Skip to content

Instantly share code, notes, and snippets.

@LiamRandall

LiamRandall/gist:f50de45878e06ea89d2f

Created March 3, 2015 02:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save LiamRandall/f50de45878e06ea89d2f to your computer and use it in GitHub Desktop.
Save LiamRandall/f50de45878e06ea89d2f to your computer and use it in GitHub Desktop.
Download ZIP
Sample Valid TLS Protocol State Machine
Raw
gistfile1.txt
0.000000 bro_init
0.000000 filter_change_tracking
1406693027.271405 ChecksumOffloading::check
1406693027.271405 filter_change_tracking
1406693027.271405 new_connection
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=189105], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1406693027.271405, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1406693027.313745 connection_established
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=84, flow_label=189105], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1406693027.271405, duration=0.04234, service={^J^J}, addl=, hot=0, history=Sh, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1406693027.326615 protocol_confirmation
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] atype: enum = Analyzer::ANALYZER_SSL
[2] aid: count = 3
1406693027.326615 ssl_extension_server_name
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=<uninitialized>, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] names: vector of string = [www.gmail.com]
1406693027.326615 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] code: count = 0
[3] val: string = \0^P\0\0^Mwww.gmail.com
1406693027.326615 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] code: count = 11
[3] val: string = ^C\0^A^B
1406693027.326615 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] code: count = 10
[3] val: string = \02\0^N\0^M\0^Y\0^K\0^L\0^X\0^I\0^J\0^V\0^W\0^H\0^F\0^G\0^T\0^U\0^D\0^E\0^R\0^S\0^A\0^B\0^C\0^O\0^P\0^Q
1406693027.326615 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] code: count = 13
[3] val: string = \0\x1e^F^A^F^B^F^C^E^A^E^B^E^C^D^A^D^B^D^C^C^A^C^B^C^C^B^A^B^B^B^C
1406693027.326615 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] code: count = 15
[3] val: string = ^A
1406693027.326615 ssl_client_hello
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] version: count = 771
[2] possible_ts: time = 400866249.0
[3] client_random: string = 82^F\xac\xe2@J/^G\xdd^Q\xb6\xe58\x80(\xef^B^N\xde\xba^I\xd5\xeav-&\xbf
[4] session_id: string = \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
[5] ciphers: vector of count = [49200, 49196, 49192, 49188, 49172, 49162, 49186, 49185, 163, 159, 107, 106, 57, 56, 136, 135, 49202, 49198, 49194, 49190, 49167, 49157, 157, 61, 53, 132, 49170, 49160, 49180, 49179, 22, 19, 49165, 49155, 10, 49199, 49195, 49191, 49187, 49171, 49161, 49183, 49182, 162, 158, 103, 64, 51, 50, 154, 153, 69, 68, 49201, 49197, 49193, 49189, 49166, 49156, 156, 60, 47, 150, 65, 7, 255]
1406693027.326615 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=2, num_bytes_ip=156, flow_label=189105], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=80, flow_label=0], start_time=1406693027.271405, duration=0.05521, service={^J^ISSL^J}, addl=, hot=0, history=ShAD, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] msg_type: count = 1
[3] length: count = 300
1406693027.375401 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=3, num_bytes_ip=537, flow_label=189105], resp=[size=1208, state=4, num_pkts=2, num_bytes_ip=152, flow_label=0], start_time=1406693027.271405, duration=0.103996, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 0
[3] val: string =
1406693027.375401 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=3, num_bytes_ip=537, flow_label=189105], resp=[size=1208, state=4, num_pkts=2, num_bytes_ip=152, flow_label=0], start_time=1406693027.271405, duration=0.103996, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 65281
[3] val: string = \0
1406693027.375401 ssl_extension
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=3, num_bytes_ip=537, flow_label=189105], resp=[size=1208, state=4, num_pkts=2, num_bytes_ip=152, flow_label=0], start_time=1406693027.271405, duration=0.103996, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 11
[3] val: string = ^C\0^A^B
1406693027.375401 ssl_server_hello
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=3, num_bytes_ip=537, flow_label=189105], resp=[size=1208, state=4, num_pkts=2, num_bytes_ip=152, flow_label=0], start_time=1406693027.271405, duration=0.103996, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=<uninitialized>, cipher=<uninitialized>, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] version: count = 771
[2] possible_ts: time = 1406693027.0
[3] server_random: string = \xa9^H\xbe_\x9bL\xe4\xabk\xd3\xe4m\xfa\xb0'c\xc6\x8b\xdd\x8c\xf7\xdf\xe0\xe2i^F^Y}
[4] session_id: string = T^U\xb3\xf0^N\xdc\xd2\x966\xdf\x84Df^K\xe4\xe0:f\xc1:\xb4\x81,'\x82\xf2\xae\x8f^CM^J\xd0
[5] cipher: count = 49199
[6] comp_method: count = 0
1406693027.375401 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=3, num_bytes_ip=537, flow_label=189105], resp=[size=1208, state=4, num_pkts=2, num_bytes_ip=152, flow_label=0], start_time=1406693027.271405, duration=0.103996, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] msg_type: count = 2
[3] length: count = 89
1406693027.375958 file_new
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 file_over_new_connection
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=<uninitialized>, cert_chain_fuids=<uninitialized>, client_cert_chain=<uninitialized>, client_cert_chain_fuids=<uninitialized>, subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F
1406693027.375958 file_hash
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = md5
[2] hash: string = 3b16cb10dc2473c647765831cc0fd7d4
1406693027.375958 file_hash
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = sha1
[2] hash: string = 22b390e67ae0189a30801ac5e6606173a5755f7c
1406693027.375958 x509_certificate
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] cert_ref: opaque of x509 = <no value description>
[2] cert: X509::Certificate = [version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com]
1406693027.375958 x509_ext_subject_alternative_name
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::SubjectAlternativeName = [dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]
1406693027.375958 x509_ext_basic_constraints
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::BasicConstraints = [ca=F, path_len=<uninitialized>]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]
1406693027.375958 file_state_remove
[0] f: fa_file = [id=FPXgbn2NMWgkfOPng, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^Dt0\x82^C\\xa0^C^B^A^B^B^H^J\xb8\xe8\x1cW\xb0\x1c\xea0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x1e^W^M140716120936Z^W^M141014000000Z0g1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^H^L^JCalifornia1^V0^T^F^CU^D^G^L^MMountain View1^S0^Q^F^CU^D^J^L^JGoogle Inc1^V0^T^F^CU^D^C^L^Mwww.gmail.com0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xac\xdbX\xb2\x9f^T\x1f\xa1\xcdd\xd4l\x87ri1?\xa8\xc2\xbbUG\xdd\x8f`\xcb@'/pD\xdf^ZL^Ml^U^D0t\x88K\xed\x89\x8c\xc9G\xb2\x1f/\xfbT\x8a\xe5]\xd7\xae\xdc\xf5^I7\xba+\xf0\xd9\xce\xc5\x91U\xd1eV"\xb0\xf2\x1e\xdd\xb3g\xfb\x8bp"\xe4\xe2\x8f\xd3^LM}\xd7`Y\x96]\xb0^Ch\xd7\xb5X\xcc\x9b\xe0$^N\x9a^S\x86\xa0#P:\xc3\xe5\xf1^B\x83LO\xdc\xe5|\x82\x8b\xbdC\xcb"H\x90\xc6\xe5\x84\xb4^J\xde\x88^PbS\xf8]v\xa7t\x8f\xc2\xe2T\xa5\xa9\xe0pl\xdc^LfpX\x97\xbc\x80\x8c\xe1\xbc~\xe4*-\xe6:\xcb\x8cx>^X\xad;\x81\xb7^?^I\xe7\x9d\xe8\xbb\xd9\xa7^Ll#\xb3\x80\xe5mt\xe3\xd5\xa2\xdd\xe7O\xaa\xa4/\xda\xfbu\xee\xc4\xd7\xe2\x88a^W^Y^L\x8d^\x86^F\xbd\xea~\x97\x99\xe6^T\xb1@\^G\xfc\xdc\xcc\xd7\xff\x9f\xd1\x86`^Pz\xc5 \x9a\xa4\x81\x8d\xce9^G\xc7we^B^C^A\0^A\xa3\x82^A@0\x82^A<0\x1d^F^CU\x1d%^D^V0^T^F^H+^F^A^E^E^G^C^A^F^H+^F^A^E^E^G^C^B0^X^F^CU\x1d^Q^D^Q0^O\x82^Mwww.gmail.com0h^F^H+^F^A^E^E^G^A^A^D\0Z0+^F^H+^F^A^E^E^G0^B\x86\x1fhttp://pki.google.com/GIAG2.crt0+^F^H+^F^A^E^E^G0^A\x86\x1fhttp://clients1.google.com/ocsp0\x1d^F^CU\x1d^N^D^V^D^T\xb3\xfc\xd0=^S-\xae^TK\xd8J\xb0\xae\xb7<\xc45\xa1\x1e\x8c0^L^F^CU\x1d^S^A^A\xff^D^B0\00\x1f^F^CU\x1d#^D^X0^V\x80^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A00^F^CU\x1d\x1f^D)0'0%\xa0#\xa0!\x86\x1fhttp://pki.google.com/GIAG2.crl0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\0/.\x8c\xc0\x8f\x8e^KJM\xad:f\xaaY\xa1Y\x87:\xff&d\xd7\xc3\xdeh\xfb\xf1\x86\x9a8h\xca\xdb\xf9\xc5+Y^T\xd9\x9du\xf4\xe5\x84~\x8fPX\x81\x94^QW\xf4Z{[^E\x9e~\xa3\x8fz`mB\xc7\xc8\xf2\x8a~\xb0\x8f^N\x8d\xce:\xde+Fn\xafF\xb2^M_\xafDP\xda&)\xa7\x96\xb6\xbd^GV\xac\x94^U^O^Z^FMg^H\x99^L\x960\x99+(\xd84\xfd\xcc\xfd+^BX\xaa^Os^R\xd6\xdb\xee^R^Cr\xa9^P\xa5n\x9a\xd9^T^Q\x85^G\xc4,\xc9\x9dg\xdb\x80^Rm\xe9"\xce^N\xc4\xb3\xd3\x9a\x81p\xc9kO\x98\xa8^WT\xb9<<\xd5\xeb\xfeE ^N\x81\xfcA\xe7O\x87\xc1t)4E\xb0\xf6\xbb\xab^B\xd8[\xb6^CO^N\xe3^Y\xe6^C\xe7\x1c%X;\xdc\xa4\xf4\xd1^R\x93\xc5$b4\xa4\xb5i}^II\xdb)\xfc\x9a\x84- \x8c\xbe\xaca2^O\x83 \xa3\x83m\x1f^I;\xe2yl\xc0}\\x84'rZ^W, info=[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 file_new
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 file_over_new_connection
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F
1406693027.375958 file_hash
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = md5
[2] hash: string = 9e4ac96474245129d9766700412a1f89
1406693027.375958 file_hash
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = sha1
[2] hash: string = d83c1a7f4d0446bb2081b81a1670f8183451ca24
1406693027.375958 x509_certificate
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] cert_ref: opaque of x509 = <no value description>
[2] cert: X509::Certificate = [version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]
1406693027.375958 x509_ext_basic_constraints
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::BasicConstraints = [ca=T, path_len=0]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]
1406693027.375958 file_state_remove
[0] f: fa_file = [id=Fwx2PI3gD3MTEbcw4l, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^D^D0\x82^B\xec\xa0^C^B^A^B^B^C^B:i0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x1e^W^M130405151555Z^W^M150404151555Z0I1^K0^I^F^CU^D^F^S^BUS1^S0^Q^F^CU^D^J^S^JGoogle Inc1%0#^F^CU^D^C^S\x1cGoogle Internet Authority G20\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\x9c*^Dw\\xd8P\x91:^F\xa3\x82\xe0\xd8PH\xbc\x89?\xf1^Yp^Z\x88F~\xe0\x8f\xc5\xf1\x89\xce!\xeeZ\xfea^M\xb72D\x89\xa0t^KSOU\xa4\xce\x82b\x95\xee\xebY_\xc6\xe1^E\x80^R\xc4^\x94?\xbc[H8\xf4S\xf7$\xe6\xfb\x91\xe9^U\xc4\xcf\xf4S^M\xf4J\xfc\x9fT\xde}\xbe\xa0ko\x87\xc0\xd0P\x1f(0^C@\xda^HsQl^?\xff:<\xa77^F\x8e\xbdK^Q^D\xeb}$\xde\xe6\xf9\xfc1q\xfb\x94\xd5`\xf3.J\xafB\xd2\xcb\xea\xc4j^Z\xb2\xccS\xdd^UK\x8b\x1f\xc8^Ya\x1f\xcd\x9d\xa8>c+\x845ie\x84\xc8^Y\xc5F"\xf8S\x95\xbe\xe3\x80J^P\xc6*\xec\xba\x97 ^Q\xc79\x99^P^D\xa0\xf0az\x95%\x8cNRu\xe2\xb6\xed^H\xca^T\xfc\xce"j\xb3N\xcfF^C\x97\x97^C~\xc0\xb1\xde{\xafE3\xcf\xba>q\xb7\xde\xf4%%\xc2^M5\x89\x9d\x9d\xfb^N^Qy\x89\x1e7\xc5\xaf\x8eri^B^C^A\0^A\xa3\x81\xfb0\x81\xf80\x1f^F^CU\x1d#^D^X0^V\x80^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0\x1d^F^CU\x1d^N^D^V^D^TJ\xdd^F^V\x1b\xbc\xf6h\xb5v\xf5\x81\xb6\xbbb^Z\xbaZ\x81/0^R^F^CU\x1d^S^A^A\xff^D^H0^F^A^A\xff^B^A\00^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/gtglobal.crl0=^F^H+^F^A^E^E^G^A^A^D10/0-^F^H+^F^A^E^E^G0^A\x86!http://gtglobal-ocsp.geotrust.com0^W^F^CU\x1d ^D^P0^N0^L^F^J+^F^A^D^A\xd6y^B^E^A0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x82^A^A\06\xd7^F\x80^Q'\xad*^T\x9b8w\xb3#\xa0uX\xbb\xb1~\x83B\xbar\xda\x1e\xd8\x8e6^F\x97\xe0\xf0\x95;7\xfd\x1bBX\xfe"\xc8k\xbd8^\xd1;%n^R\xeb^gvF@\x90\xda^T\xc8x^M\xed\x95f\xda\x8e\x86o\x80\xa1\xbaV2\x95\x86\xdc\xdcj\xca^D\x8c[^?\xf6\xbf\xcco\x85^CX\xc3hQ^S\xcd\xfd\xc8\xf7y=\x995\xf0V\xa3\xbd\xe0Y\xedOD^I\xa3\x9e8z\xf6F\xd1\x1d^R\x9dO\xbe\xd0@\xfcU\xfe^F^<\xda\x1cV\xbd\x96Q{oW*\xdb\xa2\xaa\x96\xdc\x8ct\xc2\x95\xbe\xf0n\x95^S\xff^W\xf0<\xac\xb2^P\x8d\xccs\xfb\xe8\x8f^B\xc6\xf0\xfb3\xb3\x95;\xe3\xc2\xcbhXs\xdb\xa8$b;^F5\x9d^M\xa93\xbdx^C\x90.Lx]P:\x81\xd4\xee\xa0\xc8p8\xdc\xb2\xf9g\xfa\x87@]a\xc0Q\x8fk\x83k\xcd^E:\xca\xe1\xa7^Ex\xfc\xca\xda\x94\xd0,^H=~^Vy\xc8\xa0P $T3q, info=[ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 file_new
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=<uninitialized>, ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 file_over_new_connection
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=<uninitialized>, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SSL, depth=0, analyzers={^J^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[2] is_orig: bool = F
1406693027.375958 file_hash
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=<uninitialized>, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = md5
[2] hash: string = 2e7db2a31d0e3da4b25f49b9542a2e1a
1406693027.375958 file_hash
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=<uninitialized>, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] kind: string = sha1
[2] hash: string = 7359755c6df9a0abc3060bce369564c8ec4542a3
1406693027.375958 x509_certificate
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=<uninitialized>, extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] cert_ref: opaque of x509 = <no value description>
[2] cert: X509::Certificate = [version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]
1406693027.375958 x509_ext_basic_constraints
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]], san=<uninitialized>, basic_constraints=<uninitialized>], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::BasicConstraints = [ca=T, path_len=<uninitialized>]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J]
1406693027.375958 x509_extension
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
[1] ext: X509::Extension = [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]
1406693027.375958 file_state_remove
[0] f: fa_file = [id=F9ksh2O6vL1ErnqBi, parent_id=<uninitialized>, source=SSL, is_orig=F, conns={^J^I[[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp]] = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^I^ISSL^J^I}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I^I2607:f8b0:4000:805::1015^J^I}, rx_hosts={^J^I^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J^I}, conn_uids={^J^I^IC5abPgn1C03Sbffqi^J^I}, source=SSL, depth=0, analyzers={^J^I^IX509,^J^I^ISHA1,^J^I^IMD5^J^I}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]^J}, last_active=1406693027.375958, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=0\x82^C}0\x82^B\xe6\xa0^C^B^A^B^B^C^R\xbb\xe60^M^F^I*\x86H\x86\xf7^M^A^A^E^E\00N1^K0^I^F^CU^D^F^S^BUS1^P0^N^F^CU^D^J^S^GEquifax1-0+^F^CU^D^K^S$Equifax Secure Certificate Authority0\x1e^W^M020521040000Z^W^M180821040000Z0B1^K0^I^F^CU^D^F^S^BUS1^V0^T^F^CU^D^J^S^MGeoTrust Inc.1\x1b0^Y^F^CU^D^C^S^RGeoTrust Global CA0\x82^A"0^M^F^I*\x86H\x86\xf7^M^A^A^A^E\0^C\x82^A^O\00\x82^A^J^B\x82^A^A\0\xda\xcc^Xc0\xfd\xf4^W#^ZV~[\xdf<l8\xe4q\xb7x\x91\xd4\xbc\xa1\xd8L\xf8\xa8C\xb6^C\xe9M!^G^H\x88\xdaX/f9)\xbd^Ex\x8b\x9d8\xe8^E\xb7j~q\xa4\xe6\xc4`\xa6\xb0\xef\x80\xe4\x89(^O\x9e%\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9B^X5^T\x9d\xad\x98F\x92.O\xca\xf1\x87C\xc1^V\x95W-P\xef\x89-\x80zW\xad\xf2\xee_k\xd2\0\x8d\xb9^T\xf8^T^U5\xd9\xc0F\xa3{r\xc8\x91\xbf\xc9U+\xcd\xd0\x97>\x9c&d\xcc\xdf\xce\x83^Yq\xcaN\xe6\xd4\xd5{\xa9^Y\xcdU\xde\xc8\xec\xd2^8S\xe5\O\x8c-\xfeP#6\xfcf\xe6\xcb\x8e\xa49^Y\0\xb7\x95^B9\x91^K^N\xfe8.\xd1\x1d^E\x9a\xf6M>o^O^G\x1d\xaf,\x1e\x8f`9\xe2\xfa6S^S9\xd4^&+\xdb=\xa8^T\xbd2\xeb^X^C(R^Dq\xe5\xab3=\xe18\xbb^G6\x84b\x9cy\xea^V0\xf4_\xc0+\xe8qk\xe4\xf9^B^C^A\0^A\xa3\x81\xf00\x81\xed0\x1f^F^CU\x1d#^D^X0^V\x80^TH\xe6h\xf9+\xd2\xb2\x95\xd7G\xd8# ^PO3\x98\x90\x9f\xd40\x1d^F^CU\x1d^N^D^V^D^T\xc0z\x98h\x8d\x89\xfb\xab^Ed^L^Q}\xaa}e\xb8\xca\xccN0^O^F^CU\x1d^S^A^A\xff^D^E0^C^A^A\xff0^N^F^CU\x1d^O^A^A\xff^D^D^C^B^A^F0:^F^CU\x1d\x1f^D3010/\xa0-\xa0+\x86)http://crl.geotrust.com/crls/secureca.crl0N^F^CU\x1d ^DG0E0C^F^DU\x1d \00;09^F^H+^F^A^E^E^G^B^A^V-https://www.geotrust.com/resources/repository0^M^F^I*\x86H\x86\xf7^M^A^A^E^E\0^C\x81\x81\0v\xe1^RnNK^V^R\x860^F\xb2\x81^H\xcf\xf0^H\xc7\xc7q~f\xee\xc2\xed\xd4;\x1f\xff\xf0\xf0\xc8N\xd6C8\xb0\xb90}^X\xd0U\x83\xa2j\xcb6^Q\x9c\xe8Hf\xa3m^?\xb8^S\xd4G\xfe\x8bZ\s\xfc\xae\xd9\x1b2^Y8\xab\x974^T\xaa\x96\xd2\xeb\xa3\x1c^T^HI\xb6\xbb\xe5\x91\xef\x836\xeb\x1dVo\xca\xda\xbcsc\x90\xe4^?{>"\xcb=^G\xed_8t\x9c\xe3^CPN\xa1\xaf\x98\xeea\xf2\x84?^R, info=[ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=0, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>], ftp=<uninitialized>, http=<uninitialized>, irc=<uninitialized>, u2_events=<uninitialized>]
1406693027.375958 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] msg_type: count = 11
[3] length: count = 3085
1406693027.375958 ssl_server_curve
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=<uninitialized>, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] curve: count = 23
1406693027.375958 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] msg_type: count = 12
[3] length: count = 329
1406693027.375958 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=309, state=4, num_pkts=4, num_bytes_ip=609, flow_label=189105], resp=[size=3539, state=4, num_pkts=4, num_bytes_ip=2712, flow_label=0], start_time=1406693027.271405, duration=0.104553, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] msg_type: count = 14
[3] length: count = 0
1406693027.380883 ssl_handshake_message
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=435, state=4, num_pkts=6, num_bytes_ip=753, flow_label=189105], resp=[size=3539, state=4, num_pkts=5, num_bytes_ip=3907, flow_label=0], start_time=1406693027.271405, duration=0.109478, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=F, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] msg_type: count = 16
[3] length: count = 66
1406693027.380883 ssl_change_cipher_spec
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=435, state=4, num_pkts=6, num_bytes_ip=753, flow_label=189105], resp=[size=3539, state=4, num_pkts=5, num_bytes_ip=3907, flow_label=0], start_time=1406693027.271405, duration=0.109478, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
1406693027.453801 ssl_change_cipher_spec
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=435, state=4, num_pkts=7, num_bytes_ip=951, flow_label=189105], resp=[size=3590, state=4, num_pkts=5, num_bytes_ip=3907, flow_label=0], start_time=1406693027.271405, duration=0.182396, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
1406693027.453801 ssl_established
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=435, state=4, num_pkts=7, num_bytes_ip=951, flow_label=189105], resp=[size=3590, state=4, num_pkts=5, num_bytes_ip=3907, flow_label=0], start_time=1406693027.271405, duration=0.182396, service={^J^ISSL^J}, addl=, hot=0, history=ShADad, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=3, established=F, logged=F, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=<uninitialized>, issuer=<uninitialized>, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1406693027.557694 net_done
[0] t: time = 1406693027.557694
1406693027.557694 ChecksumOffloading::check
1406693027.557694 filter_change_tracking
1406693027.557694 connection_state_remove
[0] c: connection = [id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], orig=[size=572, state=5, num_pkts=14, num_bytes_ip=1592, flow_label=189105], resp=[size=4222, state=5, num_pkts=9, num_bytes_ip=4878, flow_label=0], start_time=1406693027.271405, duration=0.282358, service={^J^ISSL^J}, addl=, hot=0, history=ShADadFf, uid=C5abPgn1C03Sbffqi, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=[ts=1406693027.326615, uid=C5abPgn1C03Sbffqi, id=[orig_h=2600:100c:b00b:608b:a54c:8e84:2fe0:b532, orig_p=65378/tcp, resp_h=2607:f8b0:4000:805::1015, resp_p=443/tcp], version=TLSv12, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, curve=secp256r1, server_name=www.gmail.com, session_id=<uninitialized>, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, last_alert=<uninitialized>, next_protocol=<uninitialized>, analyzer_id=<uninitialized>, established=T, logged=T, delay_tokens=<uninitialized>, cert_chain=[[ts=1406693027.375958, fuid=FPXgbn2NMWgkfOPng, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1144, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=3b16cb10dc2473c647765831cc0fd7d4, sha1=22b390e67ae0189a30801ac5e6606173a5755f7c, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=FPXgbn2NMWgkfOPng, certificate=[version=3, serial=0AB8E81C57B01CEA, subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, not_valid_before=1405526976.0, not_valid_after=1413259200.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:www.gmail.com], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=CA Issuers - URI:http://pki.google.com/GIAG2.crt^JOCSP - URI:http://clients1.google.com/ocsp^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=B3:FC:D0:3D:13:2D:AE:14:4B:D8:4A:B0:AE:B7:3C:C4:35:A1:1E:8C], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://pki.google.com/GIAG2.crl^J]], san=[dns=[www.gmail.com], uri=<uninitialized>, email=<uninitialized>, ip=<uninitialized>, other_fields=F], basic_constraints=[ca=F, path_len=<uninitialized>]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=Fwx2PI3gD3MTEbcw4l, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=1032, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=9e4ac96474245129d9766700412a1f89, sha1=d83c1a7f4d0446bb2081b81a1670f8183451ca24, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=Fwx2PI3gD3MTEbcw4l, certificate=[version=3, serial=023A69, subject=CN=Google Internet Authority G2,O=Google Inc,C=US, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, not_valid_before=1365189355.0, not_valid_after=1428174955.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/gtglobal.crl^J], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://gtglobal-ocsp.geotrust.com^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.3.6.1.4.1.11129.2.5.1^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=0]], extracted=<uninitialized>], [ts=1406693027.375958, fuid=F9ksh2O6vL1ErnqBi, tx_hosts={^J^I2607:f8b0:4000:805::1015^J}, rx_hosts={^J^I2600:100c:b00b:608b:a54c:8e84:2fe0:b532^J}, conn_uids={^J^IC5abPgn1C03Sbffqi^J}, source=SSL, depth=0, analyzers={^J^IX509,^J^ISHA1,^J^IMD5^J}, mime_type=<uninitialized>, filename=<uninitialized>, duration=0 secs, local_orig=<uninitialized>, is_orig=F, seen_bytes=897, total_bytes=<uninitialized>, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=<uninitialized>, md5=2e7db2a31d0e3da4b25f49b9542a2e1a, sha1=7359755c6df9a0abc3060bce369564c8ec4542a3, sha256=<uninitialized>, x509=[ts=1406693027.375958, id=F9ksh2O6vL1ErnqBi, certificate=[version=3, serial=12BBE6, subject=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, issuer=OU=Equifax Secure Certificate Authority,O=Equifax,C=US, not_valid_before=1021968000.0, not_valid_after=1534838400.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>], handle=<no value description>, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4^J], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=^JFull Name:^J URI:http://crl.geotrust.com/crls/secureca.crl^J], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: X509v3 Any Policy^J CPS: https://www.geotrust.com/resources/repository^J]], san=<uninitialized>, basic_constraints=[ca=T, path_len=<uninitialized>]], extracted=<uninitialized>]], cert_chain_fuids=[FPXgbn2NMWgkfOPng, Fwx2PI3gD3MTEbcw4l, F9ksh2O6vL1ErnqBi], client_cert_chain=[], client_cert_chain_fuids=[], subject=CN=www.gmail.com,O=Google Inc,L=Mountain View,ST=California,C=US, issuer=CN=Google Internet Authority G2,O=Google Inc,C=US, client_subject=<uninitialized>, client_issuer=<uninitialized>, server_depth=0, client_depth=0], http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
1406693027.557694 bro_done
1406693027.557694 ChecksumOffloading::check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment