Filename: 1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.0408270359 seconds
Hash: 0b30c4def5a3a133794a0bfd949c3a10
Uploaded: 1561459198

Logfiles


unified2.alert.1561459218 - (7872 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
4]öüÓ¾ÈSÀ¨#þÀ¨#PÀ=è]öü]öüÓ¾ÌE¾ñÖÀ¨#þÀ¨#PÀ=Pš HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:27:08 GMT

T]öü]öüÓ¾8E*ñjÀ¨#þÀ¨#PÀ=P	[<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
T]öü]öüÓ¾8E*ñjÀ¨#þÀ¨#PÀ=P	[<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷¿˜ÈSÓEÀ¨#PÀ?è]÷]÷¿˜ÌE¾ì"ÓEÀ¨#PÀ?P“iHTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:27:19 GMT

T]÷]÷¿˜8E*ë¶ÓEÀ¨#PÀ?P¥<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷%
ÈSÀ¨#þÀ¨#PÀCè]÷%]÷%
ÌE¾ñÖÀ¨#þÀ¨#PÀCP–HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:27:49 GMT

T]÷%]÷%
8E*ñjÀ¨#þÀ¨#PÀCP	U<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷/
³…ÈSÓEÀ¨#PÀEè]÷/]÷/
³…ÌE¾ì"ÓEÀ¨#PÀEPcHTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:27:59 GMT

T]÷/]÷/
³…8E*ë¶ÓEÀ¨#PÀEPŸ<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
T]÷/]÷/
³…8E*ë¶ÓEÀ¨#PÀEPŸ<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷N}ÈSÀ¨#þÀ¨#PÀIè]÷N]÷N}ÌE¾ñÖÀ¨#þÀ¨#PÀIP–HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:28:30 GMT

T]÷N]÷N}8E*ñjÀ¨#þÀ¨#PÀIP	O<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
T]÷N]÷N}8E*ñjÀ¨#þÀ¨#PÀIP	O<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷X…ÊÈSÓEÀ¨#PÀKè]÷X]÷X…ÊÌE¾ì"ÓEÀ¨#PÀKPfHTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:28:40 GMT

T]÷X]÷X…Ê8E*ë¶ÓEÀ¨#PÀKP™<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷vH±ÈSÀ¨#þÀ¨#PÀOè]÷v]÷vH±ÌE¾ñÖÀ¨#þÀ¨#PÀOP—HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:29:10 GMT

T]÷v]÷vH±8E*ñjÀ¨#þÀ¨#PÀOP	I<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4]÷€9:ÈSÓEÀ¨#PÀQè]÷€]÷€9:ÌE¾ì"ÓEÀ¨#PÀQP`HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:29:20 GMT

T]÷€]÷€9:8E*ë¶ÓEÀ¨#PÀQP“<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4	]÷Ÿ~ãÈSÀ¨#þÀ¨#PÀUè	]÷Ÿ]÷Ÿ~ãÌE¾ñÖÀ¨#þÀ¨#PÀUP“HTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:29:51 GMT

T	]÷Ÿ]÷Ÿ~ã8E*ñjÀ¨#þÀ¨#PÀUP	C<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
4
]÷©¤ÈSÓEÀ¨#PÀWè
]÷©]÷©¤ÌE¾ì"ÓEÀ¨#PÀWP›XHTTP/1.1 200 OK
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html
Date: Tue, 25 Jun 2019 10:30:01 GMT

T
]÷©]÷©¤8E*ë¶ÓEÀ¨#PÀWP<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>
T
]÷©]÷©¤8E*ë¶ÓEÀ¨#PÀWP<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>


suricata-4.0.0-etpro-all-perf.txt-2019-06-25-T-10-40-19-06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap.txt - (21206 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/25/2019 -- 10:40:19. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2828122      1        2        783695       2.66   10       0        434102      78369.50    0.00        78369.50   
  2        2810326      1        4        712515       2.42   10       0        424270      71251.50    0.00        71251.50   
  3        2816928      1        3        686235       2.33   10       0        423260      68623.50    0.00        68623.50   
  4        2802876      1        3        505237       1.72   10       0        422240      50523.70    0.00        50523.70   
  5        2018242      1        5        650704       2.21   10       0        416933      65070.40    0.00        65070.40   
  6        2816328      1        5        645150       2.19   10       0        416726      64515.00    0.00        64515.00   
  7        2022074      1        3        662970       2.25   10       0        413117      66297.00    0.00        66297.00   
  8        2816165      1        5        597659       2.03   10       0        404190      59765.90    0.00        59765.90   
  9        2018358      1        7        837327       2.84   10       0        123677      83732.70    0.00        83732.70   
  10       2011894      1        19       531353       1.80   10       0        93990       53135.30    0.00        53135.30   
  11       2815254      1        7        540327       1.84   10       0        72524       54032.70    0.00        54032.70   
  12       2816931      1        3        323763       1.10   10       0        70435       32376.30    0.00        32376.30   
  13       2018452      1        15       459630       1.56   10       0        69018       45963.00    0.00        45963.00   
  14       2025064      1        5        406273       1.38   10       0        68284       40627.30    0.00        40627.30   
  15       2816909      1        2        562880       1.91   10       0        68019       56288.00    0.00        56288.00   
  16       2022198      1        2        299540       1.02   5        0        65761       59908.00    0.00        59908.00   
  17       2816910      1        2        535618       1.82   10       0        64430       53561.80    0.00        53561.80   
  18       2025441      1        2        62691        0.21   1        0        62691       62691.00    0.00        62691.00   
  19       2017613      1        9        332137       1.13   10       0        61326       33213.70    0.00        33213.70   
  20       2018958      1        18       421977       1.43   10       0        59638       42197.70    0.00        42197.70   
  21       2816940      1        2        526847       1.79   10       0        56939       52684.70    0.00        52684.70   
  22       2816929      1        4        416905       1.42   10       0        56560       41690.50    0.00        41690.50   
  23       2812916      1        6        303352       1.03   10       0        55417       30335.20    0.00        30335.20   
  24       2816356      1        2        410966       1.40   10       0        54583       41096.60    0.00        41096.60   
  25       2816525      1        10       345588       1.17   10       0        52939       34558.80    0.00        34558.80   
  26       2829848      1        2        306764       1.04   10       0        50112       30676.40    0.00        30676.40   
  27       2022609      1        2        377084       1.28   10       0        49870       37708.40    0.00        37708.40   
  28       2819673      1        4        362047       1.23   10       0        49609       36204.70    0.00        36204.70   
  29       2003657      1        18       244327       0.83   10       0        49500       24432.70    0.00        24432.70   
  30       2018496      1        9        342448       1.16   10       0        48788       34244.80    0.00        34244.80   
  31       2809859      1        6        288795       0.98   10       0        48116       28879.50    0.00        28879.50   
  32       2816922      1        5        296496       1.01   10       0        48088       29649.60    0.00        29649.60   
  33       2815483      1        6        47891        0.16   1        0        47891       47891.00    0.00        47891.00   
  34       2022073      1        2        47047        0.16   1        0        47047       47047.00    0.00        47047.00   
  35       2820851      1        5        359467       1.22   10       0        46361       35946.70    0.00        35946.70   
  36       2809547      1        5        277756       0.94   10       0        46140       27775.60    0.00        27775.60   
  37       2821561      1        2        289796       0.98   10       0        45612       28979.60    0.00        28979.60   
  38       2022502      1        4        393553       1.34   10       0        44931       39355.30    0.00        39355.30   
  39       2019344      1        5        345678       1.17   10       0        44299       34567.80    0.00        34567.80   
  40       2024771      1        1        317895       1.08   10       0        43930       31789.50    0.00        31789.50   
  41       2018981      1        4        292217       0.99   10       0        43450       29221.70    0.00        29221.70   
  42       2827757      1        3        71140        0.24   2        0        41116       35570.00    0.00        35570.00   
  43       2016759      1        1        181089       0.62   5        0        40922       36217.80    0.00        36217.80   
  44       2816327      1        4        334872       1.14   10       0        40769       33487.20    0.00        33487.20   
  45       2021068      1        2        182756       0.62   5        5        40403       36551.20    36551.20    0.00       
  46       2816526      1        13       279668       0.95   10       0        39839       27966.80    0.00        27966.80   
  47       2816925      1        3        323133       1.10   10       0        39560       32313.30    0.00        32313.30   
  48       2805260      1        4        222344       0.76   10       0        39335       22234.40    0.00        22234.40   
  49       2019881      1        3        278924       0.95   10       0        38813       27892.40    0.00        27892.40   
  50       2012612      1        16       230063       0.78   10       0        38455       23006.30    0.00        23006.30   
  51       2024178      1        2        226822       0.77   10       0        38367       22682.20    0.00        22682.20   
  52       2018983      1        7        269506       0.92   10       0        38152       26950.60    0.00        26950.60   
  53       2016858      1        10       277523       0.94   10       0        37562       27752.30    0.00        27752.30   
  54       2025178      1        2        36965        0.13   1        0        36965       36965.00    0.00        36965.00   
  55       2025119      1        3        36451        0.12   1        0        36451       36451.00    0.00        36451.00   
  56       2014701      1        12       65081        0.22   4        0        36436       16270.25    0.00        16270.25   
  57       2828060      1        4        282682       0.96   10       0        36357       28268.20    0.00        28268.20   
  58       2815756      1        2        36049        0.12   1        0        36049       36049.00    0.00        36049.00   
  59       2823937      1        13       110774       0.38   10       0        35981       11077.40    0.00        11077.40   
  60       2815755      1        2        35974        0.12   1        0        35974       35974.00    0.00        35974.00   
  61       2017552      1        6        606409       2.06   31       0        34721       19561.58    0.00        19561.58   
  62       2826256      1        2        225389       0.77   10       0        34695       22538.90    0.00        22538.90   
  63       2815476      1        6        34453        0.12   1        0        34453       34453.00    0.00        34453.00   
  64       2811273      1        6        34290        0.12   1        0        34290       34290.00    0.00        34290.00   
  65       2815750      1        2        34065        0.12   1        0        34065       34065.00    0.00        34065.00   
  66       2018166      1        3        33837        0.11   1        0        33837       33837.00    0.00        33837.00   
  67       2815477      1        6        33522        0.11   1        0        33522       33522.00    0.00        33522.00   
  68       2815749      1        2        33309        0.11   1        0        33309       33309.00    0.00        33309.00   
  69       2815482      1        6        33189        0.11   1        0        33189       33189.00    0.00        33189.00   
  70       2827580      1        7        216983       0.74   10       0        33010       21698.30    0.00        21698.30   
  71       2012707      1        5        220424       0.75   10       0        32511       22042.40    0.00        22042.40   
  72       2812918      1        3        287105       0.98   10       0        32496       28710.50    0.00        28710.50   
  73       2816924      1        4        266866       0.91   10       0        32427       26686.60    0.00        26686.60   
  74       2828986      1        2        275686       0.94   10       0        32268       27568.60    0.00        27568.60   
  75       2015968      1        8        151876       0.52   5        0        32145       30375.20    0.00        30375.20   
  76       2815817      1        5        276226       0.94   10       0        31379       27622.60    0.00        27622.60   
  77       2821615      1        2        271387       0.92   10       0        31093       27138.70    0.00        27138.70   
  78       2016537      1        2        402805       1.37   21       0        30159       19181.19    0.00        19181.19   
  79       2816930      1        4        260849       0.89   10       0        29596       26084.90    0.00        26084.90   
  80       2102190      1        5        124441       0.42   34       0        28290       3660.03     0.00        3660.03    
  81       2816927      1        3        257507       0.87   10       0        28155       25750.70    0.00        25750.70   
  82       2003492      1        30       211589       0.72   10       0        28128       21158.90    0.00        21158.90   
  83       2020786      1        4        27557        0.09   1        0        27557       27557.00    0.00        27557.00   
  84       2019501      1        2        208958       0.71   10       0        27306       20895.80    0.00        20895.80   
  85       2804626      1        9        212040       0.72   10       0        25282       21204.00    0.00        21204.00   
  86       2023611      1        3        25265        0.09   1        0        25265       25265.00    0.00        25265.00   
  87       2020705      1        4        202389       0.69   10       0        24742       20238.90    0.00        20238.90   
  88       2816669      1        4        216040       0.73   10       0        24742       21604.00    0.00        21604.00   
  89       2827279      1        5        204286       0.69   10       0        24545       20428.60    0.00        20428.60   
  90       2017363      1        2        211394       0.72   10       10       24361       21139.40    21139.40    0.00       
  91       2016223      1        10       204885       0.70   10       0        24232       20488.50    0.00        20488.50   
  92       2020380      1        3        206991       0.70   10       0        24057       20699.10    0.00        20699.10   
  93       2020698      1        2        23401        0.08   1        0        23401       23401.00    0.00        23401.00   
  94       2828008      1        2        200289       0.68   10       0        23013       20028.90    0.00        20028.90   
  95       2809682      1        5        204547       0.69   10       0        22752       20454.70    0.00        20454.70   
  96       2018010      1        5        202349       0.69   10       0        21973       20234.90    0.00        20234.90   
  97       2811282      1        7        21414        0.07   1        0        21414       21414.00    0.00        21414.00   
  98       2811275      1        8        21005        0.07   1        0        21005       21005.00    0.00        21005.00   
  99       2019602      1        1        20920        0.07   1        0        20920       20920.00    0.00        20920.00   
  100      2811276      1        7        20636        0.07   1        0        20636       20636.00    0.00        20636.00   
  101      2811281      1        8        20622        0.07   1        0        20622       20622.00    0.00        20622.00   
  102      2103159      1        4        20440        0.07   1        0        20440       20440.00    0.00        20440.00   
  103      2017695      1        4        20360        0.07   1        0        20360       20360.00    0.00        20360.00   
  104      2017902      1        4        20320        0.07   1        0        20320       20320.00    0.00        20320.00   
  105      2020608      1        4        20104        0.07   1        0        20104       20104.00    0.00        20104.00   
  106      2020765      1        2        19949        0.07   1        0        19949       19949.00    0.00        19949.00   
  107      2020780      1        2        19528        0.07   1        0        19528       19528.00    0.00        19528.00   
  108      2811542      1        1        41389        0.14   4        0        19343       10347.25    0.00        10347.25   
  109      2020777      1        2        19156        0.07   1        0        19156       19156.00    0.00        19156.00   
  110      2022543      1        1        33961        0.12   2        0        18695       16980.50    0.00        16980.50   
  111      2020769      1        2        18227        0.06   1        0        18227       18227.00    0.00        18227.00   
  112      2020774      1        2        17669        0.06   1        0        17669       17669.00    0.00        17669.00   
  113      2807559      1        2        240746       0.82   20       0        17577       12037.30    0.00        12037.30   
  114      2024513      1        5        93227        0.32   10       0        16826       9322.70     0.00        9322.70    
  115      2826281      1        2        32513        0.11   2        0        16544       16256.50    0.00        16256.50   
  116      2803760      1        3        31883        0.11   2        0        16303       15941.50    0.00        15941.50   
  117      2819934      1        2        88205        0.30   10       0        16161       8820.50     0.00        8820.50    
  118      2814679      1        4        25770        0.09   2        0        16043       12885.00    0.00        12885.00   
  119      2014703      1        9        36031        0.12   4        0        15170       9007.75     0.00        9007.75    
  120      2014702      1        9        35518        0.12   4        0        15068       8879.50     0.00        8879.50    
  121      2015986      1        5        83862        0.28   26       0        13553       3225.46     0.00        3225.46    
  122      2008420      1        4        62526        0.21   20       0        5036        3126.30     0.00        3126.30    
  123      2810801      1        5        22929        0.08   7        0        4275        3275.57     0.00        3275.57    
  124      2804586      1        2        32977        0.11   10       0        4199        3297.70     0.00        3297.70    
  125      2806561      1        5        6

This file has been truncated. Go here to download in full.


packet_stats.log - (12265 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           279          2956706      109210752      67236111         18.8b   99.66
 IPv4      17             4         14266430       17493059      15892184         63.6m    0.34
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           279            66070       10802718        334790         93.4m   87.72
TMM_FLOWWORKER              IPv4      17             4           452370       10024386       2869671         11.5m   10.78
TMM_RECEIVEPCAPFILE         IPv4       6           264             2535          29603          2885        761.8k    0.72
TMM_RECEIVEPCAPFILE         IPv4      17             4             2626          10099          4642         18.6k    0.02
TMM_DECODEPCAPFILE          IPv4       6           264             2654          34184          2994        790.4k    0.74
TMM_DECODEPCAPFILE          IPv4      17             4             2866          18134          6816         27.3k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           264             2812          30669          3636        960.0k  1.11  
flow                    IPv4      17             4             3314          30463         12348         49.4k  0.06  
stream                  IPv4       6           279             2735       10620892         51032         14.2m  16.45 
app-layer               IPv4      17             4            14711         142974         54785        219.1k  0.25  
detect                  IPv4       6           279            44341        6470068        245981         68.6m  79.29 
detect                  IPv4      17             4           225628         632373        415699          1.7m  1.92  
tcp-prune               IPv4       6           279             2540          19067          2872        801.4k  0.93  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            10             3755          11363          5028         50.3k  46.11 
dns                     IPv4      17             4             5045           9045          6851         27.4k  25.13 
failed                  IPv4       6            12             2536           3332          2613         31.4k  28.76 
Proto detect            IPv4       6            23             2763           5347          3598         82.8k
Proto detect            IPv4      17             4             5152          23412         14282         57.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            10            16553          89646         28796        288.0k  2.13  
LOGGER_UNIFIED2             IPv4       6            10            23942         557499         81419        814.2k  6.03  
LOGGER_JSON_ALERT           IPv4       6            10            48042         470914        103212          1.0m  7.64  
LOGGER_JSON_DNS             IPv4      17             4            45525        9289139       2366572          9.5m  70.08 
LOGGER_JSON_HTTP            IPv4       6            10            39938         510410        123182          1.2m  9.12  
LOGGER_JSON_FILE            IPv4       6            10            50896          90503         67562        675.6k  5.00  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            89             2548         178061         29329         2.6m  25.48 
payload                           IPv4      17             4            19738         147073         72183       288.7k  2.82  
stream                            IPv4       6            89             2545         543770         36099         3.2m  31.36 
http_uri                          IPv4       6            10             9158          47814         16773       167.7k  1.64  
http_request_line                 IPv4       6            10             3858          11970          5678        56.8k  0.55  
http_client_body                  IPv4       6            23             2758         441934         32825       755.0k  7.37  
http_header (request)             IPv4       6            10            29649         286945         85378       853.8k  8.33  
http_header (request trailer)     IPv4       6            10             2564           4080          2891        28.9k  0.28  
http_header_names (request)       IPv4       6            10             9305          74626         22754       227.5k  2.22  
http_accept (request)             IPv4       6            10             3044           5403          3574        35.7k  0.35  
http_referer (request)            IPv4       6            10             2942           3479          3103        31.0k  0.30  
http_content_len (request)        IPv4       6            10             3551           6113          4391        43.9k  0.43  
http_content_type (request)       IPv4       6            10             2977           4288          3273        32.7k  0.32  
http_protocol (request)           IPv4       6            10             3426           5557          4108        41.1k  0.40  
http_start (request)              IPv4       6            10             9402          30163         14701       147.0k  1.43  
http_raw_header (request)         IPv4       6            23             5211          39650         10654       245.1k  2.39  
http_method                       IPv4       6            10             3864           7089          4839        48.4k  0.47  
http_cookie (request)             IPv4       6            10             3724          21170          6164        61.6k  0.60  
http_raw_uri                      IPv4       6            10             3295           4842          3801        38.0k  0.37  
http_user_agent                   IPv4       6            10            14755          78640         29832       298.3k  2.91  
http_host                         IPv4       6            10             3660          10234          5884        58.8k  0.57  
dns_query                         IPv4      17             2            12361          26618         19489        39.0k  0.38  
http_response_line                IPv4       6            10             4590          17544          7229        72.3k  0.71  
http_header (response)            IPv4       6            10            11696         450159         60226       602.3k  5.88  
http_header (response trailer)    IPv4       6            10             2604           3133          2739        27.4k  0.27  
http_content_type (response)      IPv4       6            10             4622           9625          6182        61.8k  0.60  
http_raw_header (response)        IPv4       6            10             7407           9318          7989        79.9k  0.78  
http_cookie (response)            IPv4       6            10             2872           3560          3079        30.8k  0.30  
http_stat_code                    IPv4       6            10             3168          16691          4863        48.6k  0.47  
Total                             IPv4                   460                                         22272        10.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            64             6261         442917         45535          2.9m  3.21  
PROF_DETECT_IPONLY          IPv4      17             4             7403          99202         46588        186.4k  0.21  
PROF_DETECT_RULES           IPv4       6           279             2519        4776836        122961         34.3m  37.81 
PROF_DETECT_RULES           IPv4      17             4           119168         246774        177739        711.0k  0.78  
PROF_DETECT_STATEFUL_START    IPv4       6            41             5183        2133454        370160         15.2m  16.73 
PROF_DETECT_STATEFUL_CONT    IPv4       6           279             2505          20268          4092          1.1m  1.26  
PROF_DETECT_STATEFUL_CONT    IPv4      17             4             6430          51700         19902         79.6k  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            84             2551          17658          2929        246.0k  0.27  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2877           3033          2936         11.7k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           279             7714        1262432         59909         16.7m  18.42 
PROF_DETECT_PREFILTER       IPv4      17             4            42754         173761        114954        459.8k  0.51  
PROF_DETECT_PF_PAYLOAD      IPv4       6            89            15516         554783         83341          7.4m  8.18  
PROF_DETECT_PF_PAYLOAD      IPv4      17             4            25100         152834         77752        311.0k  0.34  
PROF_DETECT_PF_TX           IPv4       6            84             2630         669950         63131          5.3m  5.84  
PROF_DETECT_PF_TX           IPv4      17             2            19229          33749         26489         53.0k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6            70             2547          28442          4310        301.7k  0.33  
PROF_DETECT_PF_SORT1        IPv4      17             4             3737           4826          4253         17.0k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           279             2511         411411          4731          1.3m  1.46  
PROF_DETECT_PF_SORT2        IPv4      17             4             2877          13124          6270         25.1k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6           279             2536           4290          2855        796.7k  0.88  
PROF_DETECT_NONMPMLIST      IPv4      17             4             2790           3809          3419         13.7k  0.02  
PROF_DETECT_ALERT           IPv4       6           279             2518         461227          4438          1.2m  1.36  
PROF_DETECT_ALERT           IPv4      17             4             2529           9340          4835         19.3k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           279             2547          11887          2880        803.7k  0.89  
PROF_DETECT_CLEANUP         IPv4      17             4             3199           4900          3976         15.9k  0.02  
PROF_DETECT_GETSGH          IPv4       6           279             2534          34425          4008          1.1m  1.23  
PROF_DETECT_GETSGH          IPv4      17             4             5978           7125          6395         25.6k  0.03  


suricata-4.0.0-etpro-all-alert-2019-06-25-T-10-40-19-06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap.txt - (2180 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
06/25/2019-10:27:08.512958  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.35.254:80 -> 192.168.35.21:49213
06/25/2019-10:27:19.376728  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 211.21.23.69:80 -> 192.168.35.21:49215
06/25/2019-10:27:49.657174  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.35.254:80 -> 192.168.35.21:49219
06/25/2019-10:27:59.897925  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 211.21.23.69:80 -> 192.168.35.21:49221
06/25/2019-10:28:30.032028  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.35.254:80 -> 192.168.35.21:49225
06/25/2019-10:28:40.296394  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 211.21.23.69:80 -> 192.168.35.21:49227
06/25/2019-10:29:10.477361  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.35.254:80 -> 192.168.35.21:49231
06/25/2019-10:29:20.997690  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 211.21.23.69:80 -> 192.168.35.21:49233
06/25/2019-10:29:51.229091  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.35.254:80 -> 192.168.35.21:49237
06/25/2019-10:30:01.726948  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 211.21.23.69:80 -> 192.168.35.21:49239


stats.log - (2838 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 6/25/2019 -- 10:40:19 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 268
decoder.bytes                              | Total                     | 30227
decoder.ipv4                               | Total                     | 268
decoder.ethernet                           | Total                     | 268
decoder.tcp                                | Total                     | 264
decoder.udp                                | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 112
decoder.max_pkt_size                       | Total                     | 401
flow.tcp                                   | Total                     | 32
flow.udp                                   | Total                     | 2
tcp.sessions                               | Total                     | 32
tcp.syn                                    | Total                     | 32
tcp.synack                                 | Total                     | 32
tcp.rst                                    | Total                     | 15
tcp.overlap                                | Total                     | 4
detect.alert                               | Total                     | 10
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 3
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 10
app_layer.tx.http                          | Total                     | 10
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
flow.spare                                 | Total                     | 9992
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (17412 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{"timestamp":"2019-06-25T10:26:44.409278+0000","flow_id":1773868585074366,"pcap_cnt":1,"event_type":"dns","src_ip":"192.168.35.21","src_port":58094,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60648,"rrname":"rosaf112.ddns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-25T10:26:44.602823+0000","flow_id":1773868585074366,"pcap_cnt":2,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.35.21","dest_port":58094,"proto":"UDP","dns":{"type":"answer","id":60648,"rcode":"NOERROR","rrname":"rosaf112.ddns.net","rrtype":"A","ttl":3600,"rdata":"192.168.35.254"}}
{"timestamp":"2019-06-25T10:27:08.340459+0000","flow_id":356237321187819,"pcap_cnt":18,"event_type":"dns","src_ip":"192.168.35.21","src_port":53447,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12291,"rrname":"rosaf112.ddns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-25T10:27:08.348798+0000","flow_id":356237321187819,"pcap_cnt":19,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.35.21","dest_port":53447,"proto":"UDP","dns":{"type":"answer","id":12291,"rcode":"NOERROR","rrname":"rosaf112.ddns.net","rrtype":"A","ttl":3600,"rdata":"192.168.35.254"}}
{"timestamp":"2019-06-25T10:27:08.422350+0000","flow_id":931810183505969,"pcap_cnt":30,"event_type":"http","src_ip":"192.168.35.21","src_port":49213,"dest_ip":"192.168.35.254","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rosaf112.ddns.net","url":"\/2d8a1e70000009e0","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:27:08.512958+0000","flow_id":931810183505969,"pcap_cnt":32,"event_type":"alert","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49213,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:27:08.512958+0000","flow_id":931810183505969,"pcap_cnt":32,"event_type":"fileinfo","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49213,"proto":"TCP","http":{"hostname":"rosaf112.ddns.net","url":"\/2d8a1e70000009e0","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/2d8a1e70000009e0","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:27:19.376673+0000","flow_id":2205770498661338,"pcap_cnt":49,"event_type":"http","src_ip":"192.168.35.21","src_port":49215,"dest_ip":"211.21.23.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"211.21.23.69","url":"\/aad76d7e000009eb","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:27:19.376728+0000","flow_id":2205770498661338,"pcap_cnt":51,"event_type":"alert","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49215,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:27:19.376728+0000","flow_id":2205770498661338,"pcap_cnt":51,"event_type":"fileinfo","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49215,"proto":"TCP","http":{"hostname":"211.21.23.69","url":"\/aad76d7e000009eb","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/aad76d7e000009eb","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:27:49.657174+0000","flow_id":1319783171991883,"pcap_cnt":80,"event_type":"alert","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49219,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:27:49.657174+0000","flow_id":1319783171991883,"pcap_cnt":80,"event_type":"http","src_ip":"192.168.35.21","src_port":49219,"dest_ip":"192.168.35.254","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rosaf112.ddns.net","url":"\/3996222000000a05","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:27:49.657174+0000","flow_id":1319783171991883,"pcap_cnt":80,"event_type":"fileinfo","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49219,"proto":"TCP","http":{"hostname":"rosaf112.ddns.net","url":"\/3996222000000a05","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/3996222000000a05","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:27:59.897925+0000","flow_id":469061820424749,"pcap_cnt":100,"event_type":"alert","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49221,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:27:59.897925+0000","flow_id":469061820424749,"pcap_cnt":100,"event_type":"http","src_ip":"192.168.35.21","src_port":49221,"dest_ip":"211.21.23.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"211.21.23.69","url":"\/cd03fce000000a0d","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:27:59.897925+0000","flow_id":469061820424749,"pcap_cnt":100,"event_type":"fileinfo","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49221,"proto":"TCP","http":{"hostname":"211.21.23.69","url":"\/cd03fce000000a0d","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/cd03fce000000a0d","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:28:30.031392+0000","flow_id":2014661638431705,"pcap_cnt":130,"event_type":"http","src_ip":"192.168.35.21","src_port":49225,"dest_ip":"192.168.35.254","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rosaf112.ddns.net","url":"\/07914f4a00000a27","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:28:30.032028+0000","flow_id":2014661638431705,"pcap_cnt":132,"event_type":"alert","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49225,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:28:30.032028+0000","flow_id":2014661638431705,"pcap_cnt":132,"event_type":"fileinfo","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49225,"proto":"TCP","http":{"hostname":"rosaf112.ddns.net","url":"\/07914f4a00000a27","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/07914f4a00000a27","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:28:40.295994+0000","flow_id":207867681966977,"pcap_cnt":149,"event_type":"http","src_ip":"192.168.35.21","src_port":49227,"dest_ip":"211.21.23.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"211.21.23.69","url":"\/9774976600000a2f","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:28:40.296394+0000","flow_id":207867681966977,"pcap_cnt":151,"event_type":"alert","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49227,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:28:40.296394+0000","flow_id":207867681966977,"pcap_cnt":151,"event_type":"fileinfo","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49227,"proto":"TCP","http":{"hostname":"211.21.23.69","url":"\/9774976600000a2f","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/9774976600000a2f","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:29:10.477302+0000","flow_id":778187801293152,"pcap_cnt":180,"event_type":"http","src_ip":"192.168.35.21","src_port":49231,"dest_ip":"192.168.35.254","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rosaf112.ddns.net","url":"\/f8b7d9ac00000a48","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:29:10.477361+0000","flow_id":778187801293152,"pcap_cnt":182,"event_type":"alert","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49231,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:29:10.477361+0000","flow_id":778187801293152,"pcap_cnt":182,"event_type":"fileinfo","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49231,"proto":"TCP","http":{"hostname":"rosaf112.ddns.net","url":"\/f8b7d9ac00000a48","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/f8b7d9ac00000a48","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:29:20.997293+0000","flow_id":1225014724580856,"pcap_cnt":199,"event_type":"http","src_ip":"192.168.35.21","src_port":49233,"dest_ip":"211.21.23.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"211.21.23.69","url":"\/8a157fec00000a51","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:29:20.997690+0000","flow_id":1225014724580856,"pcap_cnt":201,"event_type":"alert","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49233,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:29:20.997690+0000","flow_id":1225014724580856,"pcap_cnt":201,"event_type":"fileinfo","src_ip":"211.21.23.69","src_port":80,"dest_ip":"192.168.35.21","dest_port":49233,"proto":"TCP","http":{"hostname":"211.21.23.69","url":"\/8a157fec00000a51","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/8a157fec00000a51","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:29:51.228552+0000","flow_id":1307761566493426,"pcap_cnt":230,"event_type":"http","src_ip":"192.168.35.21","src_port":49237,"dest_ip":"192.168.35.254","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rosaf112.ddns.net","url":"\/fc0141ec00000a6a","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:29:51.229091+0000","flow_id":1307761566493426,"pcap_cnt":232,"event_type":"alert","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49237,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-06-25T10:29:51.229091+0000","flow_id":1307761566493426,"pcap_cnt":232,"event_type":"fileinfo","src_ip":"192.168.35.254","src_port":80,"dest_ip":"192.168.35.21","dest_port":49237,"proto":"TCP","http":{"hostname":"rosaf112.ddns.net","url":"\/fc0141ec00000a6a","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/fc0141ec00000a6a","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-06-25T10:30:01.726508+0000","flow_id":549751379015237,"pcap_cnt":250,"event_type":"http","src_ip":"192.168.35.21","src_port":49239,"dest_ip":"211.21.23.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"211.21.23.69","url":"\/c8cf49f600000a73","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0000; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-06-25T10:30:01.726948+0000","flow_id":549751379015237,"pcap_cnt":252,"

This file has been truncated. Go here to download in full.


keyword_perf.log - (11817 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/25/2019 -- 10:40:19
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             3291598         789             789             390305          4171.00         4171.00         0.00           
  content          5692570         1331            869             408953          4276.00         4277.00         4275.00        
  pcre             1346409         253             95              26845           5321.00         5376.00         5289.00        
  byte_test        40111           12              4               5968            3342.00         4432.00         2797.00        
  byte_jump        51733           11              0               16565           4703.00         0.00            4703.00        
  isdataat         5716            2               0               2890            2858.00         0.00            2858.00        
  flowbits         69521           20              5               7042            3476.00         5026.00         2959.00        
  urilen           1146462         247             78              396378          4641.00         7939.00         3119.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             3291598         789             789             390305          4171.00         4171.00         0.00           
  flowbits         44387           15              0               3982            2959.00         0.00            2959.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          807234          108             62              408953          7474.00         3800.00         12426.00       
  byte_test        40111           12              4               5968            3342.00         4432.00         2797.00        
  byte_jump        51733           11              0               16565           4703.00         0.00            4703.00        
  isdataat         5716            2               0               2890            2858.00         0.00            2858.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         25134           5               5               7042            5026.00         5026.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          505000          145             42              17310           3482.00         3731.00         3381.00        
  pcre             668459          118             20              18680           5664.00         5298.00         5739.00        
  urilen           1146462         247             78              396378          4641.00         7939.00         3119.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30046           10              0               3424            3004.00         0.00            3004.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3048691         710             542             399558          4293.00         4530.00         3530.00        
  pcre             556020          105             55              26845           5295.00         5846.00         4689.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          174518          50              30              5458            3490.00         3441.00         3564.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38773           3               3               30004           12924.00        12924.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          105259          20              20              25672           5262.00         5262.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38084           10              10              4911            3808.00         3808.00         0.00           
  pcre             38723           10              0               5082            3872.00         0.00            3872.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86952           25              20              5082            3478.00         3562.00         3139.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          797969          230             140             19783           3469.00         3662.00         3169.00        
  pcre             83207           20              20              9429            4160.00         4160.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          60044           20              0               3348            3002.00         0.00            3002.00        


suricata-report-2019-06-25-T-10-40-19-06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap.txt - (17764 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0b30c4def5a3a133794a0bfd949c3a1056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap -vvv -k none
elapsedtime:20.118893
stderr:
stdout:
25/6/2019 -- 10:39:59 - <Info> - Configuration node 'rule-files' redefined.
25/6/2019 -- 10:39:59 - <Notice> - This is Suricata version 4.0.0 RELEASE
25/6/2019 -- 10:39:59 - <Info> - CPUs/cores online: 1
25/6/2019 -- 10:39:59 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32016 and 'request-body-inspect-window' set to 16166 after randomization.
25/6/2019 -- 10:39:59 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31583 and 'response-body-inspect-window' set to 15828 after randomization.
25/6/2019 -- 10:39:59 - <Config> - DNS request flood protection level: 500
25/6/2019 -- 10:39:59 - <Config> - DNS per flow memcap (state-memcap): 524288
25/6/2019 -- 10:39:59 - <Config> - DNS global memcap: 16777216
25/6/2019 -- 10:39:59 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
25/6/2019 -- 10:39:59 - <Config> - preallocated 1000 hosts of size 136
25/6/2019 -- 10:39:59 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
25/6/2019 -- 10:39:59 - <Config> - using magic-file /usr/share/file/magic
25/6/2019 -- 10:39:59 - <Config> - Core dump size is unlimited.
25/6/2019 -- 10:39:59 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
25/6/2019 -- 10:39:59 - <Config> - preallocated 1000 defrag trackers of size 168
25/6/2019 -- 10:39:59 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
25/6/2019 -- 10:39:59 - <Config> - stream "prealloc-sessions": 2048 (per thread)
25/6/2019 -- 10:39:59 - <Config> - stream "memcap": 33554432
25/6/2019 -- 10:39:59 - <Config> - stream "midstream" session pickups: disabled
25/6/2019 -- 10:39:59 - <Config> - stream "async-oneside": disabled
25/6/2019 -- 10:39:59 - <Config> - stream "checksum-validation": disabled
25/6/2019 -- 10:39:59 - <Config> - stream."inline": disabled
25/6/2019 -- 10:39:59 - <Config> - stream "bypass": disabled
25/6/2019 -- 10:39:59 - <Config> - stream "max-synack-queued": 5
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly "memcap": 134217728
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly "depth": 0
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly "toserver-chunk-size": 2451
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly "toclient-chunk-size": 2530
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly.raw: enabled
25/6/2019 -- 10:39:59 - <Config> - stream.reassembly "segment-prealloc": 2048
25/6/2019 -- 10:39:59 - <Config> - Delayed detect disabled
25/6/2019 -- 10:39:59 - <Config> - pattern matchers: MPM: ac, SPM: bm
25/6/2019 -- 10:39:59 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
25/6/2019 -- 10:39:59 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
25/6/2019 -- 10:39:59 - <Config> - prefilter engines: MPM
25/6/2019 -- 10:39:59 - <Config> - IP reputation disabled
25/6/2019 -- 10:39:59 - <Perf> - Registered 148 keyword profiling counters.
25/6/2019 -- 10:39:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
25/6/2019 -- 10:39:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
25/6/2019 -- 10:39:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
25/6/2019 -- 10:40:04 - <Config> - No rules loaded from ET-icmp.rules.
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
25/6/2019 -- 10:40:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
25/6/2019 -- 10:40:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
25/6/2019 -- 10:40:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
25/6/2019 -- 10:40:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
25/6/2019 -- 10:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
25/6/2019 -- 10:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
25/6/2019 -- 10:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
25/6/2019 -- 10:40:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
25/6/2019 -- 10:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
25/6/2019 -- 10:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
25/6/2019 -- 10:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
25/6/2019 -- 10:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
25/6/2019 -- 10:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
25/6/2019 -- 10:40:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
25/6/2019 -- 10:40:11 - <Config> - No rules loaded from local.rules.
25/6/2019 -- 10:40:11 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
25/6/2019 -- 10:40:11 - <Info> - Threshold config parsed: 0 rule(s) found
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tcp-packet
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tcp-stream
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for udp-packet
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for other-ip
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_uri
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_request_line
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_client_body
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_response_line
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_header
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_header
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_header_names
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_header_names
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_accept
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_accept_enc
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_accept_lang
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_referer
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_connection
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_content_len
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_content_len
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_content_type
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_content_type
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_protocol
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_protocol
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_start
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_start
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_raw_header
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_raw_header
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_method
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_cookie
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_cookie
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_raw_uri
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_user_agent
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_host
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_raw_host
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_stat_msg
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_stat_code
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for dns_query
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tls_sni
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tls_cert_issuer
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tls_cert_subject
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for tls_cert_serial
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for dce_stub_data
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for dce_stub_data
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for ssh_protocol
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for ssh_protocol
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for ssh_software
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for ssh_software
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for file_data
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for file_data
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_request_line
25/6/2019 -- 10:40:12 - <Perf> - using shared mpm ctx' for http_response_line
25/6/2019 -- 10:40:12 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
25/6/2019 -- 10:40:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
25/6/2019 -- 10:40:12 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
25/6/2019 -- 10:40:12 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
25/6/2019 -- 10:40:12 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
25/6/2019 -- 10:40:12 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
25/6/2019 -- 10:40:12 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
25/6/2019 -- 10:40:12 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
25/6/2019 -- 10:40:16 - <Perf> - Unique rule groups: 104
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toserver TCP packet": 35
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toclient TCP packet": 17
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toserver TCP stream": 33
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toclient TCP stream": 19
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toserver UDP packet": 27
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "toclient UDP packet": 17
25/6/2019 -- 10:40:16 - <Perf> - Builtin MPM "other IP packet": 3
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_uri": 14
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_request_line": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_client_body": 6
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_response_line": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_header": 10
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_header": 6
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_header_names": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_accept": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_referer": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_content_len": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_content_type": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_content_type": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_protocol": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_start": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_method": 5
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_cookie": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_cookie": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver http_host": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver dns_query": 4
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver tls_sni": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toserver file_data": 1
25/6/2019 -- 10:40:16 - <Perf> - AppLayer MPM "toclient file_data": 7
25/6/2019 -- 10:40:18 - <Perf> - Registered 39590 rule profiling counters.
25/6/2019 -- 10:40:18 - <Info> - fast output device (regular) initialized: alert
25/6/2019 -- 10:40:18 - <Info> - eve-log output device (regular) initialized: eve.json
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'alert'
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'http'
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'dns'
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'tls'
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'files'
25/6/2019 -- 10:40:18 - <Config> - enabling 'eve-log' module 'ssh'
25/6/2019 -- 10:40:18 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
25/6/2019 -- 10:40:18 - <Info> - stats output device (regular) initialized: stats.log
25/6/2019 -- 10:40:18 - <Config> - AutoFP mode using "Hash" flow load balancer
25/6/2019 -- 10:40:18 - <Info> - reading pcap file /var/pcap/06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b79

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-06-25 10:39:58,435 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-25 10:39:59,151 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-25 10:39:59,152 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-06-25 10:39:59,152 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-25 10:39:59,152 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-25 10:39:59,152 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0b30c4def5a3a133794a0bfd949c3a1056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06252019.1039-1ec1f44049d1fe7e3c823cb0ae292ccf3d230de7b82523e8b790bffb4da2d2cf.pcap -vvv -k none
2019-06-25 10:40:19,273 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-25 10:40:19,273 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.8463959694