diff --git a/tests/bug-1158/test.yaml b/tests/bug-1158/test.yaml index 04b87a23a..5da1f2444 100644 --- a/tests/bug-1158/test.yaml +++ b/tests/bug-1158/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7 + min-version: 8 args: - -k none @@ -11,10 +11,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 49711 - dns.rrname: AAAAAO1kQA.=auth.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: AAAAAO1kQA.=auth.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 1 proto: UDP @@ -45,10 +45,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: AAAAAO1kQA.=auth.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: AAAAAO1kQA.=auth.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 2 proto: UDP @@ -60,10 +60,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 45160 - dns.rrname: hvOBgAABAEI5ODFGMjk4MEMyRTFFOEZDREI1MEZGRTA2OEIxQzMwODcyQTlBQjc.=auth.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvOBgAABAEI5ODFGMjk4MEMyRTFFOEZDREI1MEZGRTA2OEIxQzMwODcyQTlBQjc.=auth.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 2 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 3 proto: UDP @@ -94,10 +94,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvOBgAABAEI5ODFGMjk4MEMyRTFFOEZDREI1MEZGRTA2OEIxQzMwODcyQTlBQjc.=auth.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvOBgAABAEI5ODFGMjk4MEMyRTFFOEZDREI1MEZGRTA2OEIxQzMwODcyQTlBQjc.=auth.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 4 proto: UDP @@ -109,10 +109,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 45946 - dns.rrname: hvP1kF5BAHNzaA.=connect.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvP1kF5BAHNzaA.=connect.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 4 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 5 proto: UDP @@ -143,10 +143,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvP1kF5BAHNzaA.=connect.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvP1kF5BAHNzaA.=connect.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 6 proto: UDP @@ -158,10 +158,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 20792 - dns.rrname: hvMAAAABBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAABBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 6 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 7 proto: UDP @@ -197,10 +197,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAABBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAABBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 8 proto: UDP @@ -212,10 +212,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 6169 - dns.rrname: hvMAAQACBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAQACBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 8 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 9 proto: UDP @@ -227,10 +227,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 3701 - dns.rrname: hvMAAAADCFNTSC0yLjAtT3BlblNTSF82LjBwMSBEZWJpYW4tNA0K.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAADCFNTSC0yLjAtT3BlblNTSF82LjBwMSBEZWJpYW4tNA0K.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 9 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 10 proto: UDP @@ -242,10 +242,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 61227 - dns.rrname: hvMAAAAEBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAEBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 10 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 11 proto: UDP @@ -257,10 +257,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 25286 - dns.rrname: hvMAAAAFCAAABPQIFCP3jBGyCsqKjf9o1jmtOwgAAAC3ZWNkaC1zaGEyLW5pc3R.wMjU2LGVjZGgtc2hhMi1uaXN0cDM4NCxlY2RoLXNoYTItbmlzdHA1MjEsZGlmZm.llLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMjU2LGRpZmZp.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAFCAAABPQIFCP3jBGyCsqKjf9o1jmtOwgAAAC3ZWNkaC1zaGEyLW5pc3R.wMjU2LGVjZGgtc2hhMi1uaXN0cDM4NCxlY2RoLXNoYTItbmlzdHA1MjEsZGlmZm.llLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMjU2LGRpZmZp.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 11 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 12 proto: UDP @@ -272,10 +272,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 16087 - dns.rrname: hvMAAAAGBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAGBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 12 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 13 proto: UDP @@ -287,10 +287,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 35836 - dns.rrname: hvMAAAAHCGUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGExLGRpZmZpZS1oZWx.sbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQAAAT.pzc2gtcnNhLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2Et.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAHCGUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGExLGRpZmZpZS1oZWx.sbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQAAAT.pzc2gtcnNhLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2Et.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 13 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 14 proto: UDP @@ -302,10 +302,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 40074 - dns.rrname: hvMAAAAIBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAIBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 14 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 15 proto: UDP @@ -317,10 +317,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 12387 - dns.rrname: hvMAAAAJCGNlcnQtdjAwQG9wZW5zc2guY29tLHNzaC1yc2EsZWNkc2Etc2hhMi1.uaXN0cDI1Ni1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxlY2RzYS1zaGEyLW5pc3RwMz.g0LWNlcnQtdjAxQG9wZW5zc2guY29tLGVjZHNhLXNoYTItbmlz.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAJCGNlcnQtdjAwQG9wZW5zc2guY29tLHNzaC1yc2EsZWNkc2Etc2hhMi1.uaXN0cDI1Ni1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxlY2RzYS1zaGEyLW5pc3RwMz.g0LWNlcnQtdjAxQG9wZW5zc2guY29tLGVjZHNhLXNoYTItbmlz.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 15 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 16 proto: UDP @@ -332,10 +332,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 38415 - dns.rrname: hvMAAAAKBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAKBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 16 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 17 proto: UDP @@ -347,10 +347,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 25222 - dns.rrname: hvMAAAALCHRwNTIxLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1kc3MtY2VydC1.2MDFAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxlY2.RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQs.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAALCHRwNTIxLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1kc3MtY2VydC1.2MDFAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxlY2.RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQs.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 17 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 18 proto: UDP @@ -362,10 +362,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 20916 - dns.rrname: hvMAAAAMBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAMBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 18 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 19 proto: UDP @@ -377,10 +377,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 17352 - dns.rrname: hvMAAAANCGVjZHNhLXNoYTItbmlzdHA1MjEsc3NoLWRzcwAAAJ1hZXMxMjgtY3R.yLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYW.VzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEy.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAANCGVjZHNhLXNoYTItbmlzdHA1MjEsc3NoLWRzcwAAAJ1hZXMxMjgtY3R.yLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYW.VzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEy.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 19 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 20 proto: UDP @@ -392,10 +392,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 9521 - dns.rrname: hvMAAAAOBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAOBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 20 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 21 proto: UDP @@ -407,10 +407,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 36146 - dns.rrname: hvMAAAAPCDgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5.kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdH.IsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVz.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAPCDgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5.kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdH.IsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVz.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 21 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 22 proto: UDP @@ -422,10 +422,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 30696 - dns.rrname: hvMAAAAQBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAQBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 22 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 23 proto: UDP @@ -437,10 +437,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 18507 - dns.rrname: hvMAAAARCDEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2J.jLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseX.NhdG9yLmxpdS5zZQAAAKdobWFjLW1kNSxobWFjLXNoYTEsdW1h.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAARCDEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2J.jLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseX.NhdG9yLmxpdS5zZQAAAKdobWFjLW1kNSxobWFjLXNoYTEsdW1h.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 23 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 24 proto: UDP @@ -452,10 +452,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 3486 - dns.rrname: hvMAAAASCGMtNjRAb3BlbnNzaC5jb20saG1hYy1zaGEyLTI1NixobWFjLXNoYTI.tMjU2LTk2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGEyLTUxMi05NixobWFjLXJpcG.VtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFj.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAASCGMtNjRAb3BlbnNzaC5jb20saG1hYy1zaGEyLTI1NixobWFjLXNoYTI.tMjU2LTk2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGEyLTUxMi05NixobWFjLXJpcG.VtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFj.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 24 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 25 proto: UDP @@ -467,10 +467,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 65517 - dns.rrname: hvMAAAATCC1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAp2htYWMtbWQ1LGhtYWMtc2h.hMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtc2hhMi0yNTYsaG1hYy1zaGEyLT.I1Ni05NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMi01MTItOTYs.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAATCC1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAp2htYWMtbWQ1LGhtYWMtc2h.hMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtc2hhMi0yNTYsaG1hYy1zaGEyLT.I1Ni05NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMi01MTItOTYs.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 25 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 26 proto: UDP @@ -482,10 +482,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 23977 - dns.rrname: hvMAAAAUCGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29.tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAABpub25lLHpsaWJAb3BlbnNzaC.5jb20semxpYgAAABpub25lLHpsaWJAb3BlbnNzaC5jb20semxp.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAUCGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29.tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAABpub25lLHpsaWJAb3BlbnNzaC.5jb20semxpYgAAABpub25lLHpsaWJAb3BlbnNzaC5jb20semxp.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 26 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 27 proto: UDP @@ -497,10 +497,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 31995 - dns.rrname: hvMAAAAVCGIAAAAAAAAAAAAAAAAAAAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAAAVCGIAAAAAAAAAAAAAAAAAAAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 27 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 28 proto: UDP @@ -561,10 +561,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAQACBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAQACBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 29 proto: UDP @@ -620,10 +620,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAADCFNTSC0yLjAtT3BlblNTSF82LjBwMSBEZWJpYW4tNA0K.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAADCFNTSC0yLjAtT3BlblNTSF82LjBwMSBEZWJpYW4tNA0K.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 30 proto: UDP @@ -679,10 +679,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAEBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAEBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 31 proto: UDP @@ -694,10 +694,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 4289 - dns.rrname: hvMAAgAWBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAgAWBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 31 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 32 proto: UDP @@ -709,10 +709,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 53836 - dns.rrname: hvMAAwAXCAAAABQGIgAABAAAAAQAAAAgAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAAwAXCAAAABQGIgAABAAAAAQAAAAgAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 32 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 33 proto: UDP @@ -724,10 +724,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 44271 - dns.rrname: hvMABAAYBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMABAAYBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 33 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 34 proto: UDP @@ -758,10 +758,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAFCAAABPQIFCP3jBGyCsqKjf9o1jmtOwgAAAC3ZWNkaC1zaGEyLW5pc3R.wMjU2LGVjZGgtc2hhMi1uaXN0cDM4NCxlY2RoLXNoYTItbmlzdHA1MjEsZGlmZm.llLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMjU2LGRpZmZp.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAFCAAABPQIFCP3jBGyCsqKjf9o1jmtOwgAAAC3ZWNkaC1zaGEyLW5pc3R.wMjU2LGVjZGgtc2hhMi1uaXN0cDM4NCxlY2RoLXNoYTItbmlzdHA1MjEsZGlmZm.llLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMjU2LGRpZmZp.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 35 proto: UDP @@ -792,10 +792,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAGBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAGBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 36 proto: UDP @@ -826,10 +826,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAHCGUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGExLGRpZmZpZS1oZWx.sbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQAAAT.pzc2gtcnNhLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2Et.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAHCGUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGExLGRpZmZpZS1oZWx.sbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQAAAT.pzc2gtcnNhLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2Et.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 37 proto: UDP @@ -860,10 +860,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAIBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAIBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 38 proto: UDP @@ -894,10 +894,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAJCGNlcnQtdjAwQG9wZW5zc2guY29tLHNzaC1yc2EsZWNkc2Etc2hhMi1.uaXN0cDI1Ni1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxlY2RzYS1zaGEyLW5pc3RwMz.g0LWNlcnQtdjAxQG9wZW5zc2guY29tLGVjZHNhLXNoYTItbmlz.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAJCGNlcnQtdjAwQG9wZW5zc2guY29tLHNzaC1yc2EsZWNkc2Etc2hhMi1.uaXN0cDI1Ni1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxlY2RzYS1zaGEyLW5pc3RwMz.g0LWNlcnQtdjAxQG9wZW5zc2guY29tLGVjZHNhLXNoYTItbmlz.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 39 proto: UDP @@ -909,10 +909,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 3462 - dns.rrname: hvMABQAZBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMABQAZBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 39 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 40 proto: UDP @@ -943,10 +943,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAKBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAKBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 41 proto: UDP @@ -977,10 +977,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAALCHRwNTIxLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1kc3MtY2VydC1.2MDFAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxlY2.RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQs.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAALCHRwNTIxLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1kc3MtY2VydC1.2MDFAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxlY2.RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQs.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 42 proto: UDP @@ -992,10 +992,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 52985 - dns.rrname: hvMABgAaBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMABgAaBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 42 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 43 proto: UDP @@ -1026,10 +1026,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAANCGVjZHNhLXNoYTItbmlzdHA1MjEsc3NoLWRzcwAAAJ1hZXMxMjgtY3R.yLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYW.VzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEy.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAANCGVjZHNhLXNoYTItbmlzdHA1MjEsc3NoLWRzcwAAAJ1hZXMxMjgtY3R.yLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYW.VzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEy.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 44 proto: UDP @@ -1060,10 +1060,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAMBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAMBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 45 proto: UDP @@ -1075,10 +1075,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 12894 - dns.rrname: hvMABwAbBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMABwAbBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 45 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 46 proto: UDP @@ -1124,10 +1124,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAOBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAOBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 47 proto: UDP @@ -1139,10 +1139,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 50286 - dns.rrname: hvMACAAcBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMACAAcBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 47 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 48 proto: UDP @@ -1154,10 +1154,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 62058 - dns.rrname: hvMACQAdCAAAAIwGIAAAAIAx3itE7XsxfNFkKSwpm/QL2R+3hW5GnOrZviY9/TR.O7d2QlxOeCwmGsxERu0+5DKpF6kwJroS1n8v8wLvqu3jSeOjVnYb7Fo3jRoLT3z.mxMiqSuKTuBNWXb5QoROHUYVRZIqMC+OtncdVw0LG0/FO/Kq8n.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMACQAdCAAAAIwGIAAAAIAx3itE7XsxfNFkKSwpm/QL2R+3hW5GnOrZviY9/TR.O7d2QlxOeCwmGsxERu0+5DKpF6kwJroS1n8v8wLvqu3jSeOjVnYb7Fo3jRoLT3z.mxMiqSuKTuBNWXb5QoROHUYVRZIqMC+OtncdVw0LG0/FO/Kq8n.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 48 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 49 proto: UDP @@ -1169,10 +1169,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 3337 - dns.rrname: hvMACgAeBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMACgAeBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 49 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 50 proto: UDP @@ -1184,10 +1184,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 12496 - dns.rrname: hvMACwAfCJpX6DB9O+5TQ+oIfbIAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMACwAfCJpX6DB9O+5TQ+oIfbIAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 50 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 51 proto: UDP @@ -1233,10 +1233,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAPCDgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5.kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdH.IsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVz.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAPCDgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5.kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdH.IsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVz.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 52 proto: UDP @@ -1297,10 +1297,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAQBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAQBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 53 proto: UDP @@ -1346,10 +1346,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAARCDEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2J.jLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseX.NhdG9yLmxpdS5zZQAAAKdobWFjLW1kNSxobWFjLXNoYTEsdW1h.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAARCDEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2J.jLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseX.NhdG9yLmxpdS5zZQAAAKdobWFjLW1kNSxobWFjLXNoYTEsdW1h.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 54 proto: UDP @@ -1390,10 +1390,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAASCGMtNjRAb3BlbnNzaC5jb20saG1hYy1zaGEyLTI1NixobWFjLXNoYTI.tMjU2LTk2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGEyLTUxMi05NixobWFjLXJpcG.VtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFj.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAASCGMtNjRAb3BlbnNzaC5jb20saG1hYy1zaGEyLTI1NixobWFjLXNoYTI.tMjU2LTk2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGEyLTUxMi05NixobWFjLXJpcG.VtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFj.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 55 proto: UDP @@ -1405,10 +1405,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 24710 - dns.rrname: hvMADAAgBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMADAAgBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 55 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 56 proto: UDP @@ -1420,10 +1420,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 14096 - dns.rrname: hvMADQAhCAAAAAwKFQAAAAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMADQAhCAAAAAwKFQAAAAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 56 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 57 proto: UDP @@ -1435,10 +1435,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 6981 - dns.rrname: hvMADgAiCA9HZU8tQch3tlBA02t6sZzFinsHVFjV9fsbIgJzGV6aC9IX8jmSF82.xjb4dW8dzrA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMADgAiCA9HZU8tQch3tlBA02t6sZzFinsHVFjV9fsbIgJzGV6aC9IX8jmSF82.xjb4dW8dzrA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 57 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 58 proto: UDP @@ -1474,10 +1474,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAATCC1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAp2htYWMtbWQ1LGhtYWMtc2h.hMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtc2hhMi0yNTYsaG1hYy1zaGEyLT.I1Ni05NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMi01MTItOTYs.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAATCC1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAp2htYWMtbWQ1LGhtYWMtc2h.hMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtc2hhMi0yNTYsaG1hYy1zaGEyLT.I1Ni05NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMi01MTItOTYs.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 59 proto: UDP @@ -1489,10 +1489,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 613 - dns.rrname: hvMADwAjCDvIMWnWlrLs3njbinEmXNQVYiJ1Hf0sRyNE7D/1NF1b8clSdB/dmtu.UbGQcz7UrbBHNGJWtlVUBLpj6DTggRC0.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMADwAjCDvIMWnWlrLs3njbinEmXNQVYiJ1Hf0sRyNE7D/1NF1b8clSdB/dmtu.UbGQcz7UrbBHNGJWtlVUBLpj6DTggRC0.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 59 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 60 proto: UDP @@ -1528,10 +1528,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAUCGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29.tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAABpub25lLHpsaWJAb3BlbnNzaC.5jb20semxpYgAAABpub25lLHpsaWJAb3BlbnNzaC5jb20semxp.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAUCGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29.tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAABpub25lLHpsaWJAb3BlbnNzaC.5jb20semxpYgAAABpub25lLHpsaWJAb3BlbnNzaC5jb20semxp.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 61 proto: UDP @@ -1562,10 +1562,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAAAVCGIAAAAAAAAAAAAAAAAAAAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAAAVCGIAAAAAAAAAAAAAAAAAAAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 62 proto: UDP @@ -1596,10 +1596,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAwAXCAAAABQGIgAABAAAAAQAAAAgAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAwAXCAAAABQGIgAABAAAAAQAAAAgAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 63 proto: UDP @@ -1630,10 +1630,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAAgAWBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAAgAWBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 64 proto: UDP @@ -1664,10 +1664,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMABgAaBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMABgAaBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 65 proto: UDP @@ -1698,10 +1698,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMABwAbBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMABwAbBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 66 proto: UDP @@ -1732,10 +1732,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMABAAYBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMABAAYBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 67 proto: UDP @@ -1766,10 +1766,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMACgAeBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMACgAeBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 68 proto: UDP @@ -1800,10 +1800,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMACwAfCJpX6DB9O+5TQ+oIfbIAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMACwAfCJpX6DB9O+5TQ+oIfbIAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 69 proto: UDP @@ -1834,10 +1834,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMADQAhCAAAAAwKFQAAAAAAAAAAAAA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMADQAhCAAAAAwKFQAAAAAAAAAAAAA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 70 proto: UDP @@ -1868,10 +1868,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMADgAiCA9HZU8tQch3tlBA02t6sZzFinsHVFjV9fsbIgJzGV6aC9IX8jmSF82.xjb4dW8dzrA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMADgAiCA9HZU8tQch3tlBA02t6sZzFinsHVFjV9fsbIgJzGV6aC9IX8jmSF82.xjb4dW8dzrA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 71 proto: UDP @@ -1902,10 +1902,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMADAAgBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMADAAgBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 72 proto: UDP @@ -1936,10 +1936,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMABQAZBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMABQAZBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 73 proto: UDP @@ -1951,10 +1951,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 21974 - dns.rrname: hvMAEAAkBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAEAAkBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 73 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 74 proto: UDP @@ -1985,10 +1985,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMACAAcBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMACAAcBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 75 proto: UDP @@ -2019,10 +2019,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMACQAdCAAAAIwGIAAAAIAx3itE7XsxfNFkKSwpm/QL2R+3hW5GnOrZviY9/TR.O7d2QlxOeCwmGsxERu0+5DKpF6kwJroS1n8v8wLvqu3jSeOjVnYb7Fo3jRoLT3z.mxMiqSuKTuBNWXb5QoROHUYVRZIqMC+OtncdVw0LG0/FO/Kq8n.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMACQAdCAAAAIwGIAAAAIAx3itE7XsxfNFkKSwpm/QL2R+3hW5GnOrZviY9/TR.O7d2QlxOeCwmGsxERu0+5DKpF6kwJroS1n8v8wLvqu3jSeOjVnYb7Fo3jRoLT3z.mxMiqSuKTuBNWXb5QoROHUYVRZIqMC+OtncdVw0LG0/FO/Kq8n.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 76 proto: UDP @@ -2034,10 +2034,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 22814 - dns.rrname: hvMAEQAlBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAEQAlBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 76 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 77 proto: UDP @@ -2068,10 +2068,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMADwAjCDvIMWnWlrLs3njbinEmXNQVYiJ1Hf0sRyNE7D/1NF1b8clSdB/dmtu.UbGQcz7UrbBHNGJWtlVUBLpj6DTggRC0.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMADwAjCDvIMWnWlrLs3njbinEmXNQVYiJ1Hf0sRyNE7D/1NF1b8clSdB/dmtu.UbGQcz7UrbBHNGJWtlVUBLpj6DTggRC0.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 78 proto: UDP @@ -2083,10 +2083,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 34425 - dns.rrname: hvMAEgAmBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAEgAmBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 78 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 79 proto: UDP @@ -2117,10 +2117,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAEAAkBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAEAAkBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 80 proto: UDP @@ -2151,10 +2151,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAEgAmBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAEgAmBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 81 proto: UDP @@ -2185,10 +2185,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAEQAlBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAEQAlBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 82 proto: UDP @@ -2200,10 +2200,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 28769 - dns.rrname: hvMAEwAnBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAEwAnBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 82 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 83 proto: UDP @@ -2234,10 +2234,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAEwAnBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAEwAnBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 85 proto: UDP @@ -2249,10 +2249,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 51221 - dns.rrname: hvMAFAAoBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAFAAoBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 84 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 86 proto: UDP @@ -2264,10 +2264,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 15585 - dns.rrname: hvMAFQApCOmk2dTdJciDeU1HxaGwOxqdUoJGVho6Jcrgg3EXVwhzTkpRmB3Xrlz.lp2FAtTgUIZC5aeEQm7x/NitPsl8n+xyl8BtH2fraIRJb3eGrIteLsXobanq4+P.pJZNPyaIW2oKX3+ZSx3BKNpSkJpD232RvTt1J7dNuhqFQgFcnd.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAFQApCOmk2dTdJciDeU1HxaGwOxqdUoJGVho6Jcrgg3EXVwhzTkpRmB3Xrlz.lp2FAtTgUIZC5aeEQm7x/NitPsl8n+xyl8BtH2fraIRJb3eGrIteLsXobanq4+P.pJZNPyaIW2oKX3+ZSx3BKNpSkJpD232RvTt1J7dNuhqFQgFcnd.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 85 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 88 proto: UDP @@ -2279,10 +2279,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 61116 - dns.rrname: hvMAFgAqBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAFgAqBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 86 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 89 proto: UDP @@ -2294,10 +2294,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 39265 - dns.rrname: hvMAFwArCMfOP+frB4IA0L7UWQjJpzeyMOo.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAFwArCMfOP+frB4IA0L7UWQjJpzeyMOo.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 87 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 90 proto: UDP @@ -2309,10 +2309,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 21179 - dns.rrname: hvMAGAAsBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAGAAsBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 88 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 91 proto: UDP @@ -2343,10 +2343,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAFAAoBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAFAAoBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 92 proto: UDP @@ -2377,10 +2377,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAFQApCOmk2dTdJciDeU1HxaGwOxqdUoJGVho6Jcrgg3EXVwhzTkpRmB3Xrlz.lp2FAtTgUIZC5aeEQm7x/NitPsl8n+xyl8BtH2fraIRJb3eGrIteLsXobanq4+P.pJZNPyaIW2oKX3+ZSx3BKNpSkJpD232RvTt1J7dNuhqFQgFcnd.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAFQApCOmk2dTdJciDeU1HxaGwOxqdUoJGVho6Jcrgg3EXVwhzTkpRmB3Xrlz.lp2FAtTgUIZC5aeEQm7x/NitPsl8n+xyl8BtH2fraIRJb3eGrIteLsXobanq4+P.pJZNPyaIW2oKX3+ZSx3BKNpSkJpD232RvTt1J7dNuhqFQgFcnd.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 93 proto: UDP @@ -2411,10 +2411,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAFgAqBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAFgAqBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 94 proto: UDP @@ -2445,10 +2445,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAFwArCMfOP+frB4IA0L7UWQjJpzeyMOo.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAFwArCMfOP+frB4IA0L7UWQjJpzeyMOo.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 95 proto: UDP @@ -2479,10 +2479,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAGAAsBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAGAAsBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 96 proto: UDP @@ -2494,10 +2494,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 54669 - dns.rrname: hvMAGQAtBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAGQAtBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 94 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 97 proto: UDP @@ -2528,10 +2528,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAGQAtBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAGQAtBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 98 proto: UDP @@ -2543,10 +2543,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 14161 - dns.rrname: hvMAGgAuBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAGgAuBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 96 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 99 proto: UDP @@ -2558,10 +2558,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 8495 - dns.rrname: hvMAGwAvCIkrV/ReccpWoXylVptppBSwm4rQVj+LUzMpFyro3rmKmtRhPMMj0V1.cj60bkoYzh0QlrH6vAMPPSOm7RzOWJNTchkHY5KGt+pyYHPD9I6/81p1PCZuPXi.XMBHf6s08VExh7KxEtR8jggl/dxizgPmqbsBFw1yAsoWmDeEHj.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAGwAvCIkrV/ReccpWoXylVptppBSwm4rQVj+LUzMpFyro3rmKmtRhPMMj0V1.cj60bkoYzh0QlrH6vAMPPSOm7RzOWJNTchkHY5KGt+pyYHPD9I6/81p1PCZuPXi.XMBHf6s08VExh7KxEtR8jggl/dxizgPmqbsBFw1yAsoWmDeEHj.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 97 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 100 proto: UDP @@ -2573,10 +2573,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 27970 - dns.rrname: hvMAHAAwBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAHAAwBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 98 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 101 proto: UDP @@ -2588,10 +2588,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 5825 - dns.rrname: hvMAHQAxCMctAA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAHQAxCMctAA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 99 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 102 proto: UDP @@ -2603,10 +2603,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 5562 - dns.rrname: hvMAHgAyBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAHgAyBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 100 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 103 proto: UDP @@ -2642,10 +2642,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAGgAuBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAGgAuBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 104 proto: UDP @@ -2657,10 +2657,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 53290 - dns.rrname: hvMAHwAzBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAHwAzBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 102 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 105 proto: UDP @@ -2672,10 +2672,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 37620 - dns.rrname: hvMAIAA0CIUaLlwuNSK5phv3q0D7jN6FjRu9RhxF2jLcd4ePd/Ssv/fMHo1x7lZ.IJnb9FnEAoCBZUQqizMnd8d+FTgkJK7USPgmxOyR63Yy6sNxUuGdIvZ2Kd8OWaG.qrHQleDgvLDVxhdkeZ4jOUkbqywhagjgn+6LosU/HVT0V2Oql1.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAIAA0CIUaLlwuNSK5phv3q0D7jN6FjRu9RhxF2jLcd4ePd/Ssv/fMHo1x7lZ.IJnb9FnEAoCBZUQqizMnd8d+FTgkJK7USPgmxOyR63Yy6sNxUuGdIvZ2Kd8OWaG.qrHQleDgvLDVxhdkeZ4jOUkbqywhagjgn+6LosU/HVT0V2Oql1.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 103 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 106 proto: UDP @@ -2687,10 +2687,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 11415 - dns.rrname: hvMAIQA1BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAIQA1BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 104 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 107 proto: UDP @@ -2702,10 +2702,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 41507 - dns.rrname: hvMAIgA2CCeD1WxPA+m6eHkF1n4qobRCBC/O73OvopuCyJypzQ25p3ZMZeGznpo.Ugpn1L9G8f6H8rrjflBw9YW6C5VxOgiByMyvi1C8xpbuu19dr/b78i9BWGXlzHB.dai5EtV2d2YHxl6AjuP7vZNbkgVL99AScD38jT145YVJuQ2v2j.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAIgA2CCeD1WxPA+m6eHkF1n4qobRCBC/O73OvopuCyJypzQ25p3ZMZeGznpo.Ugpn1L9G8f6H8rrjflBw9YW6C5VxOgiByMyvi1C8xpbuu19dr/b78i9BWGXlzHB.dai5EtV2d2YHxl6AjuP7vZNbkgVL99AScD38jT145YVJuQ2v2j.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 105 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 108 proto: UDP @@ -2717,10 +2717,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 58854 - dns.rrname: hvMAIwA3BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAIwA3BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 106 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 109 proto: UDP @@ -2732,10 +2732,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 30729 - dns.rrname: hvMAJAA4CIA3u9zI4HdwAkw2T+n7SYuJHT590+/Y/WkV2jlx6OOhrYYBrH+fF/x.LeqpHbkkYohzQd/aIDDnUnhr+xtyHzrK4Chm5Q9UJmpATyFkU2wWdLs6S3sTeji.sy9fNH+znOgkge5l3POd3slPeZcbLITaDsTaHWEnrwDLMIQ9lw.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAJAA4CIA3u9zI4HdwAkw2T+n7SYuJHT590+/Y/WkV2jlx6OOhrYYBrH+fF/x.LeqpHbkkYohzQd/aIDDnUnhr+xtyHzrK4Chm5Q9UJmpATyFkU2wWdLs6S3sTeji.sy9fNH+znOgkge5l3POd3slPeZcbLITaDsTaHWEnrwDLMIQ9lw.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 107 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 110 proto: UDP @@ -2747,10 +2747,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 23354 - dns.rrname: hvMAJQA5BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAJQA5BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 108 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 111 proto: UDP @@ -2762,10 +2762,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 13941 - dns.rrname: hvMAJgA6CNgjb+jJ6jrjge2Jq6S6yufEuid5p1tRS8WmR2IHxwpt6vjhkRJFI8o.9XnSTflh5C6a068gKqhfPSR4M2a/Fo0+L4l+m5yIvRoc.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAJgA6CNgjb+jJ6jrjge2Jq6S6yufEuid5p1tRS8WmR2IHxwpt6vjhkRJFI8o.9XnSTflh5C6a068gKqhfPSR4M2a/Fo0+L4l+m5yIvRoc.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 109 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 112 proto: UDP @@ -2777,10 +2777,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 27613 - dns.rrname: hvMAJwA7BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAJwA7BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 110 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 113 proto: UDP @@ -2821,10 +2821,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAGwAvCIkrV/ReccpWoXylVptppBSwm4rQVj+LUzMpFyro3rmKmtRhPMMj0V1.cj60bkoYzh0QlrH6vAMPPSOm7RzOWJNTchkHY5KGt+pyYHPD9I6/81p1PCZuPXi.XMBHf6s08VExh7KxEtR8jggl/dxizgPmqbsBFw1yAsoWmDeEHj.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAGwAvCIkrV/ReccpWoXylVptppBSwm4rQVj+LUzMpFyro3rmKmtRhPMMj0V1.cj60bkoYzh0QlrH6vAMPPSOm7RzOWJNTchkHY5KGt+pyYHPD9I6/81p1PCZuPXi.XMBHf6s08VExh7KxEtR8jggl/dxizgPmqbsBFw1yAsoWmDeEHj.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 114 proto: UDP @@ -2836,10 +2836,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 22948 - dns.rrname: hvMAKAA8BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAKAA8BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 112 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 115 proto: UDP @@ -2900,10 +2900,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAHAAwBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAHAAwBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 116 proto: UDP @@ -2949,10 +2949,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAHQAxCMctAA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAHQAxCMctAA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 117 proto: UDP @@ -2964,10 +2964,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 62607 - dns.rrname: hvMAKQA9BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAKQA9BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 115 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 118 proto: UDP @@ -3003,10 +3003,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAHgAyBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAHgAyBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 119 proto: UDP @@ -3018,10 +3018,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 5125 - dns.rrname: hvMAKgA+BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAKgA+BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 117 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 120 proto: UDP @@ -3052,10 +3052,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAKAA8BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAKAA8BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 122 proto: UDP @@ -3086,10 +3086,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAHwAzBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAHwAzBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 123 proto: UDP @@ -3120,10 +3120,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAIAA0CIUaLlwuNSK5phv3q0D7jN6FjRu9RhxF2jLcd4ePd/Ssv/fMHo1x7lZ.IJnb9FnEAoCBZUQqizMnd8d+FTgkJK7USPgmxOyR63Yy6sNxUuGdIvZ2Kd8OWaG.qrHQleDgvLDVxhdkeZ4jOUkbqywhagjgn+6LosU/HVT0V2Oql1.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAIAA0CIUaLlwuNSK5phv3q0D7jN6FjRu9RhxF2jLcd4ePd/Ssv/fMHo1x7lZ.IJnb9FnEAoCBZUQqizMnd8d+FTgkJK7USPgmxOyR63Yy6sNxUuGdIvZ2Kd8OWaG.qrHQleDgvLDVxhdkeZ4jOUkbqywhagjgn+6LosU/HVT0V2Oql1.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 124 proto: UDP @@ -3154,10 +3154,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAIQA1BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAIQA1BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 125 proto: UDP @@ -3188,10 +3188,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAKQA9BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAKQA9BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 126 proto: UDP @@ -3203,10 +3203,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 64110 - dns.rrname: hvMAKwA/BA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAKwA/BA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 123 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 127 proto: UDP @@ -3237,10 +3237,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAIgA2CCeD1WxPA+m6eHkF1n4qobRCBC/O73OvopuCyJypzQ25p3ZMZeGznpo.Ugpn1L9G8f6H8rrjflBw9YW6C5VxOgiByMyvi1C8xpbuu19dr/b78i9BWGXlzHB.dai5EtV2d2YHxl6AjuP7vZNbkgVL99AScD38jT145YVJuQ2v2j.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAIgA2CCeD1WxPA+m6eHkF1n4qobRCBC/O73OvopuCyJypzQ25p3ZMZeGznpo.Ugpn1L9G8f6H8rrjflBw9YW6C5VxOgiByMyvi1C8xpbuu19dr/b78i9BWGXlzHB.dai5EtV2d2YHxl6AjuP7vZNbkgVL99AScD38jT145YVJuQ2v2j.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 128 proto: UDP @@ -3271,10 +3271,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAIwA3BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAIwA3BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 129 proto: UDP @@ -3305,10 +3305,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAJAA4CIA3u9zI4HdwAkw2T+n7SYuJHT590+/Y/WkV2jlx6OOhrYYBrH+fF/x.LeqpHbkkYohzQd/aIDDnUnhr+xtyHzrK4Chm5Q9UJmpATyFkU2wWdLs6S3sTeji.sy9fNH+znOgkge5l3POd3slPeZcbLITaDsTaHWEnrwDLMIQ9lw.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAJAA4CIA3u9zI4HdwAkw2T+n7SYuJHT590+/Y/WkV2jlx6OOhrYYBrH+fF/x.LeqpHbkkYohzQd/aIDDnUnhr+xtyHzrK4Chm5Q9UJmpATyFkU2wWdLs6S3sTeji.sy9fNH+znOgkge5l3POd3slPeZcbLITaDsTaHWEnrwDLMIQ9lw.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 130 proto: UDP @@ -3339,10 +3339,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAJQA5BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAJQA5BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 131 proto: UDP @@ -3373,10 +3373,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAJgA6CNgjb+jJ6jrjge2Jq6S6yufEuid5p1tRS8WmR2IHxwpt6vjhkRJFI8o.9XnSTflh5C6a068gKqhfPSR4M2a/Fo0+L4l+m5yIvRoc.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAJgA6CNgjb+jJ6jrjge2Jq6S6yufEuid5p1tRS8WmR2IHxwpt6vjhkRJFI8o.9XnSTflh5C6a068gKqhfPSR4M2a/Fo0+L4l+m5yIvRoc.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 132 proto: UDP @@ -3388,10 +3388,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 15010 - dns.rrname: hvMALABABA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMALABABA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 129 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 133 proto: UDP @@ -3422,10 +3422,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAJwA7BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAJwA7BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 134 proto: UDP @@ -3437,10 +3437,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 824 - dns.rrname: hvMALQBBBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMALQBBBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 131 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 135 proto: UDP @@ -3471,10 +3471,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAKwA/BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAKwA/BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 136 proto: UDP @@ -3505,10 +3505,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMALABABA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMALABABA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 137 proto: UDP @@ -3539,10 +3539,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAKgA+BA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAKgA+BA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 138 proto: UDP @@ -3573,10 +3573,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMALQBBBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMALQBBBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 139 proto: UDP @@ -3588,10 +3588,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 30595 - dns.rrname: hvMALgBCBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMALgBCBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 136 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 140 proto: UDP @@ -3622,10 +3622,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMALgBCBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMALgBCBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 141 proto: UDP @@ -3637,10 +3637,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 59164 - dns.rrname: hvMALwBDBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMALwBDBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 138 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 142 proto: UDP @@ -3671,10 +3671,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMALwBDBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMALwBDBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 143 proto: UDP @@ -3686,10 +3686,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 11618 - dns.rrname: hvMAMABEBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAMABEBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 140 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 144 proto: UDP @@ -3720,10 +3720,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAMABEBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAMABEBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 145 proto: UDP @@ -3735,10 +3735,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 8037 - dns.rrname: hvMAMQBFBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAMQBFBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 142 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 146 proto: UDP @@ -3769,10 +3769,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAMQBFBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAMQBFBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 147 proto: UDP @@ -3784,10 +3784,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 3379 - dns.rrname: hvMAMgBGBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAMgBGBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 144 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 148 proto: UDP @@ -3818,10 +3818,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAMgBGBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAMgBGBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 149 proto: UDP @@ -3833,10 +3833,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 40311 - dns.rrname: hvMAMwBHBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAMwBHBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 146 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 150 proto: UDP @@ -3867,10 +3867,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAMwBHBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAMwBHBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 151 proto: UDP @@ -3882,10 +3882,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 8006 - dns.rrname: hvMANABIBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMANABIBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 148 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 152 proto: UDP @@ -3916,10 +3916,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMANABIBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMANABIBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 153 proto: UDP @@ -3931,10 +3931,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 32072 - dns.rrname: hvMANQBJBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMANQBJBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 150 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 154 proto: UDP @@ -3965,10 +3965,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMANQBJBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMANQBJBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 155 proto: UDP @@ -3980,10 +3980,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 14229 - dns.rrname: hvMANgBKBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMANgBKBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 152 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 156 proto: UDP @@ -4014,10 +4014,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMANgBKBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMANgBKBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 157 proto: UDP @@ -4029,10 +4029,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 17107 - dns.rrname: hvMANwBLBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMANwBLBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 154 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 158 proto: UDP @@ -4063,10 +4063,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMANwBLBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMANwBLBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 159 proto: UDP @@ -4078,10 +4078,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 38783 - dns.rrname: hvMAOABMBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAOABMBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 156 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 160 proto: UDP @@ -4112,10 +4112,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAOABMBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAOABMBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 161 proto: UDP @@ -4127,10 +4127,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 64639 - dns.rrname: hvMAOQBNBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAOQBNBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 158 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 162 proto: UDP @@ -4161,10 +4161,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: hvMAOQBNBA.srv.tunnel.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: hvMAOQBNBA.srv.tunnel.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 163 proto: UDP @@ -4176,10 +4176,10 @@ checks: dest_ip: 10.30.28.94 dest_port: 53 dns.id: 41923 - dns.rrname: hvMAOgBOBA.srv.tunnel.com - dns.rrtype: TXT + dns.queries[0].rrname: hvMAOgBOBA.srv.tunnel.com + dns.queries[0].rrtype: TXT dns.tx_id: 160 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 164 proto: UDP diff --git a/tests/bug-856/test.yaml b/tests/bug-856/test.yaml index e77f135c7..11a95afb7 100644 --- a/tests/bug-856/test.yaml +++ b/tests/bug-856/test.yaml @@ -1,7 +1,7 @@ pcap: ../dns-udp-z-flag-fp/suricatafpdnsdecoder.pcap requires: - min-version: 6 + min-version: 8 args: - -k none @@ -13,10 +13,10 @@ checks: dest_ip: 192.168.42.129 dest_port: 53 dns.id: 59165 - dns.rrname: static.programme-tv.net - dns.rrtype: A + dns.queries[0].rrname: static.programme-tv.net + dns.queries[0].rrtype: A dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 1 proto: UDP @@ -28,10 +28,10 @@ checks: dest_ip: 192.168.42.129 dest_port: 53 dns.id: 25783 - dns.rrname: static.programme-tv.net - dns.rrtype: AAAA + dns.queries[0].rrname: static.programme-tv.net + dns.queries[0].rrtype: AAAA dns.tx_id: 1 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 2 proto: UDP @@ -68,10 +68,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: static.programme-tv.net - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: static.programme-tv.net + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 3 proto: UDP @@ -108,10 +108,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: static.programme-tv.net - dns.rrtype: AAAA - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: static.programme-tv.net + dns.queries[0].rrtype: AAAA + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 4 proto: UDP diff --git a/tests/bug-990/test.yaml b/tests/bug-990/test.yaml index 4499ae802..4b61a4295 100644 --- a/tests/bug-990/test.yaml +++ b/tests/bug-990/test.yaml @@ -1,3 +1,6 @@ +requires: + min-version: 8 + args: - -k none @@ -12,10 +15,10 @@ checks: dest_ip: 192.38.129.234 dest_port: 53 dns.id: 28390 - dns.rrname: code.msdn.microsoft.com - dns.rrtype: A + dns.queries[0].rrname: code.msdn.microsoft.com + dns.queries[0].rrtype: A dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 1 proto: UDP diff --git a/tests/decode-teredo-01/test.yaml b/tests/decode-teredo-01/test.yaml index fa107662a..85014e83a 100644 --- a/tests/decode-teredo-01/test.yaml +++ b/tests/decode-teredo-01/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7 + min-version: 8 args: - -k none @@ -11,10 +11,10 @@ checks: dest_ip: 192.168.2.1 dest_port: 53 dns.id: 16995 - dns.rrname: ipv6.google.com - dns.rrtype: AAAA + dns.queries[0].rrname: ipv6.google.com + dns.queries[0].rrtype: AAAA dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 21 proto: UDP @@ -69,10 +69,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: ipv6.google.com - dns.rrtype: AAAA - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: ipv6.google.com + dns.queries[0].rrtype: AAAA + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 22 proto: UDP @@ -84,10 +84,10 @@ checks: dest_ip: 192.168.2.1 dest_port: 53 dns.id: 19995 - dns.rrname: ipv6.google.com - dns.rrtype: A + dns.queries[0].rrname: ipv6.google.com + dns.queries[0].rrtype: A dns.tx_id: 2 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 23 proto: UDP @@ -141,10 +141,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: ipv6.google.com - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: ipv6.google.com + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 24 proto: UDP @@ -156,10 +156,10 @@ checks: dest_ip: 192.168.2.1 dest_port: 53 dns.id: 38477 - dns.rrname: www.wireshark.org - dns.rrtype: AAAA + dns.queries[0].rrname: www.wireshark.org + dns.queries[0].rrtype: AAAA dns.tx_id: 4 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 58 proto: UDP @@ -177,10 +177,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: www.wireshark.org - dns.rrtype: AAAA - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: www.wireshark.org + dns.queries[0].rrtype: AAAA + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 59 proto: UDP @@ -211,10 +211,10 @@ checks: dest_ip: 192.168.2.1 dest_port: 53 dns.id: 26746 - dns.rrname: www.wireshark.org.gateway.2wire.net - dns.rrtype: AAAA + dns.queries[0].rrname: www.wireshark.org.gateway.2wire.net + dns.queries[0].rrtype: AAAA dns.tx_id: 6 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 60 proto: UDP @@ -231,10 +231,10 @@ checks: dns.qr: true dns.rcode: REFUSED dns.rd: true - dns.rrname: www.wireshark.org.gateway.2wire.net - dns.rrtype: AAAA - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: www.wireshark.org.gateway.2wire.net + dns.queries[0].rrtype: AAAA + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 61 proto: UDP @@ -246,10 +246,10 @@ checks: dest_ip: 192.168.2.1 dest_port: 53 dns.id: 34278 - dns.rrname: www.wireshark.org - dns.rrtype: A + dns.queries[0].rrname: www.wireshark.org + dns.queries[0].rrtype: A dns.tx_id: 8 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 62 proto: UDP @@ -272,10 +272,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: www.wireshark.org - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: www.wireshark.org + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 63 proto: UDP diff --git a/tests/dns-eve-log-https-only/test.yaml b/tests/dns-eve-log-https-only/test.yaml index 43aaf832e..4617f0f79 100644 --- a/tests/dns-eve-log-https-only/test.yaml +++ b/tests/dns-eve-log-https-only/test.yaml @@ -1,7 +1,10 @@ +requires: + min-version: 8 + checks: # Check that we only have requests and responses for HTTPS records. - filter: count: 1 match: event_type: "dns" - dns.rrtype: "HTTPS" + dns.queries[0].rrtype: "HTTPS" diff --git a/tests/dns-eve-type-filtering/test.yaml b/tests/dns-eve-type-filtering/test.yaml index 24dc33066..946b13038 100644 --- a/tests/dns-eve-type-filtering/test.yaml +++ b/tests/dns-eve-type-filtering/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 4.1 + min-version: 8 checks: @@ -15,12 +15,23 @@ checks: count: 4 match: event_type: "dns" + + # 2 should be DNS requests - filter: filename: only-a.json - count: 4 + count: 2 + match: + event_type: "dns" + dns.type: request + dns.queries[0].rrtype: "A" + + # 2 should be DNS responses + - filter: + filename: only-a.json + count: 2 match: event_type: "dns" - dns.rrtype: "A" + dns.answers[1].rrtype: "A" # Also check that the source and destination addresses and ports are # as expected. @@ -33,7 +44,7 @@ checks: src_port: 54888 dest_ip: "8.8.8.8" dest_port: 53 - dns.type: "query" + dns.type: "request" - filter: filename: only-a.json count: 1 @@ -43,7 +54,7 @@ checks: src_port: 54888 dest_ip: "8.8.8.8" dest_port: 53 - dns.type: "answer" + dns.type: "response" # Check that we only have A and AAAA requests. - filter: @@ -56,19 +67,19 @@ checks: count: 2 match: event_type: "dns" - dns.rrtype: "A" + dns.queries[0].rrtype: "A" - filter: filename: a-and-aaaa-requests-only.json count: 2 match: event_type: "dns" - dns.rrtype: "AAAA" + dns.queries[0].rrtype: "AAAA" - filter: filename: a-and-aaaa-requests-only.json count: 4 match: event_type: "dns" - dns.type: "query" + dns.type: "request" # Check that we only have 3 log entries, and that they are all MX # responses. @@ -82,10 +93,10 @@ checks: count: 3 match: event_type: "dns" - dns.type: "answer" + dns.type: "response" - filter: filename: mx-responses-only.json count: 3 match: event_type: "dns" - dns.rrtype: "MX" + dns.queries[0].rrtype: "MX" diff --git a/tests/dns-eve/test.yaml b/tests/dns-eve/test.yaml index ef6d02622..d969acbae 100644 --- a/tests/dns-eve/test.yaml +++ b/tests/dns-eve/test.yaml @@ -1,13 +1,12 @@ requires: - features: - - HAVE_LIBJANSSON + min-version: 8 checks: - filter: count: 4 match: - dns.type: query + dns.type: request - filter: count: 4 match: - dns.type: answer + dns.type: response diff --git a/tests/dns-incomplete/test.yaml b/tests/dns-incomplete/test.yaml index 85a743807..2c3fb679a 100644 --- a/tests/dns-incomplete/test.yaml +++ b/tests/dns-incomplete/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 6.0 + min-version: 8 # disables checksum verification args: @@ -10,8 +10,8 @@ checks: count: 1 match: event_type: dns - dns.rrname: google.com - dns.type: query + dns.queries[0].rrname: google.com + dns.type: request - filter: count: 1 match: diff --git a/tests/dns-json-log/test.yaml b/tests/dns-json-log/test.yaml index bfafe7446..356210c9b 100644 --- a/tests/dns-json-log/test.yaml +++ b/tests/dns-json-log/test.yaml @@ -22,4 +22,4 @@ checks: filename: dns.json match: event_type: dns - dns.type: answer + dns.type: response diff --git a/tests/dns-reversed-tcp-1/test.yaml b/tests/dns-reversed-tcp-1/test.yaml index 025ebfcc0..abe2c0e9f 100644 --- a/tests/dns-reversed-tcp-1/test.yaml +++ b/tests/dns-reversed-tcp-1/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 5.0.0 + min-version: 8 args: - --set stream.midstream=true @@ -15,12 +15,12 @@ checks: count: 1 match: event_type: dns - dns.type: answer + dns.type: response - filter: count: 1 match: event_type: dns - dns.type: answer + dns.type: response src_ip: "10.16.1.11" dest_ip: "8.8.4.4" diff --git a/tests/dns-reversed-udp-1/test.yaml b/tests/dns-reversed-udp-1/test.yaml index 70875fa51..123d942df 100644 --- a/tests/dns-reversed-udp-1/test.yaml +++ b/tests/dns-reversed-udp-1/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 5.0.0 + min-version: 8 args: - --set stream.midstream=true @@ -18,7 +18,7 @@ checks: count: 1 match: event_type: dns - dns.type: answer + dns.type: response dns.answers[0].rrtype: CNAME dns.answers[1].rrtype: A dns.answers[2].rrtype: A @@ -27,6 +27,6 @@ checks: count: 1 match: event_type: dns - dns.type: answer + dns.type: response src_ip: "10.16.1.11" dest_ip: "10.16.1.1" diff --git a/tests/dns-single-request/test.yaml b/tests/dns-single-request/test.yaml index a3a2cde7f..8a39d6163 100644 --- a/tests/dns-single-request/test.yaml +++ b/tests/dns-single-request/test.yaml @@ -1,15 +1,14 @@ -pcap: ../dns-single-request-v1/input.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-single-request-v1/input.pcap checks: - filter: count: 1 match: - dns.type: query + dns.type: request - filter: count: 1 match: - dns.type: answer + dns.type: response diff --git a/tests/dns-tcp-multirequest-buffer/test.yaml b/tests/dns-tcp-multirequest-buffer/test.yaml index 9bdb3c8b4..2e08d628a 100644 --- a/tests/dns-tcp-multirequest-buffer/test.yaml +++ b/tests/dns-tcp-multirequest-buffer/test.yaml @@ -1,13 +1,12 @@ requires: - features: - - HAVE_LIBJANSSON + min-version: 8 checks: - filter: count: 20 match: - dns.type: query + dns.type: request - filter: count: 20 match: - dns.type: answer + dns.type: response diff --git a/tests/dns-tcp-ts-gap/test.yaml b/tests/dns-tcp-ts-gap/test.yaml index 2a8791658..f7bb04c6a 100644 --- a/tests/dns-tcp-ts-gap/test.yaml +++ b/tests/dns-tcp-ts-gap/test.yaml @@ -1,18 +1,15 @@ requires: - # App-layer gap handling didn't happen until v4. - min-version: 4.0.0 - features: - - HAVE_LIBJANSSON + min-version: 8 checks: - filter: count: 2 match: event_type: dns - dns.type: query + dns.type: request - filter: count: 3 match: event_type: dns - dns.type: answer + dns.type: response dns.answers.__len: 12 diff --git a/tests/dns-tcp-www-google-com/test.yaml b/tests/dns-tcp-www-google-com/test.yaml index 9dbe5d5bd..39d820df6 100644 --- a/tests/dns-tcp-www-google-com/test.yaml +++ b/tests/dns-tcp-www-google-com/test.yaml @@ -1,8 +1,7 @@ -pcap: ../dns-tcp-www-google-com-v1/dns.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-tcp-www-google-com-v1/dns.pcap checks: - filter: @@ -11,11 +10,11 @@ checks: src_ip: "10.16.1.11" dest_ip: "8.8.4.4" event_type: dns - dns.type: query + dns.type: request - filter: count: 1 match: src_ip: "10.16.1.11" dest_ip: "8.8.4.4" event_type: dns - dns.type: answer + dns.type: response diff --git a/tests/dns-udp-double-request-response/test.yaml b/tests/dns-udp-double-request-response/test.yaml index 5df0f6337..81e3e61d2 100644 --- a/tests/dns-udp-double-request-response/test.yaml +++ b/tests/dns-udp-double-request-response/test.yaml @@ -1,17 +1,16 @@ -pcap: ../dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-udp-double-request-response-v1/dns-udp-double-request-response.pcap checks: - filter: count: 2 match: event_type: dns - dns.type: query + dns.type: request - filter: count: 2 match: event_type: dns - dns.type: answer + dns.type: response diff --git a/tests/dns-udp-eve-log-aaaa-only/test.yaml b/tests/dns-udp-eve-log-aaaa-only/test.yaml index c20ca3273..84bbb95b5 100644 --- a/tests/dns-udp-eve-log-aaaa-only/test.yaml +++ b/tests/dns-udp-eve-log-aaaa-only/test.yaml @@ -1,21 +1,20 @@ -pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap checks: - filter: count: 1 match: - dns.type: query - dns.rrtype: AAAA + dns.type: request + dns.queries[0].rrtype: AAAA - filter: count: 1 match: - dns.type: answer + dns.type: response dns.answers[0].rrtype: AAAA - filter: count: 0 match: - dns.rrtype: A + dns.queries[0].rrtype: A diff --git a/tests/dns-udp-eve-log-answer-only/test.yaml b/tests/dns-udp-eve-log-answer-only/test.yaml index f2cab03aa..f588c9346 100644 --- a/tests/dns-udp-eve-log-answer-only/test.yaml +++ b/tests/dns-udp-eve-log-answer-only/test.yaml @@ -1,16 +1,15 @@ -pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap checks: - filter: count: 0 match: - dns.type: query + dns.type: request - filter: count: 3 match: - dns.type: answer + dns.type: response diff --git a/tests/dns-udp-eve-log-mx-only/test.yaml b/tests/dns-udp-eve-log-mx-only/test.yaml index 59f7ddb6d..95de024cd 100644 --- a/tests/dns-udp-eve-log-mx-only/test.yaml +++ b/tests/dns-udp-eve-log-mx-only/test.yaml @@ -1,25 +1,24 @@ -pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap checks: - filter: count: 1 match: - dns.type: query - dns.rrtype: "MX" + dns.type: request + dns.queries[0].rrtype: "MX" - filter: count: 1 match: - dns.type: query + dns.type: request - filter: count: 1 match: - dns.type: answer + dns.type: response dns.answers[0].rrtype: "MX" - filter: count: 1 match: - dns.type: answer + dns.type: response diff --git a/tests/dns-udp-eve-log-query-only/test.yaml b/tests/dns-udp-eve-log-query-only/test.yaml index 7d00d3610..9ba0c09e9 100644 --- a/tests/dns-udp-eve-log-query-only/test.yaml +++ b/tests/dns-udp-eve-log-query-only/test.yaml @@ -1,14 +1,13 @@ -pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap - requires: - features: - - HAVE_LIBJANSSON + min-version: 8 + +pcap: ../dns-udp-eve-log-query-only-v1/dns-udp-google.com-a-aaaa-mx.pcap checks: - filter: count: 3 match: - dns.type: query + dns.type: request - filter: count: 3 match: diff --git a/tests/dns-udp-eve-log-srv/test.yaml b/tests/dns-udp-eve-log-srv/test.yaml index a1791329a..3b9a0ca69 100644 --- a/tests/dns-udp-eve-log-srv/test.yaml +++ b/tests/dns-udp-eve-log-srv/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7 + min-version: 8 args: - -k none @@ -10,17 +10,17 @@ checks: count: 1 match: event_type: dns - dns.type: query - dns.rrname: _sip._udp.sip.voice.google.com - dns.rrtype: SRV + dns.type: request + dns.queries[0].rrname: _sip._udp.sip.voice.google.com + dns.queries[0].rrtype: SRV - filter: count: 1 match: event_type: dns - dns.type: answer - dns.rrname: _sip._udp.sip.voice.google.com - dns.rrtype: SRV + dns.type: response + dns.queries[0].rrname: _sip._udp.sip.voice.google.com + dns.queries[0].rrtype: SRV dns.rcode: NOERROR dns.answers[0].srv.priority: 20 dns.answers[0].srv.weight: 1 diff --git a/tests/dns-udp-eve-v2-dig/test.yaml b/tests/dns-udp-eve-v2-dig/test.yaml index 5f6dc7213..60a6c5745 100644 --- a/tests/dns-udp-eve-v2-dig/test.yaml +++ b/tests/dns-udp-eve-v2-dig/test.yaml @@ -1,3 +1,6 @@ +requires: + min-version: 8 + pcap: ../cond-log-dns-dig/input.pcap checks: @@ -11,10 +14,9 @@ checks: dest_ip: 10.16.1.1 dest_port: 53 dns.id: 36146 - dns.rrname: www.suricata-ids.org - dns.rrtype: A - dns.tx_id: 0 - dns.type: query + dns.queries[0].rrname: www.suricata-ids.org + dns.queries[0].rrtype: A + dns.type: request event_type: dns pcap_cnt: 1 proto: UDP @@ -46,10 +48,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: www.suricata-ids.org - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: www.suricata-ids.org + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 2 proto: UDP diff --git a/tests/dns-udp-eve-v2-txt/test.yaml b/tests/dns-udp-eve-v2-txt/test.yaml index 5f7461fc7..24e825148 100644 --- a/tests/dns-udp-eve-v2-txt/test.yaml +++ b/tests/dns-udp-eve-v2-txt/test.yaml @@ -1,4 +1,5 @@ -# *** Add configuration here *** +requires: + min-version: 8 checks: - filter: @@ -7,10 +8,10 @@ checks: dest_ip: 10.16.1.1 dest_port: 53 dns.id: 39372 - dns.rrname: textsecure-service-ca.whispersystems.org - dns.rrtype: A dns.tx_id: 0 - dns.type: query + dns.type: request + dns.queries[0].rrname: textsecure-service-ca.whispersystems.org + dns.queries[0].rrtype: A event_type: dns pcap_cnt: 3 proto: UDP @@ -22,10 +23,10 @@ checks: dest_ip: 10.16.1.1 dest_port: 53 dns.id: 28243 - dns.rrname: google.com - dns.rrtype: TXT + dns.queries[0].rrname: google.com + dns.queries[0].rrtype: TXT dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 1 proto: UDP @@ -47,10 +48,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: textsecure-service-ca.whispersystems.org - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: textsecure-service-ca.whispersystems.org + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 4 proto: UDP @@ -72,10 +73,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: google.com - dns.rrtype: TXT - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: google.com + dns.queries[0].rrtype: TXT + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 2 proto: UDP diff --git a/tests/dns-udp-junkrequest-first/test.yaml b/tests/dns-udp-junkrequest-first/test.yaml index f4860936b..268957a94 100644 --- a/tests/dns-udp-junkrequest-first/test.yaml +++ b/tests/dns-udp-junkrequest-first/test.yaml @@ -1,7 +1,5 @@ requires: - min-version: 7 - features: - - HAVE_LIBJANSSON + min-version: 8 checks: @@ -10,8 +8,8 @@ checks: count: 1 match: event_type: dns - dns.type: query - dns.rrname: catenacyber.Fr + dns.type: request + dns.queries[0].rrname: catenacyber.Fr # Check that there is one flow event with DNS. - filter: count: 1 diff --git a/tests/dns-udp-null/test.yaml b/tests/dns-udp-null/test.yaml index 46ea076c4..d86af6459 100644 --- a/tests/dns-udp-null/test.yaml +++ b/tests/dns-udp-null/test.yaml @@ -1,18 +1,18 @@ requires: - min-version: 7 + min-version: 8 checks: - filter: count: 1 match: event_type: dns - dns.type: query - dns.rrtype: "NULL" + dns.type: request + dns.queries[0].rrtype: "NULL" - filter: count: 1 match: event_type: dns - dns.type: answer + dns.type: response dns.rcode: NOERROR - dns.rrtype: "NULL" + dns.queries[0].rrtype: "NULL" dns.answers[0].rdata: "VACKD\u0003\\xc5\\xe9\u0001" diff --git a/tests/dns-udp-unsolicited-response/test.yaml b/tests/dns-udp-unsolicited-response/test.yaml index 0c6222324..c669e1d8d 100644 --- a/tests/dns-udp-unsolicited-response/test.yaml +++ b/tests/dns-udp-unsolicited-response/test.yaml @@ -1,3 +1,6 @@ +requires: + min-version: 8 + pcap: ../dns-udp-unsolicited-response-v1/dns-response-2x.pcap checks: @@ -5,9 +8,9 @@ checks: count: 1 match: event_type: dns - dns.type: query + dns.type: request - filter: count: 2 match: event_type: dns - dns.type: answer + dns.type: response diff --git a/tests/dns-z-bit/test.yaml b/tests/dns-z-bit/test.yaml index bb5c377dd..1332fde69 100644 --- a/tests/dns-z-bit/test.yaml +++ b/tests/dns-z-bit/test.yaml @@ -1,3 +1,6 @@ +requires: + min-version: 8 + args: - -k none @@ -6,14 +9,14 @@ checks: count: 1 match: event_type: dns - dns.type: query + dns.type: request dns.z: true - filter: count: 1 match: event_type: alert alert.signature_id: 2240006 - dns.query[0].z: true + dns.z: true - filter: count: 1 match: @@ -30,10 +33,10 @@ checks: dns.ra: true dns.rcode: NOERROR dns.rd: true - dns.rrname: www.google.com - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: www.google.com + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 2 proto: UDP diff --git a/tests/dns/dns-invalid-opcode/test.yaml b/tests/dns/dns-invalid-opcode/test.yaml index de64bae65..8983dc93e 100644 --- a/tests/dns/dns-invalid-opcode/test.yaml +++ b/tests/dns/dns-invalid-opcode/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7 + min-version: 8 args: - -k none @@ -11,14 +11,14 @@ checks: count: 1 match: event_type: dns - dns.type: query + dns.type: request # Simple check for one answer. - filter: count: 1 match: event_type: dns - dns.type: answer + dns.type: response # One alert in to_server direction. - filter: @@ -50,12 +50,11 @@ checks: dest_ip: 2.2.2.2 dest_port: 53 direction: to_server - dns.query[0].id: 1 - dns.query[0].opcode: 9 - dns.query[0].rrname: suricata.io - dns.query[0].rrtype: A - dns.query[0].tx_id: 0 - dns.query[0].type: query + dns.id: 1 + dns.opcode: 9 + dns.queries[0].rrname: suricata.io + dns.queries[0].rrtype: A + dns.tx_id: 0 event_type: alert flow.bytes_toclient: 0 flow.bytes_toserver: 71 @@ -94,10 +93,10 @@ checks: dest_port: 53 dns.id: 1 dns.opcode: 9 - dns.rrname: suricata.io - dns.rrtype: A + dns.queries[0].rrname: suricata.io + dns.queries[0].rrtype: A dns.tx_id: 0 - dns.type: query + dns.type: request event_type: dns pcap_cnt: 1 pkt_src: wire/pcap @@ -118,15 +117,15 @@ checks: dest_ip: 1.1.1.1 dest_port: 5333 direction: to_client - dns.answer.flags: c800 - dns.answer.id: 1 - dns.answer.opcode: 9 - dns.answer.qr: true - dns.answer.rcode: NOERROR - dns.answer.rrname: suricata.io - dns.answer.rrtype: A - dns.answer.type: answer - dns.answer.version: 2 + dns.flags: c800 + dns.id: 1 + dns.opcode: 9 + dns.qr: true + dns.rcode: NOERROR + dns.queries[0].rrname: suricata.io + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: alert flow.bytes_toclient: 98 flow.bytes_toserver: 71 @@ -173,10 +172,10 @@ checks: dns.opcode: 9 dns.qr: true dns.rcode: NOERROR - dns.rrname: suricata.io - dns.rrtype: A - dns.type: answer - dns.version: 2 + dns.queries[0].rrname: suricata.io + dns.queries[0].rrtype: A + dns.type: response + dns.version: 3 event_type: dns pcap_cnt: 2 pkt_src: wire/pcap diff --git a/tests/dns/dns-rcode/test.yaml b/tests/dns/dns-rcode/test.yaml index 412f042e3..c07a83661 100644 --- a/tests/dns/dns-rcode/test.yaml +++ b/tests/dns/dns-rcode/test.yaml @@ -11,7 +11,7 @@ checks: direction: to_client app_proto: dns event_type: alert - dns.answer.rcode: NXDOMAIN + dns.rcode: NXDOMAIN src_ip: 8.8.4.4 src_port: 53 - filter: @@ -23,7 +23,7 @@ checks: direction: to_client app_proto: dns event_type: alert - dns.answer.rcode: NXDOMAIN + dns.rcode: NXDOMAIN src_ip: 8.8.4.4 src_port: 53 - filter: diff --git a/tests/dns/dns-rrtype/test.yaml b/tests/dns/dns-rrtype/test.yaml index ca8b156f0..66ba5ad11 100644 --- a/tests/dns/dns-rrtype/test.yaml +++ b/tests/dns/dns-rrtype/test.yaml @@ -13,7 +13,7 @@ checks: direction: to_server app_proto: dns event_type: alert - dns.query[0].rrtype: A + dns.queries[0].rrtype: A src_ip: 10.16.1.11 src_port: 57634 - filter: @@ -25,7 +25,7 @@ checks: direction: to_client app_proto: dns event_type: alert - dns.answer.rrtype: A + dns.queries[0].rrtype: A src_ip: 10.16.1.1 src_port: 53 - filter: @@ -37,6 +37,6 @@ checks: direction: to_client app_proto: dns event_type: alert - dns.answer.rrtype: A + dns.queries[0].rrtype: A src_ip: 10.16.1.1 src_port: 53 diff --git a/tests/ethernet-eve/test.yaml b/tests/ethernet-eve/test.yaml index 5c5b50e59..dded96f2a 100644 --- a/tests/ethernet-eve/test.yaml +++ b/tests/ethernet-eve/test.yaml @@ -11,21 +11,21 @@ checks: event_type: dns src_ip: 10.16.1.11 ether.src_mac: d8:cb:8a:ed:a1:46 - dns.type: query + dns.type: request - filter: count: 5 match: event_type: dns src_ip: 10.16.1.11 ether.src_mac: d8:cb:8a:ed:a1:46 - dns.type: answer + dns.type: response - filter: count: 0 match: event_type: dns src_ip: 10.16.1.11 ether.dest_mac: d8:cb:8a:ed:a1:46 - dns.type: answer + dns.type: response - filter: count: 5 match: @@ -75,4 +75,3 @@ checks: event_type: fileinfo dest_ip: 192.168.118.10 ether.dest_mac: 00:11:2f:8f:a0:76 - diff --git a/tests/vxlan-decoder-03/test.yaml b/tests/vxlan-decoder-03/test.yaml index d8b017df3..12a4fa53b 100644 --- a/tests/vxlan-decoder-03/test.yaml +++ b/tests/vxlan-decoder-03/test.yaml @@ -1,7 +1,6 @@ requires: - features: - - HAVE_LIBJANSSON - - RUST + min-version: 8 + args: - --set decoder.vxlan.enabled=true @@ -25,7 +24,14 @@ checks: app_proto: ntp dest_port: 123 - filter: - count: 8 + count: 4 + match: + event_type: dns + dns.type: request + dns.queries[0].rrname: "ec2-18-196-145-224.eu-central-1.compute.amazonaws.com" + - filter: + count: 4 match: event_type: dns - dns.rrname: "ec2-18-196-145-224.eu-central-1.compute.amazonaws.com" + dns.type: response + dns.queries[0].rrname: "ec2-18-196-145-224.eu-central-1.compute.amazonaws.com"