsqKjf9o1jmtOwgAAAC3ZWNkaC1zaGEyLW5pc3R.wMjU2LGVjZGgtc2hhMi1uaXN0cDM4NCxlY2RoLXNoYTItbmlzdHA1MjEsZGlmZm.llLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMjU2LGRpZmZp.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 35
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAGEA
dns.answers[0].rrname: hvMAAAAGBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 36
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAHEA
dns.answers[0].rrname: hvMAAAAHCGUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGExLGRpZmZpZS1oZWx.sbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQAAAT.pzc2gtcnNhLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2Et.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 37
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAIEA
dns.answers[0].rrname: hvMAAAAIBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 38
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAJEA
dns.answers[0].rrname: hvMAAAAJCGNlcnQtdjAwQG9wZW5zc2guY29tLHNzaC1yc2EsZWNkc2Etc2hhMi1.uaXN0cDI1Ni1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxlY2RzYS1zaGEyLW5pc3RwMz.g0LWNlcnQtdjAxQG9wZW5zc2guY29tLGVjZHNhLXNoYTItbmlz.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 39
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAKEA
dns.answers[0].rrname: hvMAAAAKBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 41
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAALEA
dns.answers[0].rrname: hvMAAAALCHRwNTIxLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1kc3MtY2VydC1.2MDFAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxlY2.RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQs.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 42
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAANEA
dns.answers[0].rrname: hvMAAAANCGVjZHNhLXNoYTItbmlzdHA1MjEsc3NoLWRzcwAAAJ1hZXMxMjgtY3R.yLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYW.VzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEy.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 44
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAMEA
dns.answers[0].rrname: hvMAAAAMBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 45
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAOGAAAAJQIHwAAAIEA3kn8kGmZTDedK2Vj79N++uZ4Xusd0KErCQqsJy
dns.answers[0].rrname: hvMAAAAOBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 47
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAPGAAAArwHIQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAMeZsgTSPF
dns.answers[0].rrname: hvMAAAAPCDgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5.kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdH.IsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVz.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 52
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAQGIRArGzGzvCoATKDPTgtff/srH5ymzbNg0od9vzz4aW8Wr8Tmhh8Hr
dns.answers[0].rrname: hvMAAAAQBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 53
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAARGHmmtcnk3f+Sdke7PQIZOINdGizzHBLu7ItZSOa3Sfc66H+ayaARMf
dns.answers[0].rrname: hvMAAAARCDEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2J.jLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseX.NhdG9yLmxpdS5zZQAAAKdobWFjLW1kNSxobWFjLXNoYTEsdW1h.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 54
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAASGOOTR9NjSUnRhPcUi8LCTvkQlmYrM+Hu9yoyMqR93pNxpgs5RzR4IH
dns.answers[0].rrname: hvMAAAASCGMtNjRAb3BlbnNzaC5jb20saG1hYy1zaGEyLTI1NixobWFjLXNoYTI.tMjU2LTk2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGEyLTUxMi05NixobWFjLXJpcG.VtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFj.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 55
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAATGNsETPiAXDCPSqttwQTxlKfcbeUws4sTuR3619TSQK3ER/ENcT1ZQP
dns.answers[0].rrname: hvMAAAATCC1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAp2htYWMtbWQ1LGhtYWMtc2h.hMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtc2hhMi0yNTYsaG1hYy1zaGEyLT.I1Ni05NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMi01MTItOTYs.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 59
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAUGID6Ry6+OsQx+C0gWhSicpwJRsW6Not/u1nTWJIxQeVq3YzSkq09md
dns.answers[0].rrname: hvMAAAAUCGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29.tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAABpub25lLHpsaWJAb3BlbnNzaC.5jb20semxpYgAAABpub25lLHpsaWJAb3BlbnNzaC5jb20semxp.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 61
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAVEA
dns.answers[0].rrname: hvMAAAAVCGIAAAAAAAAAAAAAAAAAAAAAAAAAAAA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 62
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAXEA
dns.answers[0].rrname: hvMAAwAXCAAAABQGIgAABAAAAAQAAAAgAAAAAAAAAA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 63
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAWEA
dns.answers[0].rrname: hvMAAgAWBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 64
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAaEA
dns.answers[0].rrname: hvMABgAaBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 65
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAbEA
dns.answers[0].rrname: hvMABwAbBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 66
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAYEA
dns.answers[0].rrname: hvMABAAYBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 67
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAeEA
dns.answers[0].rrname: hvMACgAeBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 68
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAfEA
dns.answers[0].rrname: hvMACwAfCJpX6DB9O+5TQ+oIfbIAAAAAAAA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 69
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAhEA
dns.answers[0].rrname: hvMADQAhCAAAAAwKFQAAAAAAAAAAAAA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 70
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAiEA
dns.answers[0].rrname: hvMADgAiCA9HZU8tQch3tlBA02t6sZzFinsHVFjV9fsbIgJzGV6aC9IX8jmSF82.xjb4dW8dzrA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 71
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAgEA
dns.answers[0].rrname: hvMADAAgBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 72
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAZEA
dns.answers[0].rrname: hvMABQAZBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 73
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAcEA
dns.answers[0].rrname: hvMACAAcBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 75
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAdEA
dns.answers[0].rrname: hvMACQAdCAAAAIwGIAAAAIAx3itE7XsxfNFkKSwpm/QL2R+3hW5GnOrZviY9/TR.O7d2QlxOeCwmGsxERu0+5DKpF6kwJroS1n8v8wLvqu3jSeOjVnYb7Fo3jRoLT3z.mxMiqSuKTuBNWXb5QoROHUYVRZIqMC+OtncdVw0LG0/FO/Kq8n.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 76
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAjEA
dns.answers[0].rrname: hvMADwAjCDvIMWnWlrLs3njbinEmXNQVYiJ1Hf0sRyNE7D/1NF1b8clSdB/dmtu.UbGQcz7UrbBHNGJWtlVUBLpj6DTggRC0.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 78
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAkEA
dns.answers[0].rrname: hvMAEAAkBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 80
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAmEA
dns.answers[0].rrname: hvMAEgAmBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 81
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAlEA
dns.answers[0].rrname: hvMAEQAlBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 82
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAnEA
dns.answers[0].rrname: hvMAEwAnBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 85
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAoEA
dns.answers[0].rrname: hvMAFAAoBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 92
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAApEA
dns.answers[0].rrname: hvMAFQApCOmk2dTdJciDeU1HxaGwOxqdUoJGVho6Jcrgg3EXVwhzTkpRmB3Xrlz.lp2FAtTgUIZC5aeEQm7x/NitPsl8n+xyl8BtH2fraIRJb3eGrIteLsXobanq4+P.pJZNPyaIW2oKX3+ZSx3BKNpSkJpD232RvTt1J7dNuhqFQgFcnd.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 93
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAqEA
dns.answers[0].rrname: hvMAFgAqBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 94
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAArEA
dns.answers[0].rrname: hvMAFwArCMfOP+frB4IA0L7UWQjJpzeyMOo.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 95
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAsEA
dns.answers[0].rrname: hvMAGAAsBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 96
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAtGNEqCE4KP20kGH0Clf+C26xKJFc1tpe2553spzE6/gT1
dns.answers[0].rrname: hvMAGQAtBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 98
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAuGFbHXVzzlvr34msuFy05F6bRUXIcwwA8xil02gNhXcy5QxKpCfwU7t
dns.answers[0].rrname: hvMAGgAuBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 104
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAvGK4Pd1EjONdQFOqx0Q1qpvfSn2lYEI7DYZltX8uuYTGkCVNl04z+Bx
dns.answers[0].rrname: hvMAGwAvCIkrV/ReccpWoXylVptppBSwm4rQVj+LUzMpFyro3rmKmtRhPMMj0V1.cj60bkoYzh0QlrH6vAMPPSOm7RzOWJNTchkHY5KGt+pyYHPD9I6/81p1PCZuPXi.XMBHf6s08VExh7KxEtR8jggl/dxizgPmqbsBFw1yAsoWmDeEHj.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 114
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAwGObgemu5HuKM+ERWwdANnQBVfFsBeFOJ5lnCfusRXljFGecnHD7b1j
dns.answers[0].rrname: hvMAHAAwBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 116
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAxGOJC4G7AI5IRq8VFCBirtrwtfAdGD2M1KW4j9XQe6O+B6oUgWqHGXY
dns.answers[0].rrname: hvMAHQAxCMctAA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 117
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAyGOaJz8MoysNCf8COwS29ZF3s2AqPMfigTqkImNZJUam+WEKERcm6w3
dns.answers[0].rrname: hvMAHgAyBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 119
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA8EA
dns.answers[0].rrname: hvMAKAA8BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 122
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAAzEA
dns.answers[0].rrname: hvMAHwAzBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 123
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA0EA
dns.answers[0].rrname: hvMAIAA0CIUaLlwuNSK5phv3q0D7jN6FjRu9RhxF2jLcd4ePd/Ssv/fMHo1x7lZ.IJnb9FnEAoCBZUQqizMnd8d+FTgkJK7USPgmxOyR63Yy6sNxUuGdIvZ2Kd8OWaG.qrHQleDgvLDVxhdkeZ4jOUkbqywhagjgn+6LosU/HVT0V2Oql1.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 124
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA1EA
dns.answers[0].rrname: hvMAIQA1BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 125
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA9EA
dns.answers[0].rrname: hvMAKQA9BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 126
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA2EA
dns.answers[0].rrname: hvMAIgA2CCeD1WxPA+m6eHkF1n4qobRCBC/O73OvopuCyJypzQ25p3ZMZeGznpo.Ugpn1L9G8f6H8rrjflBw9YW6C5VxOgiByMyvi1C8xpbuu19dr/b78i9BWGXlzHB.dai5EtV2d2YHxl6AjuP7vZNbkgVL99AScD38jT145YVJuQ2v2j.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 128
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA3EA
dns.answers[0].rrname: hvMAIwA3BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 129
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA4EA
dns.answers[0].rrname: hvMAJAA4CIA3u9zI4HdwAkw2T+n7SYuJHT590+/Y/WkV2jlx6OOhrYYBrH+fF/x.LeqpHbkkYohzQd/aIDDnUnhr+xtyHzrK4Chm5Q9UJmpATyFkU2wWdLs6S3sTeji.sy9fNH+znOgkge5l3POd3slPeZcbLITaDsTaHWEnrwDLMIQ9lw.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 130
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA5EA
dns.answers[0].rrname: hvMAJQA5BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 131
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA6EA
dns.answers[0].rrname: hvMAJgA6CNgjb+jJ6jrjge2Jq6S6yufEuid5p1tRS8WmR2IHxwpt6vjhkRJFI8o.9XnSTflh5C6a068gKqhfPSR4M2a/Fo0+L4l+m5yIvRoc.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 132
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA7EA
dns.answers[0].rrname: hvMAJwA7BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 134
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA/EA
dns.answers[0].rrname: hvMAKwA/BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 136
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABAEA
dns.answers[0].rrname: hvMALABABA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 137
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAAA+EA
dns.answers[0].rrname: hvMAKgA+BA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 138
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABBEA
dns.answers[0].rrname: hvMALQBBBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 139
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABCEA
dns.answers[0].rrname: hvMALgBCBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 141
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABDEA
dns.answers[0].rrname: hvMALwBDBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 143
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABEEA
dns.answers[0].rrname: hvMAMABEBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 145
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABFEA
dns.answers[0].rrname: hvMAMQBFBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 147
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABGEA
dns.answers[0].rrname: hvMAMgBGBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 149
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABHEA
dns.answers[0].rrname: hvMAMwBHBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 151
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABIEA
dns.answers[0].rrname: hvMANABIBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 153
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABJEA
dns.answers[0].rrname: hvMANQBJBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 155
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABKEA
dns.answers[0].rrname: hvMANgBKBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 157
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABLEA
dns.answers[0].rrname: hvMANwBLBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 159
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABMEA
dns.answers[0].rrname: hvMAOABMBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 161
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
- filter:
count: 1
match:
- dest_ip: 10.30.28.94
- dest_port: 53
+ dest_ip: 10.30.28.90
+ dest_port: 43246
dns.answers[0].rdata: AhvMAAABNEA
dns.answers[0].rrname: hvMAOQBNBA.srv.tunnel.com
dns.answers[0].rrtype: TXT
event_type: dns
pcap_cnt: 163
proto: UDP
- src_ip: 10.30.28.90
- src_port: 43246
+ src_ip: 10.30.28.94
+ src_port: 53
- filter:
count: 1
match:
projects / thirdparty / suricata-verify.git / commitdiff
