Filename: 170306-ZxhWIBGx0yZOeL0-w1wlMUDh.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 13.4772679806 seconds
Hash: 0849e2488b20e875c4ab93c1e8e1bc02
Uploaded: 1529367787

Logfiles


packet_stats.log - (4693 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           999          6048330      124748271      88101555         88.0b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           999            68001       29033589        162156        162.0m   78.55
TMM_RECEIVEPCAPFILE         IPv4       6           999             2628       19200543         22272         22.3m   10.79
TMM_DECODEPCAPFILE          IPv4       6           999             2793       18687891         21996         22.0m   10.66

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           999             2883          40017          3581          3.6m  2.62  
stream                  IPv4       6           999             2778       28891680         32314         32.3m  23.63 
detect                  IPv4       6           999            45387       19120980         97935         97.8m  71.62 
tcp-prune               IPv4       6           999             2616          25575          2920          2.9m  2.14  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           506             3183         402645          8851         4.5m  51.34 
stream                            IPv4       6           506             3087         129984          8389         4.2m  48.66 
Total                             IPv4                  1012                                          8620         8.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            17988          65634         41811         83.6k  0.09  
PROF_DETECT_RULES           IPv4       6           999             2604       19028198         28139         28.1m  30.74 
PROF_DETECT_STATEFUL_CONT    IPv4       6           999             2586          19959          3069          3.1m  3.35  
PROF_DETECT_PREFILTER       IPv4       6           999             7986         476199         29103         29.1m  31.79 
PROF_DETECT_PF_PAYLOAD      IPv4       6           506            14229         417084         25948         13.1m  14.36 
PROF_DETECT_PF_SORT1        IPv4       6           443             2598          24948          3030          1.3m  1.47  
PROF_DETECT_PF_SORT2        IPv4       6           999             2592         417429          3414          3.4m  3.73  
PROF_DETECT_NONMPMLIST      IPv4       6           999             2610          21969          3050          3.0m  3.33  
PROF_DETECT_ALERT           IPv4       6           999             2601          19839          2893          2.9m  3.16  
PROF_DETECT_CLEANUP         IPv4       6           999             2637          31986          2998          3.0m  3.28  
PROF_DETECT_GETSGH          IPv4       6           999             2601         396105          4299          4.3m  4.70  


suricata-4.0.0-etopen-all-perf.txt-2018-06-19-T-00-23-21-06192018.0023-170306-ZxhWIBGx0yZOeL0-w1wlMUDh.pcap.txt - (7510 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  --------------------------------------------------------------------------
  Date: 6/19/2018 -- 00:23:21. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2017944      1        5        153276       5.26   4        0        57240       38319.00    0.00        38319.00   
  2        2001330      1        8        1081941      37.16  334      0        37734       3239.34     0.00        3239.34    
  3        2014957      1        1        39354        1.35   2        0        26709       19677.00    0.00        19677.00   
  4        2024778      1        1        132438       4.55   39       0        22644       3395.85     0.00        3395.85    
  5        2008307      1        3        148128       5.09   43       0        19041       3444.84     0.00        3444.84    
  6        2022547      1        1        178248       6.12   58       0        18669       3073.24     0.00        3073.24    
  7        2018375      1        3        142332       4.89   11       0        16941       12939.27    0.00        12939.27   
  8        2018382      1        8        47634        1.64   11       0        6804        4330.36     0.00        4330.36    
  9        2018377      1        3        38709        1.33   11       0        6126        3519.00     0.00        3519.00    
  10       2008297      1        5        164238       5.64   55       0        5793        2986.15     0.00        2986.15    
  11       2009387      1        4        13953        0.48   3        0        5490        4651.00     0.00        4651.00    
  12       2022132      1        1        12006        0.41   3        0        4785        4002.00     0.00        4002.00    
  13       2015986      1        5        11850        0.41   3        0        4677        3950.00     0.00        3950.00    
  14       2014130      1        2        10041        0.34   3        0        4590        3347.00     0.00        3347.00    
  15       2024777      1        2        7179         0.25   2        0        4476        3589.50     0.00        3589.50    
  16       2018283      1        5        157518       5.41   55       0        4434        2863.96     0.00        2863.96    
  17       2017935      1        3        208494       7.16   69       0        4428        3021.65     0.00        3021.65    
  18       2018373      1        3        36378        1.25   11       0        4398        3307.09     0.00        3307.09    
  19       2003089      1        4        7935         0.27   2        0        4392        3967.50     0.00        3967.50    
  20       2019235      1        1        6975         0.24   2        0        4272        3487.50     0.00        3487.50    
  21       2020661      1        3        4104         0.14   1        0        4104        4104.00     0.00        4104.00    
  22       2021149      1        1        25506        0.88   8        0        4026        3188.25     0.00        3188.25    
  23       2103238      1        4        7593         0.26   2        0        3996        3796.50     0.00        3796.50    
  24       2008301      1        3        7209         0.25   2        0        3987        3604.50     0.00        3604.50    
  25       2008308      1        3        9483         0.33   3        0        3951        3161.00     0.00        3161.00    
  26       2001187      1        6        3948         0.14   1        0        3948        3948.00     0.00        3948.00    
  27       2018067      1        3        10101        0.35   3        0        3924        3367.00     0.00        3367.00    
  28       2103239      1        4        7545         0.26   2        0        3921        3772.50     0.00        3772.50    
  29       2018281      1        4        7356         0.25   2        0        3771        3678.00     0.00        3678.00    
  30       2008303      1        3        22878        0.79   8        0        3720        2859.75     0.00        2859.75    
  31       2008300      1        3        13026        0.45   4        0        3708        3256.50     0.00        3256.50    
  32       2018477      1        1        3672         0.13   1        0        3672        3672.00     0.00        3672.00    
  33       2024775      1        1        14709        0.51   5        0        3585        2941.80     0.00        2941.80    
  34       2021151      1        1        6396         0.22   2        0        3576        3198.00     0.00        3198.00    
  35       2103159      1        4        11592        0.40   4        0        3543        2898.00     0.00        2898.00    
  36       2024435      1        1        3489         0.12   1        0        3489        3489.00     0.00        3489.00    
  37       2102523      1        8        6399         0.22   2        0        3426        3199.50     0.00        3199.50    
  38       2019633      1        1        3390         0.12   1        0        3390        3390.00     0.00        3390.00    
  39       2103158      1        6        11868        0.41   4        0        3351        2967.00     0.00        2967.00    
  40       2008306      1        3        6021         0.21   2        0        3336        3010.50     0.00        3010.50    
  41       2021976      1        2        3315         0.11   1        0        3315        3315.00     0.00        3315.00    
  42       2102190      1        5        15969        0.55   5        0        3300        3193.80     0.00        3193.80    
  43       2022546      1        1        3282         0.11   1        0        3282        3282.00     0.00        3282.00    
  44       2021152      1        1        16548        0.57   6        0        3186        2758.00     0.00        2758.00    
  45       2102523      1        8        5799         0.20   2        0        3132        2899.50     0.00        2899.50    
  46       2008305      1        3        5802         0.20   2        0        2949        2901.00     0.00        2901.00    
  47       2025018      1        2        2904         0.10   1        0        2904        2904.00     0.00        2904.00    
  48       2021150      1        1        5589         0.19   2        0        2886        2794.50     0.00        2794.50    
  49       2008302      1        3        45972        1.58   17       0        2880        2704.24     0.00        2704.24    
  50       2008304      1        3        2805         0.10   1        0        2805        2805.00     0.00        2805.00    
  51       2018292      1        1        2796         0.10   1        0        2796        2796.00     0.00        2796.00    
  52       2025019      1        1        2745         0.09   1        0        2745        2745.00     0.00        2745.00    
  53       2020020      1        1        8121         0.28   3        0        2733        2707.00     0.00        2707.00    
  54       2012236      1        2        2712         0.09   1        0        2712        2712.00     0.00        2712.00    
  55       2021978      1        6        2667         0.09   1        0        2667        2667.00     0.00        2667.00    


stats.log - (1858 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
------------------------------------------------------------------------------------
Date: 6/19/2018 -- 00:23:21 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 999
decoder.bytes                              | Total                     | 114821
decoder.ipv4                               | Total                     | 999
decoder.ethernet                           | Total                     | 999
decoder.tcp                                | Total                     | 999
decoder.avg_pkt_size                       | Total                     | 114
decoder.max_pkt_size                       | Total                     | 1494
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


keyword_perf.log - (2052 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/19/2018 -- 00:23:21
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          80358           17              0               6645            4726.00         0.00            4726.00        
  byte_test        20364           4               4               6747            5091.00         5091.00         0.00           
  byte_extract     43479           4               4               27345           10869.00        10869.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          80358           17              0               6645            4726.00         0.00            4726.00        
  byte_test        20364           4               4               6747            5091.00         5091.00         0.00           
  byte_extract     43479           4               4               27345           10869.00        10869.00        0.00           


suricata-report-2018-06-19-T-00-23-21-06192018.0023-170306-ZxhWIBGx0yZOeL0-w1wlMUDh.pcap.txt - (18007 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/0849e2488b20e875c4ab93c1e8e1bc02d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/06192018.0023-170306-ZxhWIBGx0yZOeL0-w1wlMUDh.pcap -vvv -k none
elapsedtime:11.819817
stderr:
stdout:
19/6/2018 -- 00:23:09 - <Info> - Configuration node 'rule-files' redefined.
19/6/2018 -- 00:23:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
19/6/2018 -- 00:23:09 - <Info> - CPUs/cores online: 1
19/6/2018 -- 00:23:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33798 and 'request-body-inspect-window' set to 15628 after randomization.
19/6/2018 -- 00:23:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33576 and 'response-body-inspect-window' set to 16201 after randomization.
19/6/2018 -- 00:23:09 - <Config> - DNS request flood protection level: 500
19/6/2018 -- 00:23:09 - <Config> - DNS per flow memcap (state-memcap): 524288
19/6/2018 -- 00:23:09 - <Config> - DNS global memcap: 16777216
19/6/2018 -- 00:23:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/6/2018 -- 00:23:09 - <Config> - preallocated 1000 hosts of size 136
19/6/2018 -- 00:23:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
19/6/2018 -- 00:23:09 - <Config> - using magic-file /usr/share/file/magic
19/6/2018 -- 00:23:09 - <Config> - Core dump size is unlimited.
19/6/2018 -- 00:23:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
19/6/2018 -- 00:23:09 - <Config> - preallocated 1000 defrag trackers of size 168
19/6/2018 -- 00:23:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
19/6/2018 -- 00:23:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/6/2018 -- 00:23:09 - <Config> - stream "memcap": 33554432
19/6/2018 -- 00:23:09 - <Config> - stream "midstream" session pickups: disabled
19/6/2018 -- 00:23:09 - <Config> - stream "async-oneside": disabled
19/6/2018 -- 00:23:09 - <Config> - stream "checksum-validation": disabled
19/6/2018 -- 00:23:09 - <Config> - stream."inline": disabled
19/6/2018 -- 00:23:09 - <Config> - stream "bypass": disabled
19/6/2018 -- 00:23:09 - <Config> - stream "max-synack-queued": 5
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly "memcap": 134217728
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly "depth": 0
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly "toserver-chunk-size": 2631
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly "toclient-chunk-size": 2583
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly.raw: enabled
19/6/2018 -- 00:23:09 - <Config> - stream.reassembly "segment-prealloc": 2048
19/6/2018 -- 00:23:09 - <Config> - Delayed detect disabled
19/6/2018 -- 00:23:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/6/2018 -- 00:23:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/6/2018 -- 00:23:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/6/2018 -- 00:23:09 - <Config> - prefilter engines: MPM
19/6/2018 -- 00:23:09 - <Config> - IP reputation disabled
19/6/2018 -- 00:23:09 - <Perf> - Registered 148 keyword profiling counters.
19/6/2018 -- 00:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
19/6/2018 -- 00:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
19/6/2018 -- 00:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
19/6/2018 -- 00:23:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
19/6/2018 -- 00:23:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
19/6/2018 -- 00:23:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
19/6/2018 -- 00:23:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
19/6/2018 -- 00:23:12 - <Config> - No rules loaded from ET-emerging-icmp.rules.
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
19/6/2018 -- 00:23:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
19/6/2018 -- 00:23:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
19/6/2018 -- 00:23:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
19/6/2018 -- 00:23:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
19/6/2018 -- 00:23:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
19/6/2018 -- 00:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
19/6/2018 -- 00:23:17 - <Config> - No rules loaded from local.rules.
19/6/2018 -- 00:23:17 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
19/6/2018 -- 00:23:18 - <Info> - Threshold config parsed: 0 rule(s) found
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tcp-packet
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tcp-stream
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for udp-packet
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for other-ip
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_uri
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_request_line
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_client_body
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_response_line
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_header
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_header
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_header_names
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_header_names
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_accept
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_accept_enc
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_accept_lang
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_referer
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_connection
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_content_len
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_content_len
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_content_type
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_content_type
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_protocol
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_protocol
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_start
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_start
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_raw_header
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_raw_header
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_method
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_cookie
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_cookie
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_raw_uri
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_user_agent
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_host
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_raw_host
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_stat_msg
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_stat_code
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for dns_query
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tls_sni
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for tls_cert_serial
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for dce_stub_data
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for dce_stub_data
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for ssh_protocol
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for ssh_protocol
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for ssh_software
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for ssh_software
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for file_data
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for file_data
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_request_line
19/6/2018 -- 00:23:18 - <Perf> - using shared mpm ctx' for http_response_line
19/6/2018 -- 00:23:18 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
19/6/2018 -- 00:23:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/6/2018 -- 00:23:18 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
19/6/2018 -- 00:23:18 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/6/2018 -- 00:23:18 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
19/6/2018 -- 00:23:18 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
19/6/2018 -- 00:23:18 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
19/6/2018 -- 00:23:18 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/6/2018 -- 00:23:19 - <Perf> - Unique rule groups: 111
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toserver TCP packet": 31
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toserver TCP stream": 31
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toserver UDP packet": 33
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "toclient UDP packet": 15
19/6/2018 -- 00:23:19 - <Perf> - Builtin MPM "other IP packet": 2
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_uri": 8
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_request_line": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_client_body": 6
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_response_line": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_header": 6
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_header": 3
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_header_names": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_accept": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_referer": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_content_len": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_content_type": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_content_type": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_start": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_method": 3
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_cookie": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_cookie": 2
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver http_host": 2
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver dns_query": 4
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver tls_sni": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toserver file_data": 1
19/6/2018 -- 00:23:19 - <Perf> - AppLayer MPM "toclient file_data": 5
19/6/2018 -- 00:23:20 - <Perf> - Registered 18241 rule profiling counters.
19/6/2018 -- 00:23:20 - <Info> - fast output device (regular) initialized: alert
19/6/2018 -- 00:23:20 - <Info> - eve-log output device (regular) initialized: eve.json
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'alert'
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'http'
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'dns'
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'tls'
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'files'
19/6/2018 -- 00:23:20 - <Config> - enabling 'eve-log' module 'ssh'
19/6/2018 -- 00:23:20 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
19/6/2018 -- 0

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1174 bytes) - download
1
2
3
4
5
6
7
8
2018-06-19 00:23:08,144 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-06-19 00:23:09,384 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-06-19 00:23:09,385 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-06-19 00:23:09,386 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-06-19 00:23:09,386 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-06-19 00:23:09,386 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/0849e2488b20e875c4ab93c1e8e1bc02d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/06192018.0023-170306-ZxhWIBGx0yZOeL0-w1wlMUDh.pcap -vvv -k none
2018-06-19 00:23:21,209 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-06-19 00:23:21,210 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 13.0803101063