Acme Inc. - "cerber" firewall log analysis for the period
Fri Jan 24 00:00:00 2003 to Fri Jan 24 23:59:59 2003

Firewalls	Sections								First message	Last message
172.17.250.4	Summary	Message types	Details	Destinations	Sources	Protocols	Denials	Traffic	01/24/03 00:00:00	01/24/03 00:03:41

Research links

PIX message code

Whois

Send your comments or suggestions to the FireGen developers!

Glossary

Analysis performance

Keywords to include

Keywords to exclude

Analyzed log(s)	Log size (kb)	Log entries	Log type
C:\Program Files\FireGenPix\Sample\kiwilogISO-2003-01-24.log	100.28	576	Kiwi syslog - format ISO - (Tab delimited) with no PIX time stamp

Summary for the 172.17.250.4 firewall. Back to top

Level	Severity	Description	Total	Reported	Excluded
1	Alert	Immediate action needed	3	3	0
2	Critical	Critical condition	2	2	0
3	Error	Error condition	8	8	0
4	Warning	Warning condition	27	27	0
5	Notification	Normal but significant condition	2	2	0
6	Informational	Informational message only	532	532	0
7	Debugging	Appears during debugging only	2	2	0
		Total	576	576	0

Message types distribution for the 172.17.250.4 firewall. Back to top

No	Code	Total	Example
1	1-101002	1	(Primary) Bad failover cable.
2	1-105001	1	(Primary) Disabling failover.
3	1-106022	1	Deny protocol connection spoof from 203.45.122.5 to 216.208.34.22 on interface inside
4	2-110003	1	No interface is configured (with name out_vpn).
5	2-709007	1	Configuration replication failed for command write memory
6	3-106011	6	Deny inbound (No xlate) tcp src outside:80.142.137.204/nnnn dst outside:216.13.68.122/21
7	3-202001	1	Out of address translation slots!
8	3-211003	1	CPU utilization for time seconds = %75
9	4-106023	26	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.115/21 by access-group "acl_out"
10	4-309004	1	Manager session limit exceeded. Connection request from 192.168.1.5 on interface inside
11	5-111006	1	Console Login from user at 192.168.1.4
12	5-199001	1	PIX reload command executed from telnet (192.168.1.4).
13	6-106015	17	Deny TCP (no connection) from 10.42.0.141/25 to 172.18.10.10/nnnn flags ACK on interface vpn
14	6-110001	1	No route to 10.10.10.3 from 192.168.1.45
15	6-199002	1	PIX startup completed. Beginning operation.
16	6-302013	77	Built outbound TCP connection nnnnn for outside:12.129.129.149/1521 (12.129.129.149/1521) to inside:172.18.10.99/nnnn (216.13.68.100/nnnn)
17	6-302014	74	Teardown TCP connection nnnnn for outside:12.129.129.149/1521 to inside:172.18.10.99/nnnn duration 0:00:01 bytes 428 TCP FINs
18	6-302015	151	Built inbound UDP connection 132900 for vpn:10.42.0.141/nnnn (10.42.0.141/nnnn) to inside:172.18.10.10/514 (172.18.10.10/514)
19	6-302016	206	Teardown UDP connection 132740 for outside:64.12.66.9/50 to inside:172.18.10.99/53 duration 0:02:01 bytes 50
20	6-305011	1	Built dynamic ICMP translation from inside:172.18.10.67/nnnn to outside:216.13.68.99/279
21	6-305012	2	Teardown dynamic ICMP translation from inside:172.18.10.67/443 to outside:216.13.68.99/280 duration 0:00:31
22	6-307003	1	telnet login session failed from 192.168.1.4 (3 attempts) on interface inside
23	6-605002	1	HTTP daemon connection limit exceeded
24	7-701001	1	alloc_user() out of Tcp_user objects
25	7-709002	1	FO unreplicable: cmd=show config

Details for the 172.17.250.4 firewall.

Severity level 1 (Alert) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:03:41	01/24/03 00:03:41	1-101002	(Primary) Bad failover cable.	1
2	01/24/03 00:03:41	01/24/03 00:03:41	1-105001	(Primary) Disabling failover.	1
3	01/24/03 00:03:41	01/24/03 00:03:41	1-106022	Deny protocol connection spoof from 203.45.122.5 to 216.208.34.22 on interface inside	1

Severity level 2 (Critical) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:03:41	01/24/03 00:03:41	2-110003	No interface is configured (with name out_vpn).	1
2	01/24/03 00:03:24	01/24/03 00:03:24	2-709007	Configuration replication failed for command write memory	1

Severity level 3 (Error) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:00:54	01/24/03 00:00:55	3-106011	Deny inbound (No xlate) tcp src outside:80.142.137.204/nnnn dst outside:216.13.68.122/21	3
2	01/24/03 00:00:54	01/24/03 00:00:55	3-106011	Deny inbound (No xlate) tcp src outside:80.142.137.204/nnnn dst outside:216.13.68.99/21	3
3	01/24/03 00:03:41	01/24/03 00:03:41	3-211003	CPU utilization for time seconds = %75	1
4	01/24/03 00:03:41	01/24/03 00:03:41	3-202001	Out of address translation slots!	1

Severity level 4 (Warning) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:00:54	01/24/03 00:01:07	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.115/21 by access-group "acl_out"	4
2	01/24/03 00:00:54	01/24/03 00:01:07	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.119/21 by access-group "acl_out"	4
3	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.125/21 by access-group "acl_out"	3
4	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.104/21 by access-group "acl_out"	3
5	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.113/21 by access-group "acl_out"	3
6	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.102/21 by access-group "acl_out"	3
7	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.105/21 by access-group "acl_out"	3
8	01/24/03 00:00:54	01/24/03 00:01:03	4-106023	Deny tcp src outside:80.142.137.204/nnnn dst inside:216.13.68.109/21 by access-group "acl_out"	3
9	01/24/03 00:03:30	01/24/03 00:03:30	4-309004	Manager session limit exceeded. Connection request from 192.168.1.5 on interface inside	1

Severity level 5 (Notification) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:00:42	01/24/03 00:00:42	5-199001	PIX reload command executed from telnet (192.168.1.4).	1
2	01/24/03 00:03:41	01/24/03 00:03:41	5-111006	Console Login from user at 192.168.1.4	1

Severity level 6 (Informational) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:00:15	01/24/03 00:03:32	6-302013	Built outbound TCP connection nnnnn for outside:63.251.224.177/1521 (63.251.224.177/1521) to inside:172.18.10.99/nnnn (216.13.68.100/nnnn)	14
2	01/24/03 00:00:00	01/24/03 00:03:32	6-302014	Teardown TCP connection nnnnn for outside:63.251.224.177/1521 to inside:172.18.10.99/nnnn duration 0:00:01 bytes 86 TCP FINs	13
3	01/24/03 00:00:21	01/24/03 00:00:34	6-106015	Deny TCP (no connection) from 172.18.11.200/nnnn to 172.18.10.47/1521 flags ACK on interface vpn	7
4	01/24/03 00:01:16	01/24/03 00:02:16	6-302014	Teardown TCP connection nnnnn for outside:65.244.21.149/1521 to inside:172.18.10.99/nnnn duration 0:00:01 bytes 427 TCP FINs	5
5	01/24/03 00:01:15	01/24/03 00:02:16	6-302013	Built outbound TCP connection nnnnn for outside:65.244.21.149/1521 (65.244.21.149/1521) to inside:172.18.10.99/nnnn (216.13.68.100/nnnn)	5
6	01/24/03 00:02:41	01/24/03 00:02:42	6-302013	Built inbound TCP connection nnnnn for vpn:10.42.0.143/nnnn (10.42.0.143/nnnn) to inside:172.18.10.11/139 (172.18.10.11/139)	4
7	01/24/03 00:02:30	01/24/03 00:02:31	6-302014	Teardown TCP connection nnnnn for vpn:10.42.0.144/nnnn to inside:172.18.10.11/139 duration 0:00:01 bytes 741 TCP FINs	4
8	01/24/03 00:02:41	01/24/03 00:02:42	6-302014	Teardown TCP connection nnnnn for vpn:10.42.0.143/nnnn to inside:172.18.10.11/139 duration 0:00:01 bytes 741 TCP FINs	4
9	01/24/03 00:02:30	01/24/03 00:02:31	6-302013	Built inbound TCP connection nnnnn for vpn:10.42.0.144/nnnn (10.42.0.144/nnnn) to inside:172.18.10.11/139 (172.18.10.11/139)	4
10	01/24/03 00:01:22	01/24/03 00:01:23	6-302013	Built inbound TCP connection nnnnn for vpn:10.42.0.173/nnnn (10.42.0.173/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	3
11	01/24/03 00:02:41	01/24/03 00:02:41	6-302013	Built inbound TCP connection nnnnn for vpn:10.42.0.143/nnnn (10.42.0.143/nnnn) to inside:172.18.10.78/139 (172.18.10.78/139)	2
12	01/24/03 00:01:15	01/24/03 00:01:15	6-302013	Built inbound TCP connection nnnnn for vpn:172.17.102.25/nnnn (172.17.102.25/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	2
13	01/24/03 00:00:13	01/24/03 00:03:16	6-302014	Teardown TCP connection nnnnn for vpn:192.168.150.33/80 to inside:172.18.10.39/nnnn duration 0:00:01 bytes 205 TCP FINs	2
14	01/24/03 00:00:12	01/24/03 00:03:15	6-302013	Built outbound TCP connection nnnnn for vpn:10.42.0.164/2049 (10.42.0.164/2049) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
15	01/24/03 00:00:10	01/24/03 00:03:13	6-302013	Built outbound TCP connection nnnnn for outside:209.47.182.19/80 (209.47.182.19/80) to inside:172.18.10.39/nnnn (216.13.68.113/nnnn)	2
16	01/24/03 00:00:13	01/24/03 00:03:16	6-302013	Built outbound TCP connection nnnnn for vpn:192.168.150.33/80 (192.168.150.33/80) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
17	01/24/03 00:03:30	01/24/03 00:03:31	6-302013	Built inbound TCP connection nnnnn for vpn:10.42.0.181/nnnn (10.42.0.181/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	2
18	01/24/03 00:00:17	01/24/03 00:03:20	6-302014	Teardown TCP connection nnnnn for vpn:172.17.102.24/80 to inside:172.18.10.39/nnnn duration 0:00:01 bytes 339 TCP FINs	2
19	01/24/03 00:00:11	01/24/03 00:03:14	6-302014	Teardown TCP connection nnnnn for outside:209.47.182.19/80 to inside:172.18.10.39/nnnn duration 0:00:01 bytes 206 TCP FINs	2
20	01/24/03 00:00:17	01/24/03 00:03:20	6-302014	Teardown TCP connection nnnnn for vpn:172.17.102.23/80 to inside:172.18.10.39/nnnn duration 0:00:01 bytes 339 TCP FINs	2
21	01/24/03 00:02:51	01/24/03 00:02:51	6-302013	Built inbound TCP connection nnnnn for vpn:192.168.0.218/nnnn (192.168.0.218/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	2
22	01/24/03 00:03:27	01/24/03 00:03:28	6-302013	Built inbound TCP connection nnnnn for vpn:192.168.0.20/nnnn (192.168.0.20/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	2
23	01/24/03 00:03:17	01/24/03 00:03:32	6-302013	Built outbound TCP connection nnnnn for outside:12.129.129.149/1521 (12.129.129.149/1521) to inside:172.18.10.99/nnnn (216.13.68.100/nnnn)	2
24	01/24/03 00:02:51	01/24/03 00:02:52	6-302013	Built inbound TCP connection nnnnn for vpn:192.168.0.21/nnnn (192.168.0.21/nnnn) to inside:172.18.10.67/1984 (172.18.10.67/1984)	2
25	01/24/03 00:00:21	01/24/03 00:00:21	6-106015	Deny TCP (no connection) from 172.18.11.200/nnnn to 172.18.10.47/1521 flags PSH ACK on interface vpn	2
26	01/24/03 00:00:13	01/24/03 00:03:15	6-302014	Teardown TCP connection nnnnn for vpn:10.42.0.164/2049 to inside:172.18.10.39/nnnn duration 0:00:00 bytes 0 TCP FINs	2
27	01/24/03 00:00:11	01/24/03 00:03:14	6-302013	Built outbound TCP connection nnnnn for vpn:10.42.0.164/22 (10.42.0.164/22) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
28	01/24/03 00:02:41	01/24/03 00:02:41	6-302014	Teardown TCP connection nnnnn for vpn:10.42.0.143/nnnn to inside:172.18.10.78/139 duration 0:00:01 bytes 766 TCP FINs	2
29	01/24/03 00:00:16	01/24/03 00:03:19	6-302013	Built outbound TCP connection nnnnn for vpn:172.17.102.24/80 (172.17.102.24/80) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
30	01/24/03 00:00:16	01/24/03 00:03:19	6-302013	Built outbound TCP connection nnnnn for vpn:172.17.102.23/80 (172.17.102.23/80) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
31	01/24/03 00:03:17	01/24/03 00:03:32	6-302014	Teardown TCP connection nnnnn for outside:12.129.129.149/1521 to inside:172.18.10.99/nnnn duration 0:00:01 bytes 428 TCP FINs	2
32	01/24/03 00:00:11	01/24/03 00:03:14	6-302013	Built outbound TCP connection nnnnn for vpn:10.42.0.167/22 (10.42.0.167/22) to inside:172.18.10.39/nnnn (172.18.10.39/nnnn)	2
33	01/24/03 00:02:03	01/24/03 00:02:03	6-302016	Teardown UDP connection 132661 for outside:152.163.140.10/52 to inside:172.18.10.99/53 duration 0:02:01 bytes 39	1
34	01/24/03 00:00:44	01/24/03 00:00:44	6-302016	Teardown UDP connection 132446 for vpn:10.42.0.141/nnnn to inside:172.18.10.10/514 duration 0:02:01 bytes 277	1
35	01/24/03 00:02:49	01/24/03 00:02:49	6-302015	Built inbound UDP connection 132806 for vpn:10.42.0.141/nnnn (10.42.0.141/nnnn) to inside:172.18.10.10/514 (172.18.10.10/514)	1
36	01/24/03 00:00:33	01/24/03 00:00:33	6-302016	Teardown UDP connection 132388 for outside:64.12.66.8/51 to inside:172.18.10.99/53 duration 0:02:01 bytes 50	1
37	01/24/03 00:02:46	01/24/03 00:02:46	6-302015	Built outbound UDP connection 132796 for vpn:10.42.0.141/138 (10.42.0.141/138) to inside:172.18.10.10/138 (172.18.10.10/138)	1
38	01/24/03 00:00:44	01/24/03 00:00:44	6-302016	Teardown UDP connection 132419 for vpn:10.42.0.141/nnnn to inside:172.18.10.10/514 duration 0:02:01 bytes 289	1
39	01/24/03 00:00:44	01/24/03 00:00:44	6-302016	Teardown UDP connection 132458 for vpn:10.42.0.141/nnnn to inside:172.18.10.10/514 duration 0:02:01 bytes 277	1
40	01/24/03 00:03:21	01/24/03 00:03:21	6-302015	Built inbound UDP connection 132846 for vpn:172.18.11.194/137 (172.18.11.194/137) to inside:172.18.10.10/137 (172.18.10.10/137)	1
41	01/24/03 00:00:44	01/24/03 00:00:44	6-302016	Teardown UDP connection 132413 for vpn:10.42.0.141/1541 to inside:172.18.10.10/514 duration 0:02:01 bytes 291	1
42	01/24/03 00:00:44	01/24/03 00:00:44	6-302016	Teardown UDP connection 132421 for vpn:10.42.0.141/nnnn to inside:172.18.10.10/514 duration 0:02:01 bytes 170	1
43	01/24/03 00:01:31	01/24/03 00:01:31	6-302015	Built outbound UDP connection 132734 for outside:205.151.222.254/53 (205.151.222.254/53) to inside:172.18.10.10/nnnn (216.13.68.111/nnnn)	1
44	01/24/03 00:03:00	01/24/03 00:03:00	6-302015	Built inbound UDP connection 132826 for outside:152.163.140.10/nnnn (152.163.140.10/nnnn) to inside:172.18.10.99/53 (216.13.68.100/53)	1
45	01/24/03 00:03:41	01/24/03 00:03:41	6-302015	Built inbound UDP connection 132900 for vpn:10.42.0.141/nnnn (10.42.0.141/nnnn) to inside:172.18.10.10/514 (172.18.10.10/514)	1
46	01/24/03 00:01:59	01/24/03 00:01:59	6-302016	Teardown UDP connection 132658 for outside:205.188.152.8/50 to inside:172.18.10.99/53 duration 0:02:01 bytes 50	1
47	01/24/03 00:00:05	01/24/03 00:00:05	6-302016	Teardown UDP connection 132374 for outside:64.108.53.158/nnnn to inside:172.18.10.99/53 duration 0:02:01 bytes 39	1
48	01/24/03 00:01:16	01/24/03 00:01:16	6-302013	Built inbound TCP connection nnnnn for vpn:192.168.0.20/1600 (192.168.0.20/1600) to inside:172.18.10.10/139 (172.18.10.10/139)	1
49	01/24/03 00:02:49	01/24/03 00:02:49	6-302015	Built inbound UDP connection 132807 for vpn:10.42.0.141/nnnn (10.42.0.141/nnnn) to inside:172.18.10.10/514 (172.18.10.10/514)	1
50	01/24/03 00:00:54	01/24/03 00:00:54	6-302015	Built inbound UDP connection 132687 for vpn:192.168.0.159/138 (192.168.0.159/138) to inside:172.18.10.10/138 (172.18.10.10/138)	1
There were 407 more messages to be reported but the listing is limited to 50!!!

Severity level 7 (Debugging) details for the 172.17.250.4 firewall. Back to top

No	First Message	Last Message	Code	Message	Count
1	01/24/03 00:03:41	01/24/03 00:03:41	7-709002	FO unreplicable: cmd=show config	1
2	01/24/03 00:03:38	01/24/03 00:03:38	7-701001	alloc_user() out of Tcp_user objects	1

Top 50 protocols used for the 172.17.250.4 firewall. Back to top
No Protocol Connections %
1 53 - dns 65 28.5
2 514 - syslog 50 21.92
3 1521 - oracle 23 10.08
4 139 - netbios 15 6.57
5 1984 - big brother 14 6.14
6 138 - netbios 12 5.26
7 80 - http 11 4.82
8 161 - snmp 7 3.07
9 22 - ssh 7 3.07
10 25 - smtp 4 1.75
11 137 - netbios 4 1.75
12 2049 - nfs 2 0.87
13 162 - snmp-trap 1 0.43
14 26707 1 0.43
15 44690 1 0.43
16 44811 1 0.43
17 59657 1 0.43
18 44787 1 0.43
19 36776 1 0.43
20 2529 1 0.43
21 44750 1 0.43
22 36430 1 0.43
23 63358 1 0.43
24 42 - ms wins 1 0.43
25 60660 1 0.43
26 44630 1 0.43

Top 50 Destinations for the 172.17.250.4 firewall. Back to top
No Destination Connections Protocols
1 63.251.224.177 14 TCP/1521 - oracle
2 65.244.21.149 5 TCP/1521 - oracle
3 205.151.222.254 4 UDP/53 - dns
4 192.168.0.218 4 TCP/42 - ms wins,UDP/138 - netbios,UDP/161 - snmp,UDP/44787
5 10.42.0.164 4 TCP/2049 - nfs,TCP/22 - ssh
6 10.42.0.141 3 TCP/25 - smtp,UDP/138 - netbios
7 10.42.0.162 2 TCP/1521 - oracle,TCP/22 - ssh
8 12.129.129.149 2 TCP/1521 - oracle
9 192.175.48.42 2 UDP/53 - dns
10 10.42.0.167 2 TCP/22 - ssh
11 172.17.102.23 2 TCP/80 - http
12 172.17.102.24 2 TCP/80 - http
13 192.168.150.33 2 TCP/80 - http
14 209.47.182.19 2 TCP/80 - http
15 10.42.0.156 2 TCP/1521 - oracle,TCP/22 - ssh
16 129.33.164.84 2 UDP/53 - dns
17 192.168.0.20 1 TCP/139 - netbios
18 192.168.0.21 1 UDP/138 - netbios
19 10.10.35.180 1 UDP/161 - snmp
20 209.47.182.2 1 TCP/25 - smtp
21 172.17.102.10 1 TCP/80 - http
22 10.10.15.2 1 UDP/161 - snmp
23 10.10.35.120 1 UDP/161 - snmp
24 10.10.35.2 1 UDP/161 - snmp
25 10.42.0.142 1 TCP/25 - smtp
26 209.47.182.12 1 TCP/80 - http
27 10.42.0.171 1 TCP/139 - netbios
28 10.42.0.129 1 UDP/161 - snmp
29 207.68.162.253 1 TCP/80 - http
30 172.18.11.3 1 UDP/161 - snmp
31 192.168.0.12 1 UDP/138 - netbios
32 192.43.172.30 1 UDP/53 - dns
33 10.42.0.165 1 TCP/22 - ssh

Top 50 internal source IPs for the 172.17.250.4 firewall. Back to top
No Source Connections Protocols Traffic (kb)
1 172.18.10.39 32 TCP/1521,TCP/2049,TCP/22,TCP/25,TCP/80,UDP/161,UDP/44787 24
2 172.18.10.99 21 TCP/1521 7

No	Protocol	Connections	%
1	53 - dns	65	28.5
2	514 - syslog	50	21.92
3	1521 - oracle	23	10.08
4	139 - netbios	15	6.57
5	1984 - big brother	14	6.14
6	138 - netbios	12	5.26
7	80 - http	11	4.82
8	161 - snmp	7	3.07
9	22 - ssh	7	3.07
10	25 - smtp	4	1.75
11	137 - netbios	4	1.75
12	2049 - nfs	2	0.87
13	162 - snmp-trap	1	0.43
14	26707	1	0.43
15	44690	1	0.43
16	44811	1	0.43
17	59657	1	0.43
18	44787	1	0.43
19	36776	1	0.43
20	2529	1	0.43
21	44750	1	0.43
22	36430	1	0.43
23	63358	1	0.43
24	42 - ms wins	1	0.43
25	60660	1	0.43
26	44630	1	0.43

No	Destination	Connections	Protocols
1	63.251.224.177	14	TCP/1521 - oracle
2	65.244.21.149	5	TCP/1521 - oracle
3	205.151.222.254	4	UDP/53 - dns
4	192.168.0.218	4	TCP/42 - ms wins,UDP/138 - netbios,UDP/161 - snmp,UDP/44787
5	10.42.0.164	4	TCP/2049 - nfs,TCP/22 - ssh
6	10.42.0.141	3	TCP/25 - smtp,UDP/138 - netbios
7	10.42.0.162	2	TCP/1521 - oracle,TCP/22 - ssh
8	12.129.129.149	2	TCP/1521 - oracle
9	192.175.48.42	2	UDP/53 - dns
10	10.42.0.167	2	TCP/22 - ssh
11	172.17.102.23	2	TCP/80 - http
12	172.17.102.24	2	TCP/80 - http
13	192.168.150.33	2	TCP/80 - http
14	209.47.182.19	2	TCP/80 - http
15	10.42.0.156	2	TCP/1521 - oracle,TCP/22 - ssh
16	129.33.164.84	2	UDP/53 - dns
17	192.168.0.20	1	TCP/139 - netbios
18	192.168.0.21	1	UDP/138 - netbios
19	10.10.35.180	1	UDP/161 - snmp
20	209.47.182.2	1	TCP/25 - smtp
21	172.17.102.10	1	TCP/80 - http
22	10.10.15.2	1	UDP/161 - snmp
23	10.10.35.120	1	UDP/161 - snmp
24	10.10.35.2	1	UDP/161 - snmp
25	10.42.0.142	1	TCP/25 - smtp
26	209.47.182.12	1	TCP/80 - http
27	10.42.0.171	1	TCP/139 - netbios
28	10.42.0.129	1	UDP/161 - snmp
29	207.68.162.253	1	TCP/80 - http
30	172.18.11.3	1	UDP/161 - snmp
31	192.168.0.12	1	UDP/138 - netbios
32	192.43.172.30	1	UDP/53 - dns
33	10.42.0.165	1	TCP/22 - ssh

No	Source	Connections	Protocols	Traffic (kb)
1	172.18.10.39	32	TCP/1521,TCP/2049,TCP/22,TCP/25,TCP/80,UDP/161,UDP/44787	24
2	172.18.10.99	21	TCP/1521	7