arkime / arkime Goto Github PK

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

License: Apache License 2.0

C 24.02% HTML 1.36% Perl 13.36% JavaScript 29.35% Groovy 0.01% Shell 0.56% CSS 0.56% Makefile 0.21% M4 0.26% Lua 1.92% Yacc 0.47% Python 0.16% Vue 26.57% YARA 0.01% Zeek 0.08% Pug 1.03% Stylus 0.04% Handlebars 0.03% SCSS 0.04%

network-monitoring pcap packet-capture nsm javascript c big-data security

arkime's Introduction

Arkime

Arkime is a large scale, open-source network analysis and packet capture system.

Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Arkime exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.

Arkime is built to be deployed across many systems and can scale to handle tens of gigabits/sec of traffic. PCAP retention is based on available sensor disk space. Metadata retention is based on the Elasticsearch cluster scale. Both can be increased at anytime and are under your complete control.

Learn more on our website

Background
Install
Configuration
Usage
Security
API
Contribute
License

Background

Arkime, previously named Moloch, was created to replace commercial full packet systems at AOL in 2012. By having complete control of hardware and costs, we found we could deploy full packet capture across all our networks for the same cost as just one network using a commercial tool.

The Arkime system is comprised of 3 main components:

capture - A threaded C application that monitors network traffic, writes PCAP formatted files to disk, parses the captured packets, and sends metadata (SPI data) to elasticsearch.
viewer - A node.js application that runs per capture machine. It handles the web interface and transfer of PCAP files.
OpenSearch/Elasticsearch - The search database technology powering Arkime.

We also provide several optional applications:

cont3xt - An application that provides a structured approach to gathering contextual intelligence in support of technical investigations.
esProxy - A proxy that provides extra security between capture and OpenSearch/Elasticsearch.
Parliament - An application that monitors and is a front door to multiple Arkime clusters.
wiseService - An application that integrates threat intelligence into the session metadata.

Once installed, a user can look at the data Arkime has captured using a simple web interface. Arkime provides multiple views of the data. The primary view is the Sessions page that contains a list of sessions. Each session can be opened to view the metadata and PCAP data.

Another way to view the data is the SPI View page, which allows the user to see all the unique values for each field that Arkime understands.

Install

Most users should use the prebuilt binaries available at our Downloads page and follow the simple install instructions on that page.

For advanced users, you can build Arkime yourself:

Make sure node is in your path, currently main supports Node version 18.x (18.15 or higher) or 20.x
git clone https://github.com/arkime/arkime - latest version on github
./easybutton-build.sh --install - downloads all the prerequisites, build, and install
make config - performs an initial Arkime configuration
Refer to the CONTRIBUTING.md file for information about how to get involved

Configuration

Most of the system configuration will be performed in the /opt/arkime/etc/config.ini file. The variables are documented in our Settings Wiki page.

Usage

Once Arkime is running, point your browser to http://localhost:8005 to access the web interface. Click on the Owl to reach the Arkime help page.

Security

Access to Arkime is protected by using HTTPS with digest passwords or by using an authentication providing web server proxy. All PCAPs are stored on the sensors and are only accessed using the Arkime interface or API. Arkime is not meant to replace an IDS but instead work alongside them to store and index all the network traffic in standard PCAP format, providing fast access.

Arkime can be configured to use OpenSearch/Elasticsearch user auth or API keys.
Arkime machines should be locked down, however they need to talk to each other (port 8005), to the elasticsearch machines (ports 9200-920x), and the web interface needs to be open (port 8005).
Arkime viewer should be configured to use SSL.
- It's easiest to use a single certificate with multiple DNs or a wildcard.
- Make sure you protect the cert on the filesystem with proper file permissions.
It is possible to set up a Arkime viewer on a machine that doesn't capture any data that gateways all requests.
- Using a reverse proxy (Caddy, Apache, ...) can handle the authentication and pass the username on to Arkime, this is how we deploy it.
A shared password stored in the Arkime configuration file is used to encrypt password hashes AND for inter-Arkime communication.
- Make sure you protect the config file on the filesystem with proper file permissions.
- Encrypted password hashes are used so a new password hash can not be inserted into elasticsearch directly in case it hasn't been secured.

API

You can learn more about the Arkime API on our API Wiki page.

Contribute

Please refer to the CONTRIBUTING.md file for information about how to get involved. We welcome issues, feature requests, pull requests, and documentation updates in GitHub. For questions about using and troubleshooting Arkime please use the Slack channels.

Maintainers

The best way to reach us is on Slack. Please request an invitation to join the Arkime Slack workspace here.

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

arkime's People

Contributors

Stargazers

Watchers

Forkers

marchon jpvlsmv mmaldonado jaymatt hfeeki fudong1127 huangzhiyong tinyserver peterclemenko derez kost wynhbh dopo funkymcnasty atimorin reedloden mpt4me gdrapp redhatma dollarampersand jonbaer j-lowry abpin hillar xdancho woojee001 wycg1984 c0debreaker hasantayyar missdiog o00ipsse superpeng0707 slavah ashkan-google oldgamerdarthy sectionine siddhaism xuanhan863 nokkloom lamkeysing92 paulpc roller2 haiwanxue neslog unixcrh dodng narayana1208 maxmetagravity sokoban mediix danpopp reaperx420 yichang076 heidcloud japaks tourountzis 0x0mar weixu8 threatstream lance2600 bulozb fsu760 hamzaemre 83457 danetheory greenbender vi258 rainsome-org1 majl duanshuaimin frankswu ifghou fortheswarm rmikio mmallad davidjohnsmith jpoley tengfei1010 nanght nalahmad jlongman chenkaigithub aiqubit wanusmaximus joelfcorrea cephurs thurday moxwose nawxs110 6ongit macnaya alisheikh rkm19 cnbird1999 nicholasklise impulsas 0xdezzy dz0sy5 tdr130 raggnar

arkime's Issues

db.pl dependencies

db.pl needs HTTP::Request::Common, and LWP::UserAgent

You can get these easily enough from CPAN, but that needs documentation.

In my case, the viewer wasn't running after easybutton-build.sh.

Connections - visualization bug

When a custom Graph time range has been selected, switching to Connections mode for link graphing does not use the custom graph time range. It defaults to last hour. :(

Color coded payload results

When viewing SPI Payloads, I'd like to see color coded results that will visually distinguish the difference between Client request vs. Server/Service response. Both Wireshark (Follow Stream otion) and Chaosreader use red output for client requests and blue for server/service response. If hexadecimal output is used, the hex offsets are light green.

icons to consider

http://glyphicons.com

sessions.json output

Please modify sessions.json output so that there is one full SPI record per line. Current results turn into one single long line, making it impossible to feed to external visualization tools.

TLS certificate decoding and searching

Support decoding and search tls certificates.

Search bar - clear query option

Add an 'X' to the right hand side of the query bar that will clear the query statement

SSH SPI Data

Add SPI data creation for SSH server fingerprints, client and server version names.

New option to enable moloch-capture to process multi-file / directory based load of pcap files

nuff said. ./moloch-capture -R /data/pcap/

$ ls /data/pcap/
derp.pcap
derp1.pcap
derp2.pcap
omg.pcap
omfg.pcap
lmfao.pcap
.
.
.

Please add protocol identifier to SPI record results

A simple one character identifier per session record of 'T', 'U' or 'I' to distinguish between TCP, UDP and ICMP would be great. My personal preference would be to place the column after session stop date and before Src IP.

Permalinks

Create sharable permalinks that automatically expand the SPI payload. If its not a terrible PITA, also allow the permalink to reflect any options that have been applied to the view. encoding, line numbers, gzip decode, view images.

UI enhancement - default session display type

It'd be cool to have some configurable user preferences, for example, when I expand a session, I'd like to change the default to something other than Hex as the display type. I'd like Ascii as default, for example.

Appid library for integration

http://code.google.com/p/appid/

Add IP and Hostname Blacklist Tagging Support

Please add the ability to import text files with IP and/or hostnames into a sensor that would cause autotagging of all matching sessions

Domain based blacklist from ZeuS tracker:
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

This file could be downloaded to the sensor and named:

/blacklists/hostname_zeustracker

IP based blacklist from ZeuS tracker:
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

This file could be downloaded to the sensor and named:

/blacklists/ipaddress_zeustracker

The first part of the file name would denote to Moloch that the contents of the file is of a SPIdata type, and the second part the blacklist tag name. Both files should cause matching sessions based on IP or hostname to have the follow tag applied to them:

tags == blacklist:zeustracker

Visual health indicator of Elastic Search

Add a visual health indicator for Elastic Search to the upper right of page near version string, and a slightly more involved [but minimalist] status similar to bigdesk just not as verbose under the stats tab.

Databytes extract - file extract

When viewing the SPI record payload, I'd like to be able to selectively export just the databytes portion of one or both sides of a conversation. This will simplify extracting file/payload content.

resolve IP's via tooltip in sessions view when clicked

When either src or dst IP's are left clicked in the sessions view, a tooltip popup should appear with dns resolution results (maybe other configurable IP related actions down the road).

The NFSen project does this very well. I will demo the behavior in person.

SPIdata header subtypes (header.src, header.dst)

Being able to query specifically for client HTTP headers or server HTTP headers instead of just all headers like with other SPIdata types (ip, ip.src, ip.dst).

Data Visualization of connection/session data

The JavaScript InfoVis Toolkit looks like a no brainer for integration.
http://thejit.org/demos/

Here is an almost perfect example of what I'd hope the visualization would look like, with the render going into a new tab by default.
http://thejit.org/static/v20/Jit/Examples/ForceDirected/example2.html

Newer work by the same developer, and possibly overkill for our needs, but WAY too cool to not look at!
http://www.senchalabs.org/philogl/demos.html

Display fully qualified date information

Please update the viewer interface to display fully qualified date information MM/dd/YYYY in both Session Payload Information views (SPI), as well as during full payload display.

p0f integration

Integrate passive OS fingerprinting (p0f)! http://lcamtuf.coredump.cx/p0f3/

It would be great to be able to use filters like: ( tags == p0f:Windows* )

protocol based filtering to avoid storage

This is a long term goal requiring protocol awareness not currently built into the capture tool. Logging it here as I've already been asked if Moloch can filter p2p. In order to avoid overwhelming available storage volume with packet capture sessions that are either secure (ssh/ssl) or otherwise determined to be unwanted protocol due to volume (i.e P2P protocols), capture basic meta about the session, and do not store session pcap beyond initial handshake.

Protocol based filtering should be a configurable option. I imagine some users will want to capture everything.

Python version check during easybutton install

Must check for minimum python version during installation. This keeps biting me in the arse.
CentOS drops with 2.4.3. nice subtle failures.

Also, add bzip2-libs , bzip2-devel to the package dependency list. If you build Python from source the bz2 library is not built unless libs/devel is present. lack of bz2 python2 module means NodeJS still fails to build.

File Type Fingerprinting

Please add filet ype fingerprinting to HTTP sessions and create a new tag or type called filetype for querying.

filetype == pe

tags == "filetype:pe"

import pcap folder

When trying to import a folder full of PCAP files, the moloch-capture executable seems to read the first one and then get stuck (the output looks as if the binary then starts listening on the network).
The command I used is: /moloch-capture -c ../config.ini -R $pcap

New tab defaults

When selecting connections or right click header results that generate unique IP lists or unique URI's should default into a new tab to keep the primary session view intact.

Internationalization / alternate encoding support

I searched for TurkTrust issued Certificates via cert.issuer.cn == "Elektronik", and its all kinds of crazy. I'm no encoding expert, hopefully the issue is pretty obvious to you. Visit https://www.turktrust.com.tr/ directly with your usual client browser and examine the difference between what Moloch logs/indexes/displays vs. what a client browser will render cleanly.

netflow record generation

Give the capture process the option to generate and send netflow records so that running a separate netflow probe is not necessary.

Check out http://sourceforge.net/projects/fprobe/

Add Internet Content Adaptation Protocol (ICAP) Support

Add support for Internet Content Adaptation Protocol (ICAP). This will allow Moloch to parse and index SSL traffic that has passed through a device that supports ICAP output functionality (such as Squid 3.0, Blue Coat, M86 Proxy, McAfee Web Gateway, etc).

http://www.icap-forum.org/icap?do=resources&subdo=specification
http://en.wikipedia.org/wiki/Internet_Content_Adaptation_Protocol

Viewer UI support to use alternate default URI path

In order to support the reverse proxy front ending of the Viewer UI, please modify the nodejs viewer to allow for an alternate URI path to be specified.

Currently an Apache reverse-proxy configuration that forwards all /moloch/ requests to the viewer will fail as the Viewer UI will return html results that no longer reflect the /moloch/ URI path.

SPIdata For Regional Internet Registry

Create SPIdata for the Regional Internet Registry (RIR) of the IP addresses involved. Possible values for the rir/rir.src/rir.dst would be:

AFRINIC
APNIC
ARIN
LACNIC
RIPE NCC

List of registries:
https://www.arin.net/knowledge/rirs.html

Generate direct from the IP:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

Generate from the ASN (might be better):
http://www.iana.org/assignments/as-numbers/as-numbers.xml

Yara tag modification

When a yara rule fires the rule name is stored as a standalone tag. Can it be modified to be stored as 'yara:${yara_rulename}', so that I can search for tags == "yara:*"

Additionally, yara rules support its own tags that would make groups of rules easier to search.

ex.
rule yara_rulename: TAG1 TAG2 TAG3
{
blah
}

Can you work with that?

Add other services for ip/md5/domain checking

shadowserver
isc passive dns
emerging threats

tls decode when private key is loaded

Lucky13 tagger

Support SSL 3.0 decoding

Test issue

I can create issues.

Viewer Crash

Using the easybutton for a single host, I'm imporing 5k+ pcaps from a cuckoo instance with commands similar to the following.

/data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -r ../storage/analyses/4076/dump.pcap -n Java6 -t 4076 --copy

The pcaps seem to import fine but when using the viewer it seems to randomly crash when trying to expand session details. This is the error I get in my viewer.log

fs.js:365
binding.read(fd, buffer, offset, length, position, wrapper);
^
Error: Length extends beyond buffer
at Object.fs.read (fs.js:365:11)
at /data/moloch/viewer/viewer.js:1235:10
at Object.wrapper as oncomplete

Option to render images

When a session is expanded, I'd like the option to have the UI render thumbnails of what are clearly images.

moloch-capture buffer overflow

When attempting to capture from a 10gig intel nic that is on a Cisco SPAN session, moloch-capture buffer overflows and consequently aborts. Here is what was barfed out to stderr:

root@hindsight:/data/moloch/bin# /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc950b23010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc950ac1010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc950a5f010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc9509fd010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cfc7010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cf65010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cf03010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cea1010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94ce3f010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cddd010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cd7b010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cd19010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94ccb7010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cc55010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cbf3010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cb91010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cb2f010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94cacd010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94ca6b010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94ca09010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c9a7010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c945010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c8e3010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c881010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c81f010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c7bd010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c75b010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c6f9010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c697010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c635010
Sep 12 13:09:40 es.c:235 moloch_es_connect(): Connecting 0x7fc94c5d3010
Sep 12 13:09:40 es.c:325 moloch_es_finish(): Sep 12 13:09:40 30/0/0 0x7fc950b23010 GET SYNC /files/file/_search?size=1&sort=num:desc&q=node:hindsight 0 0ms 3ms
Sep 12 13:09:40 es.c:325 moloch_es_finish(): Sep 12 13:09:40 30/0/0 0x7fc950b23010 GET SYNC /tags/tag/_search?size=3000&fields=n 0 0ms 14ms
Sep 12 13:09:40 es.c:325 moloch_es_finish(): Sep 12 13:09:40 30/0/0 0x7fc950b23010 GET SYNC /stats/stat/hindsight 0 0ms 1ms
Sep 12 13:09:40 nids.c:1531 moloch_nids_init(): libpcap version 1.3.0
Sep 12 13:09:40 db.c:778 moloch_db_create_file(): Creating file 4 with key >/files/file/hindsight-4< using >{"num":4, "name":"/data/moloch/raw/hindsight-120912-00000004.pcap", "first":1347473380, "node":"hindsight"}<
Sep 12 13:09:40 nids.c:452 moloch_nids_cb_ip(): 1 Initial Dropped = 1257
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep 12 13:09:40 nids.c:1339 moloch_nids_syslog(): NIDSIP:/data/moloch/raw/hindsight-120912-00000004.pcap Invalid IP header
Sep

Summary feature

Create a summary option that is applied to the current query result set. Look at Wireshark - Statistics -> Summary, or Chaosreader index reports for examples.

When selecting the 'summarize' or 'summary' button, the report should be dumped into a new browser tab.

The resulting report should include:

Fully qualified URL to return to exactly the query result set being summarized.

Time of first packet
Time of last packet
Total time elapsed (in HH:mm:ss, in addition to in just seconds)
Total number of sessions
Total number of packets
Total number of databytes

List of endpoints in top talker order

and much more as we go along

viewer crash, related to tags

$ cat  /data/moloch/logs/viewer.log
Express server listening on port 8005 in production mode
WARNING: ev_ref is deprecated, use uv_ref
WARNING: ev_unref is deprecated, use uv_unref
expireOne result = 
 { took: 2,
  timed_out: false,
  _shards: { total: 5, successful: 5, failed: 0 },
  hits: 
   { total: 6,
     max_score: null,
     hits: 
      [ { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-1',
          _score: null,
          fields: 
           { num: 1,
             node: 'mikejohnson-wsl',
             first: 1347040359,
             name: '/data/moloch/raw/mikejohnson-wsl-120907-00000001.pcap' },
          sort: [ 1 ] },
        { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-2',
          _score: null,
          fields: 
           { num: 2,
             node: 'mikejohnson-wsl',
             first: 1326969240,
             name: '/data/moloch/raw/mikejohnson-wsl-120119-00000002.pcap' },
          sort: [ 2 ] },
        { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-3',
          _score: null,
          fields: 
           { num: 3,
             node: 'mikejohnson-wsl',
             first: 1326969227,
             name: '/data/moloch/raw/mikejohnson-wsl-120119-00000003.pcap' },
          sort: [ 3 ] },
        { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-4',
          _score: null,
          fields: 
           { num: 4,
             node: 'mikejohnson-wsl',
             first: 1280427914,
             name: '/data/moloch/raw/mikejohnson-wsl-100729-00000004.pcap' },
          sort: [ 4 ] },
        { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-5',
          _score: null,
          fields: 
           { num: 5,
             node: 'mikejohnson-wsl',
             first: 1288294212,
             name: '/data/moloch/raw/mikejohnson-wsl-101028-00000005.pcap' },
          sort: [ 5 ] },
        { _index: 'files_v1',
          _type: 'file',
          _id: 'mikejohnson-wsl-6',
          _score: null,
          fields: 
           { num: 6,
             node: 'mikejohnson-wsl',
             first: 1287086500,
             name: '/data/moloch/raw/mikejohnson-wsl-101014-00000006.pcap' },
          sort: [ 6 ] } ] } }
Fri, 07 Sep 2012 18:36:49 GMT GET /?startTime=1326969180&stopTime=1326986457&expression=protocol+%3D%3D+tcp 16976 bytes 93 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /DataTables-1.9.1/media/css/demo_table.css - bytes 3 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /style.css 6895 bytes 129 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/jquery.flot.navigate.min.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /common.js - bytes - ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jvectormap/jquery-jvectormap.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jquery-jvectormap-world-en.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jquery.autocomplete.js - bytes 2 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jQuery-contextMenu/src/jquery.ui.position.js - bytes - ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jQuery-contextMenu/src/jquery.contextMenu.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /jQuery-contextMenu/src/jquery.contextMenu.css - bytes 5 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /DataTables-1.9.1/media/js/jquery.dataTables.min.js - bytes - ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/jquery.flot.min.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/jquery.flot.selection.min.js - bytes - ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/jquery.flot.resize.min.js - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /header_logo.png - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /watching.gif - bytes - ms
sessions.json query {"fields":["pr","ro","db","fp","lp","a1","p1","a2","p2","pa","by","no","us","g1","g2"],"from":"0","size":100,"query":{"filtered":{"query":{"range":{"lp":{"gte":1326969180,"lte":1326986457}}},"filter":{"term":{"pr":6}}}},"facets":{"dbHisto":{"histogram":{"key_field":"lp","value_field":"db","interval":60,"size":1440}},"paHisto":{"histogram":{"key_field":"lp","value_field":"pa","interval":60,"size":1440}},"map1":{"terms":{"field":"g1","size":1000}},"map2":{"terms":{"field":"g2","size":1000}}},"sort":[{"fp":{"order":"asc"}}]}
total =  35972 display total =  18
Fri, 07 Sep 2012 18:36:49 GMT GET /sessions.json?sEcho=1&iColumns=12&sColumns=&iDisplayStart=0&iDisplayLength=100&mDataProp_0=null&mDataProp_1=id&mDataProp_2=fp&mDataProp_3=lp&mDataProp_4=a1&mDataProp_5=p1&mDataProp_6=a2&mDataProp_7=p2&mDataProp_8=pa&mDataProp_9=by&mDataProp_10=no&mDataProp_11=us&iSortCol_0=2&sSortDir_0=asc&iSortingCols=1&bSortable_0=false&bSortable_1=true&bSortable_2=true&bSortable_3=true&bSortable_4=true&bSortable_5=true&bSortable_6=true&bSortable_7=true&bSortable_8=true&bSortable_9=true&bSortable_10=true&bSortable_11=false&startTime=1326969180&stopTime=1326986457&expression=protocol+%3D%3D+tcp&facets=1 6417 bytes 13 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/examples/arrow-left.gif - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /flot-0.7/examples/arrow-right.gif - bytes 1 ms
Fri, 07 Sep 2012 18:36:49 GMT GET /DataTables-1.9.1/examples/examples_support/details_open.png - bytes 1 ms
Fri, 07 Sep 2012 18:37:18 GMT GET /DataTables-1.9.1/examples/examples_support/details_close.png 841 bytes 3 ms
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 310684,
     incl_len: 70,
     orig_len: 70 },
  ether: 
   { length: 70,
     addr1: '001f27833000',
     addr2: '5c260a08fbf1',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 310686,
     incl_len: 70,
     orig_len: 70 },
  ether: 
   { length: 70,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 310750,
     incl_len: 70,
     orig_len: 70 },
  ether: 
   { length: 70,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 310751,
     incl_len: 70,
     orig_len: 70 },
  ether: 
   { length: 70,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 312925,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 312927,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '5c260a08fbf1',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 312939,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '00000c07ac00',
     addr2: '001e7a20dd6d',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 312940,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 313030,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '5c260a08fbf1',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 313031,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 313041,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 313042,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 316522,
     incl_len: 852,
     orig_len: 852 },
  ether: 
   { length: 852,
     addr1: '001f27833000',
     addr2: '5c260a08fbf1',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 316531,
     incl_len: 852,
     orig_len: 852 },
  ether: 
   { length: 852,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 316586,
     incl_len: 852,
     orig_len: 852 },
  ether: 
   { length: 852,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 316592,
     incl_len: 852,
     orig_len: 852 },
  ether: 
   { length: 852,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319328,
     incl_len: 931,
     orig_len: 931 },
  ether: 
   { length: 931,
     addr1: '00000c07ac00',
     addr2: '001e7a20dd6d',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319331,
     incl_len: 931,
     orig_len: 931 },
  ether: 
   { length: 931,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319334,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '00000c07ac00',
     addr2: '001e7a20dd6d',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319336,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319413,
     incl_len: 931,
     orig_len: 931 },
  ether: 
   { length: 931,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319416,
     incl_len: 931,
     orig_len: 931 },
  ether: 
   { length: 931,
     addr1: '5c260a08fbf1',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319418,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '001f2781cc00',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 319420,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '5c260a08fbf1',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 321771,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '5c260a08fbf1',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 321774,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 321783,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 321784,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001e7a20dd6d',
     addr2: '001f27833000',
     type: 33024 } }
Unknown ether.type { pcap: 
   { ts_sec: 1326969232,
     ts_usec: 325208,
     incl_len: 64,
     orig_len: 64 },
  ether: 
   { length: 64,
     addr1: '001f27833000',
     addr2: '5c260a08fbf1',
     type: 33024 } }

/data/moloch/viewer/viewer.js:1302
    } else if (packets[0].ip.p === 1) {
                            ^
TypeError: Cannot read property 'p' of undefined
    at /data/moloch/viewer/viewer.js:1302:29
    at /data/moloch/viewer/viewer.js:1127:11
    at _asyncMap (/data/moloch/viewer/node_modules/async/lib/async.js:190:13)
    at async.forEach (/data/moloch/viewer/node_modules/async/lib/async.js:94:25)
    at _asyncMap (/data/moloch/viewer/node_modules/async/lib/async.js:187:17)
    at async.parallel.results (/data/moloch/viewer/node_modules/async/lib/async.js:459:34)
    at /data/moloch/viewer/viewer.js:1123:13
    at _asyncMap (/data/moloch/viewer/node_modules/async/lib/async.js:190:13)
    at async.forEach (/data/moloch/viewer/node_modules/async/lib/async.js:94:25)
    at _asyncMap (/data/moloch/viewer/node_modules/async/lib/async.js:187:17)

Instructions for upgrade?

It would be nice if there was some documentation on how to properly upgrade moloch and retain the existing data.

I know that it is possible to do, but some guidance on the "proper" method would be helpful.

Thanks

Session sort by timestamp down to millisecond

DNS traffic SPI records appear after TCP sessions, in spite of DNS request having been issued prior to the TCP session 3 way handshake.

easy-button install on Ubuntu 12.04.2

So I've tried to install the ./easybutton-singlehost.sh script on a clean 12.04.2 Ubuntu machine and after i've cloned to /data/ and executed:

/data/moloch/easybutton-singlehost.sh

It runs through, compiles and throws no errors. Prompts for the group and users, then after generating the keys, I get this:

Getting Private key
MOLOCH: Starting ElasticSearch
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 8192
coredump(blocks) 0
memory(kbytes) unlimited
locked memory(kbytes) 64
process 7822
nofiles 1024
vmemory(kbytes) unlimited
locks unlimited
MOLOCH: Building database
Couldn't get /_nodes with code 500 at ./db.pl line 50.
MOLOCH: Adding user admin/admin

module.js:340
throw err;
^
Error: Cannot find module 'iniparser'
at Function.Module._resolveFilename (module.js:338:15)
at Function.Module._load (module.js:280:25)
at Module.require (module.js:362:17)
at require (module.js:378:17)
at Object. (/data/moloch/viewer/config.js:27:14)
at Module._compile (module.js:449:26)
at Object.Module._extensions..js (module.js:467:10)
at Module.load (module.js:356:32)
at Function.Module.load (module.js:312:12)
at Module.require (module.js:362:17)
MOLOCH: Starting viewer and capture
MOLOCH: Complete use https://ubuntu:8005 to access. You should also make the run* scripts in /data/moloch/bin run on start up and look at the config files in /data/moloch/etc
nohup: appending output to nohup.out' nohup: appending output tonohup.out'

Doing a ps aux shows nothing related to Moloch running at all.

Any advice would be helpful! Thanks!

UI enhancement - hover search query filter box, and SPI record expand/collapse icon

I'd like the query/filter bar to float at the top of the browser window when scrolling down the SPI record list. This will make refining queries much friendlier than having to fly to the top of the page in order to submit the query.

Additionally, when expanding the payload for a session, make the collapse icon float in the upper left corner so we can make the decision to close a large session without having to scroll back up.

Request To Support All IP Protocol Types

Currently Moloch only supports protocol numbers 6 and 17. Please updated it to support capturing and storing all protocol types. Also please create human names to query for with common protocol types. Currently you can query for:

tcp (6)
udp (17)

Please add support for

icmp (1)

Other human names for the protocols are listed on IANA's site in the keyword column:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.txt

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.