Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4020621777 seconds
Hash: 0b419f711438e640edcb7d3516b68d6a
Uploaded: 1569238984

Logfiles


packet_stats.log - (14955 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            55          1483166       85095538      71972968          4.0b   85.03
 IPv4      17            23          3352266       64848536      30055284        691.3m   14.85
 IPv6      17             1          5381032        5381032       5381032          5.4m    0.12
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            55           114818        4163240        560953         30.9m   36.72
TMM_FLOWWORKER              IPv4      17            23           277746       10434368       2253231         51.8m   61.68
TMM_RECEIVEPCAPFILE         IPv4       6            53             4446           6626          4931        261.4k    0.31
TMM_RECEIVEPCAPFILE         IPv4      17            23             4436          13194          5229        120.3k    0.14
TMM_DECODEPCAPFILE          IPv4       6            53             4568          16262          5050        267.7k    0.32
TMM_DECODEPCAPFILE          IPv4      17            23             4598          36260          6158        141.6k    0.17
TMM_FLOWWORKER              IPv6      17             1           526514         526514        526514        526.5k    0.63
TMM_RECEIVEPCAPFILE         IPv6      17             1             4798           4798          4798          4.8k    0.01
TMM_DECODEPCAPFILE          IPv6      17             1            18302          18302         18302         18.3k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            53             4756         427996         13318        705.9k  1.02  
flow                    IPv4      17            23             4874          27880          9141        210.3k  0.30  
stream                  IPv4       6            55             4906         989630         56285          3.1m  4.45  
app-layer               IPv4      17            23             4480          57560         22957        528.0k  0.76  
detect                  IPv4       6            55            77254        3792794        444339         24.4m  35.15 
detect                  IPv4      17            23           249308       10294744       1710642         39.3m  56.59 
tcp-prune               IPv4       6            55             4460         429452         12616        693.9k  1.00  
flow                    IPv6      17             1            12932          12932         12932         12.9k  0.02  
app-layer               IPv6      17             1            14386          14386         14386         14.4k  0.02  
detect                  IPv6      17             1           480652         480652        480652        480.7k  0.69  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             8922          16900         13665         41.0k  20.48 
tls                     IPv4       6             2             4812           5618          5215         10.4k  5.21  
dns                     IPv4      17            18             6156          22012          8265        148.8k  74.31 
Proto detect            IPv4      17            20             5426          37822         10522        210.4k
Proto detect            IPv6      17             1             5280           5280          5280          5.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            18            37592        7051022        457687          8.2m  94.33 
LOGGER_JSON_HTTP            IPv4       6             3            81752         119144         96345        289.0k  3.31  
LOGGER_JSON_TLS             IPv4       6             1            75322          75322         75322         75.3k  0.86  
LOGGER_JSON_FILE            IPv4       6             1           130636         130636        130636        130.6k  1.50  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            22             4674         240840         63353         1.4m  25.30 
payload                           IPv4      17            23             8692         382182         59157         1.4m  24.70 
stream                            IPv4       6            22             4444         410952         56628         1.2m  22.62 
http_uri                          IPv4       6             3             7710          25228         13963        41.9k  0.76  
http_request_line                 IPv4       6             3             6678          27804         14066        42.2k  0.77  
http_client_body                  IPv4       6             3             4950           5768          5284        15.9k  0.29  
http_header (request)             IPv4       6             3            36572          86538         58557       175.7k  3.19  
http_header (request trailer)     IPv4       6             3             4490           4532          4515        13.5k  0.25  
http_header_names (request)       IPv4       6             3            16914          39004         31556        94.7k  1.72  
http_accept (request)             IPv4       6             3             6198          21104         11290        33.9k  0.61  
http_referer (request)            IPv4       6             3             4858           5178          5034        15.1k  0.27  
http_content_len (request)        IPv4       6             3             4980          10266          6812        20.4k  0.37  
http_content_type (request)       IPv4       6             3             5076           6038          5412        16.2k  0.29  
http_protocol (request)           IPv4       6             3             5836          14150          8827        26.5k  0.48  
http_start (request)              IPv4       6             3            10770          16256         13428        40.3k  0.73  
http_raw_header (request)         IPv4       6             3            16914          29870         21863        65.6k  1.19  
http_method                       IPv4       6             3             5888          13516          8711        26.1k  0.47  
http_cookie (request)             IPv4       6             3             4874          10828          8532        25.6k  0.46  
http_raw_uri                      IPv4       6             3             5170           7398          6012        18.0k  0.33  
http_user_agent                   IPv4       6             3            25130          96230         52195       156.6k  2.84  
http_host                         IPv4       6             3             8534          24146         18646        55.9k  1.02  
dns_query                         IPv4      17             9             7678          20484         11100        99.9k  1.81  
tls_sni                           IPv4       6             1            18410          18410         18410        18.4k  0.33  
http_response_line                IPv4       6             3             8464           9392          8816        26.5k  0.48  
http_header (response)            IPv4       6             3            36078          69006         49142       147.4k  2.68  
http_header (response trailer)    IPv4       6             3             4656           9422          7438        22.3k  0.41  
http_content_type (response)      IPv4       6             3            21254          33964         25772        77.3k  1.40  
http_raw_header (response)        IPv4       6             3            13316          31778         19706        59.1k  1.07  
http_cookie (response)            IPv4       6             3             5006          20206         10154        30.5k  0.55  
http_stat_code                    IPv4       6             3             5526          23154         13150        39.5k  0.72  
tls_cert_issuer                   IPv4       6             1             9686           9686          9686         9.7k  0.18  
tls_cert_subject                  IPv4       6             1            20080          20080         20080        20.1k  0.36  
tls_cert_serial                   IPv4       6             1             9052           9052          9052         9.1k  0.16  
Total                             IPv4                   155                                         35122         5.4m
payload                           IPv6      17             1            64380          64380         64380        64.4k  1.17  
Total                             IPv6                     1                                         64380        64.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             6             9770          64172         45697        274.2k  0.37  
PROF_DETECT_IPONLY          IPv4      17            20             8704         875664        132401          2.6m  3.59  
PROF_DETECT_RULES           IPv4       6            55             4448        3004350        235959         13.0m  17.59 
PROF_DETECT_RULES           IPv4      17            23           129618       10109902       1255688         28.9m  39.15 
PROF_DETECT_STATEFUL_START    IPv4       6            10             8968        1474362        473713          4.7m  6.42  
PROF_DETECT_STATEFUL_CONT    IPv4       6            55             4424          11826          7535        414.5k  0.56  
PROF_DETECT_STATEFUL_CONT    IPv4      17            23             4398         826774         47399          1.1m  1.48  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            43             4444           6724          4659        200.3k  0.27  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            18             4724          16796          5804        104.5k  0.14  
PROF_DETECT_PREFILTER       IPv4       6            55            13610         793666        126558          7.0m  9.43  
PROF_DETECT_PREFILTER       IPv4      17            23            50510         832190        191155          4.4m  5.96  
PROF_DETECT_PF_PAYLOAD      IPv4       6            22            28914         434446        134749          3.0m  4.02  
PROF_DETECT_PF_PAYLOAD      IPv4      17            23            17632         460928         86468          2.0m  2.70  
PROF_DETECT_PF_TX           IPv4       6            43             4562         515440         45267          1.9m  2.64  
PROF_DETECT_PF_TX           IPv4      17             9            17004          30248         20647        185.8k  0.25  
PROF_DETECT_PF_SORT1        IPv4       6            21             4540          27076          7445        156.4k  0.21  
PROF_DETECT_PF_SORT1        IPv4      17            23             4750           7562          6328        145.6k  0.20  
PROF_DETECT_PF_SORT2        IPv4       6            55             4422         483978         15827        870.5k  1.18  
PROF_DETECT_PF_SORT2        IPv4      17            23             4464         212928         17983        413.6k  0.56  
PROF_DETECT_NONMPMLIST      IPv4       6            55             4460          20874          5330        293.2k  0.40  
PROF_DETECT_NONMPMLIST      IPv4      17            23             4644          12700          5338        122.8k  0.17  
PROF_DETECT_ALERT           IPv4       6            55             4414           6006          4610        253.6k  0.34  
PROF_DETECT_ALERT           IPv4      17            23             4444          16990          5339        122.8k  0.17  
PROF_DETECT_CLEANUP         IPv4       6            55             4472          26026          5179        284.8k  0.39  
PROF_DETECT_CLEANUP         IPv4      17            23             4414           9138          5684        130.7k  0.18  
PROF_DETECT_GETSGH          IPv4       6            55             4422          37810          6225        342.4k  0.46  
PROF_DETECT_GETSGH          IPv4      17            23             4680          78300         14554        334.7k  0.45  
PROF_DETECT_IPONLY          IPv6      17             1            20460          20460         20460         20.5k  0.03  
PROF_DETECT_RULES           IPv6      17             1           248860         248860        248860        248.9k  0.34  
PROF_DETECT_STATEFUL_CONT    IPv6      17             1             4666           4666          4666          4.7k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             1           116768         116768        116768        116.8k  0.16  
PROF_DETECT_PF_PAYLOAD      IPv6      17             1            73322          73322         73322         73.3k  0.10  
PROF_DETECT_PF_SORT1        IPv6      17             1             5874           5874          5874          5.9k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             1            19526          19526         19526         19.5k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17             1             5040           5040          5040          5.0k  0.01  
PROF_DETECT_ALERT           IPv6      17             1             4458           4458          4458          4.5k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             1             5076           5076          5076          5.1k  0.01  
PROF_DETECT_GETSGH          IPv6      17             1            30340          30340         30340         30.3k  0.04  


stats.log - (3055 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 9/23/2019 -- 11:43:27 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 85
decoder.bytes                              | Total                     | 30197
decoder.ipv4                               | Total                     | 76
decoder.ipv6                               | Total                     | 1
decoder.ethernet                           | Total                     | 85
decoder.tcp                                | Total                     | 53
decoder.udp                                | Total                     | 24
decoder.avg_pkt_size                       | Total                     | 355
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 3
tcp.overlap                                | Total                     | 2
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 3
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 9
app_layer.tx.dns_udp                       | Total                     | 9
app_layer.flow.failed_udp                  | Total                     | 3
flow.spare                                 | Total                     | 9992
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (10078 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{"timestamp":"2019-09-20T22:41:42.710199+0000","flow_id":834829262706231,"pcap_cnt":9,"event_type":"dns","src_ip":"192.168.240.18","src_port":58085,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40178,"rrname":"www.hMtOokdZgW.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:42.734924+0000","flow_id":834829262706231,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NXDOMAIN","rrname":"www.hMtOokdZgW.com"}}
{"timestamp":"2019-09-20T22:41:42.734924+0000","flow_id":834829262706231,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:41:46.071814+0000","flow_id":133448218581126,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.240.18","src_port":53569,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15183,"rrname":"www.1ut4hNUZxl.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:46.100127+0000","flow_id":133448218581126,"pcap_cnt":14,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NXDOMAIN","rrname":"www.1ut4hNUZxl.com"}}
{"timestamp":"2019-09-20T22:41:46.100127+0000","flow_id":133448218581126,"pcap_cnt":14,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:41:49.368798+0000","flow_id":2185965844930718,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.240.18","src_port":49772,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23804,"rrname":"www.SMjPcziBb7.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:49.390296+0000","flow_id":2185965844930718,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49772,"proto":"UDP","dns":{"type":"answer","id":23804,"rcode":"NXDOMAIN","rrname":"www.SMjPcziBb7.com"}}
{"timestamp":"2019-09-20T22:41:49.390296+0000","flow_id":2185965844930718,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49772,"proto":"UDP","dns":{"type":"answer","id":23804,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:41:52.649360+0000","flow_id":1227702806833296,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.240.18","src_port":62287,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30094,"rrname":"www.62T5niYKRg.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:52.673141+0000","flow_id":1227702806833296,"pcap_cnt":20,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":62287,"proto":"UDP","dns":{"type":"answer","id":30094,"rcode":"NXDOMAIN","rrname":"www.62T5niYKRg.com"}}
{"timestamp":"2019-09-20T22:41:52.673141+0000","flow_id":1227702806833296,"pcap_cnt":20,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":62287,"proto":"UDP","dns":{"type":"answer","id":30094,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:41:55.962032+0000","flow_id":2015631737335280,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.240.18","src_port":56304,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62972,"rrname":"www.6m5JzkbQwD.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:55.984604+0000","flow_id":2015631737335280,"pcap_cnt":22,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NXDOMAIN","rrname":"www.6m5JzkbQwD.com"}}
{"timestamp":"2019-09-20T22:41:55.984604+0000","flow_id":2015631737335280,"pcap_cnt":22,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:41:59.400518+0000","flow_id":756409603398790,"pcap_cnt":23,"event_type":"dns","src_ip":"192.168.240.18","src_port":54560,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30417,"rrname":"www.fqCjeY9hhE.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:41:59.443559+0000","flow_id":756409603398790,"pcap_cnt":24,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":54560,"proto":"UDP","dns":{"type":"answer","id":30417,"rcode":"NXDOMAIN","rrname":"www.fqCjeY9hhE.com"}}
{"timestamp":"2019-09-20T22:41:59.443559+0000","flow_id":756409603398790,"pcap_cnt":24,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":54560,"proto":"UDP","dns":{"type":"answer","id":30417,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:42:02.813423+0000","flow_id":1498092473575791,"pcap_cnt":25,"event_type":"dns","src_ip":"192.168.240.18","src_port":53510,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54112,"rrname":"w.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:42:02.860838+0000","flow_id":1498092473575791,"pcap_cnt":26,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53510,"proto":"UDP","dns":{"type":"answer","id":54112,"rcode":"NOERROR","rrname":"w.google.com","rrtype":"CNAME","ttl":21599,"rdata":"www3.l.google.com"}}
{"timestamp":"2019-09-20T22:42:02.860838+0000","flow_id":1498092473575791,"pcap_cnt":26,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53510,"proto":"UDP","dns":{"type":"answer","id":54112,"rcode":"NOERROR","rrname":"www3.l.google.com","rrtype":"A","ttl":299,"rdata":"172.217.6.206"}}
{"timestamp":"2019-09-20T22:42:02.869522+0000","flow_id":1002552031855762,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.240.18","src_port":60324,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32926,"rrname":"www.77b25K0bv2.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:42:02.882393+0000","flow_id":1002552031855762,"pcap_cnt":28,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":60324,"proto":"UDP","dns":{"type":"answer","id":32926,"rcode":"NXDOMAIN","rrname":"www.77b25K0bv2.com"}}
{"timestamp":"2019-09-20T22:42:02.882393+0000","flow_id":1002552031855762,"pcap_cnt":28,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":60324,"proto":"UDP","dns":{"type":"answer","id":32926,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-09-20T22:42:03.024075+0000","flow_id":2176832597826256,"pcap_cnt":36,"event_type":"http","src_ip":"192.168.240.18","src_port":49300,"dest_ip":"172.217.6.206","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"w.google.com","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko\/20100101 Firefox\/59.0","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T22:42:03.034931+0000","flow_id":1192913572431987,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.240.18","src_port":49311,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18394,"rrname":"pastebin.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T22:42:03.036319+0000","flow_id":1192913572431987,"pcap_cnt":38,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49311,"proto":"UDP","dns":{"type":"answer","id":18394,"rcode":"NOERROR","rrname":"pastebin.com","rrtype":"A","ttl":103,"rdata":"104.22.2.84"}}
{"timestamp":"2019-09-20T22:42:03.036319+0000","flow_id":1192913572431987,"pcap_cnt":38,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49311,"proto":"UDP","dns":{"type":"answer","id":18394,"rcode":"NOERROR","rrname":"pastebin.com","rrtype":"A","ttl":103,"rdata":"104.22.3.84"}}
{"timestamp":"2019-09-20T22:42:03.058183+0000","flow_id":1895671153797534,"pcap_cnt":45,"event_type":"http","src_ip":"192.168.240.18","src_port":49301,"dest_ip":"104.22.2.84","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"pastebin.com","url":"\/raw\/AqndxJKK","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko\/20100101 Firefox\/59.0","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-20T22:42:03.210162+0000","flow_id":698966563590848,"pcap_cnt":55,"event_type":"tls","src_ip":"192.168.240.18","src_port":49302,"dest_ip":"104.22.2.84","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","issuerdn":"C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2"}}
{"timestamp":"2019-09-20T22:42:03.367182+0000","flow_id":1895671153797534,"pcap_cnt":58,"event_type":"http","src_ip":"192.168.240.18","src_port":49301,"dest_ip":"104.22.2.84","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"pastebin.com","url":"\/AqndxJKK","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko\/20100101 Firefox\/59.0","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T22:42:12.680387+0000","flow_id":2176832597826256,"event_type":"fileinfo","src_ip":"172.217.6.206","src_port":80,"dest_ip":"192.168.240.18","dest_port":49300,"proto":"TCP","http":{"hostname":"w.google.com","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko\/20100101 Firefox\/59.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":1561},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":1561,"tx_id":0}}


suricata-4.0.0-etpro-all-perf.txt-2019-09-23-T-11-43-27-09232019.1143-network.pcap.txt - (24022 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/23/2019 -- 11:43:27. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2014703      1        9        1377144      5.31   18       0        1140600     76508.00    0.00        76508.00   
  2        2020742      1        1        1615078      6.23   7        0        886546      230725.43   0.00        230725.43  
  3        2018666      1        4        1203832      4.64   7        0        881916      171976.00   0.00        171976.00  
  4        2811544      1        1        1268150      4.89   18       0        866070      70452.78    0.00        70452.78   
  5        2023626      1        3        920440       3.55   17       0        843658      54143.53    0.00        54143.53   
  6        2014702      1        9        1076776      4.15   18       0        838278      59820.89    0.00        59820.89   
  7        2805442      1        2        838776       3.24   5        0        819782      167755.20   0.00        167755.20  
  8        2019230      1        2        909074       3.51   18       0        475778      50504.11    0.00        50504.11   
  9        2008420      1        4        456508       1.76   5        0        436640      91301.60    0.00        91301.60   
  10       2803760      1        3        636128       2.45   9        0        436502      70680.89    0.00        70680.89   
  11       2022543      1        1        630192       2.43   9        0        436020      70021.33    0.00        70021.33   
  12       2008119      1        3        456282       1.76   8        0        419138      57035.25    0.00        57035.25   
  13       2802822      1        1        482774       1.86   15       0        415778      32184.93    0.00        32184.93   
  14       2809197      1        2        256580       0.99   1        0        256580      256580.00   0.00        256580.00  
  15       2021749      1        6        230440       0.89   1        0        230440      230440.00   0.00        230440.00  
  16       2814979      1        2        149974       0.58   1        0        149974      149974.00   0.00        149974.00  
  17       2018005      1        6        148886       0.57   1        0        148886      148886.00   0.00        148886.00  
  18       2814978      1        2        136482       0.53   1        0        136482      136482.00   0.00        136482.00  
  19       2828986      1        2        204926       0.79   2        0        120582      102463.00   0.00        102463.00  
  20       2816909      1        2        288212       1.11   3        0        117362      96070.67    0.00        96070.67   
  21       2816940      1        2        289226       1.12   3        0        107046      96408.67    0.00        96408.67   
  22       2816910      1        2        285166       1.10   3        0        105738      95055.33    0.00        95055.33   
  23       2816327      1        4        191958       0.74   3        0        102670      63986.00    0.00        63986.00   
  24       2822213      1        2        99074        0.38   1        0        99074       99074.00    0.00        99074.00   
  25       2828123      1        2        210844       0.81   3        0        92832       70281.33    0.00        70281.33   
  26       2018316      1        4        420180       1.62   7        0        92416       60025.71    0.00        60025.71   
  27       2820851      1        5        180696       0.70   3        0        91934       60232.00    0.00        60232.00   
  28       2018457      1        1        88928        0.34   1        0        88928       88928.00    0.00        88928.00   
  29       2025006      1        5        141276       0.54   2        0        86586       70638.00    0.00        70638.00   
  30       2816929      1        4        210328       0.81   3        0        83474       70109.33    0.00        70109.33   
  31       2025064      1        5        178606       0.69   3        0        83268       59535.33    0.00        59535.33   
  32       2816394      1        2        221576       0.85   3        0        78704       73858.67    0.00        73858.67   
  33       2809850      1        2        291370       1.12   7        0        76632       41624.29    0.00        41624.29   
  34       2827505      1        2        199594       0.77   3        0        74064       66531.33    0.00        66531.33   
  35       2815817      1        5        161936       0.62   3        0        73148       53978.67    0.00        53978.67   
  36       2015898      1        4        156870       0.61   3        0        70238       52290.00    0.00        52290.00   
  37       2020741      1        1        376568       1.45   7        0        69876       53795.43    0.00        53795.43   
  38       2816525      1        10       166618       0.64   3        0        69664       55539.33    0.00        55539.33   
  39       2811542      1        1        380352       1.47   7        0        66948       54336.00    0.00        54336.00   
  40       2023583      1        4        161040       0.62   3        0        65420       53680.00    0.00        53680.00   
  41       2014701      1        12       393496       1.52   18       0        62984       21860.89    0.00        21860.89   
  42       2828060      1        4        110068       0.42   2        0        61920       55034.00    0.00        55034.00   
  43       2020295      1        6        145820       0.56   3        0        60838       48606.67    0.00        48606.67   
  44       2822817      1        3        105370       0.41   2        0        60032       52685.00    0.00        52685.00   
  45       2819673      1        4        158222       0.61   3        0        59508       52740.67    0.00        52740.67   
  46       2816931      1        3        145590       0.56   3        0        58656       48530.00    0.00        48530.00   
  47       2816925      1        3        145406       0.56   3        0        58502       48468.67    0.00        48468.67   
  48       2811838      1        6        113598       0.44   2        0        58000       56799.00    0.00        56799.00   
  49       2018359      1        3        146046       0.56   3        0        57978       48682.00    0.00        48682.00   
  50       2024771      1        1        57620        0.22   1        0        57620       57620.00    0.00        57620.00   
  51       2821561      1        2        145032       0.56   3        0        57558       48344.00    0.00        48344.00   
  52       2816930      1        4        155036       0.60   3        0        57230       51678.67    0.00        51678.67   
  53       2816669      1        4        164108       0.63   3        0        56656       54702.67    0.00        54702.67   
  54       2829848      1        2        100748       0.39   2        0        55892       50374.00    0.00        50374.00   
  55       2816619      1        2        55580        0.21   1        0        55580       55580.00    0.00        55580.00   
  56       2811577      1        2        451118       1.74   18       0        53852       25062.11    0.00        25062.11   
  57       2816924      1        4        140610       0.54   3        0        52708       46870.00    0.00        46870.00   
  58       2826256      1        2        134940       0.52   3        0        52196       44980.00    0.00        44980.00   
  59       2804626      1        9        132868       0.51   3        0        51954       44289.33    0.00        44289.33   
  60       2816328      1        5        140182       0.54   3        0        50970       46727.33    0.00        46727.33   
  61       2017552      1        6        187640       0.72   6        0        49964       31273.33    0.00        31273.33   
  62       2810607      1        8        115998       0.45   3        0        49100       38666.00    0.00        38666.00   
  63       2821615      1        2        133608       0.52   3        0        47192       44536.00    0.00        44536.00   
  64       2816526      1        13       135296       0.52   3        0        46954       45098.67    0.00        45098.67   
  65       2812375      1        2        91298        0.35   2        0        46482       45649.00    0.00        45649.00   
  66       2812388      1        3        88264        0.34   2        0        44998       44132.00    0.00        44132.00   
  67       2816922      1        5        132300       0.51   3        0        44978       44100.00    0.00        44100.00   
  68       2816927      1        3        130278       0.50   3        0        44832       43426.00    0.00        43426.00   
  69       2024008      1        2        82014        0.32   2        0        44778       41007.00    0.00        41007.00   
  70       2816928      1        3        128264       0.49   3        0        44714       42754.67    0.00        42754.67   
  71       2016537      1        2        88434        0.34   3        0        41608       29478.00    0.00        29478.00   
  72       2012612      1        16       104842       0.40   3        0        37006       34947.33    0.00        34947.33   
  73       2828823      1        2        36834        0.14   1        0        36834       36834.00    0.00        36834.00   
  74       2827279      1        5        102720       0.40   3        0        35860       34240.00    0.00        34240.00   
  75       2022502      1        4        103128       0.40   3        0        35858       34376.00    0.00        34376.00   
  76       2816165      1        5        103140       0.40   3        0        35766       34380.00    0.00        34380.00   
  77       2830036      1        1        68180        0.26   2        0        35682       34090.00    0.00        34090.00   
  78       2828190      1        2        103794       0.40   3        0        35674       34598.00    0.00        34598.00   
  79       2816857      1        2        101436       0.39   3        0        35602       33812.00    0.00        33812.00   
  80       2812032      1        3        69358        0.27   2        0        35444       34679.00    0.00        34679.00   
  81       2021337      1        3        35338        0.14   1        0        35338       35338.00    0.00        35338.00   
  82       2808851      1        4        100364       0.39   3        0        35188       33454.67    0.00        33454.67   
  83       2828008      1        2        100346       0.39   3        0        34698       33448.67    0.00        33448.67   
  84       2808852      1        4        100116       0.39   3        0        34532       33372.00    0.00        33372.00   
  85       2806659      1        4        66494        0.26   2        0        33906       33247.00    0.00        33247.00   
  86       2021775      1        2        33270        0.13   1        0        33270       33270.00    0.00        33270.00   
  87       2020768      1        2        30808        0.12   1        0        30808       30808.00    0.00        30808.00   
  88       2020795      1        2        28872        0.11   1        0        28872       28872.00    0.00        28872.00   
  89       2826281      1        2        221796       0.86   9        0        26440       24644.00    0.00        24644.00   
  90       2019017      1        3        31022        0.12   2        0        26050       15511.00    0.00        15511.00   
  91       2828748      1        2        36228        0.14   4        0        21918       9057.00     0.00        9057.00    
  92       2015986      1        5        30522        0.12   3        0        20538       10174.00    0.00        10174.00   
  93       2809256      1        3        24960        0.10   2        0        19822       12480.00    0.00        12480.00   
  94       2010142      1        4        62872        0.24   10       0        19586       6287.20     0.00        6287.20    
  95       2016323      1        1        22052        0.09   3        0        12552       7350.67     0.00        7350.67    
  96       2008120      1        4        96206        0.37   19       0        8198        5063.47     0.00        5063.47    
  97       2008117      1        3        77462        0.30   15       0        7454        5164.13     0.00        5164.13    
  98       2810793      1        5        16452        0.06   3        0        6786        5484.00     0.00        5484.00    
  99       2801347      1        5        87062        0.34   18       0        6594        4836.78     0.00        4836.78    
  100      2018789      1        3        6568         0.03   1        0        6568        6568.00     0.00        6568.00    
  101      2823966      1        1        11382        0.04   2        0        6418        5691.00     0.00        5691.00    
  102      2009702      1        5        88378        0.34   18       0        6354        4909.89     0.00        4909.89    
  103      2023625      1        3        65856        0.25   14       0        6318        4704.00     0.00        4704.00    
  104      2810792      1        5        15910        0.06   3        0        6316        5303.33     0.00        5303.33    
  105      2010143      1        3        49914        0.19   10       0        6156        4991.40     0.00        4991.40    
  106      2816920      1        1        16370        0.06   3        0        6126        5456.67     0.00        5456.67    
  107      2100540      1        12       30546        0.12   6        0        6090        5091.00     0.00        5091.00    
  108      2001330      1        8        25320        0.10   5        0        5966        5064.00     0.00        5064.00    
  109      2804586      1        2        15554        0.06   3        0        5896        5184.67     0.00        5184.67    
  110      2100327      1        10       5856         0.02   1        0        5856        5856.00     0.00        5856.00    
  111      2823788      1        4        44880        0.17   9        0        5842        4986.67     0.00        4986.67    
  112      2828877      1        1        20350        0.08   4        0        5768        5087.50     0.00        5087.50    
  113      2010140      1        7        48740        0.19   10       0        5758        4874.00     0.00        4874.00    
  114      2102190      1        5        24878        0.10   5        0        5754        4975.60     0.00        4975.60    
  115      2100540      1        12       30446        0.12   6        0        5694        5074.33     0.00        5074.33    
  116      2008116      1        4        16660        0.06   3        0        5658        5553.33     0.00        5553.33    
  117      2810795      1        5        5600         0.02   1        0        5600        5600.00     0.00        5600.00    
  118      2020388      1        8        15678        0.06   3        0        5552        5226.00     0.00        5226.00    
  119      2023624      1        3        111596       0.43   24       0        5534        4649.83     0.00        4649.83    
  120      2024778      1        1        10360        0.04   2        0        5528        5180.00     0.00        5180.00    
  121      2009387      1        4        10752        0.04   2        0        5488        5376.00     0.00        5376.00    
  122      2025200      1        1        88270        0.34   18       0        5482        4903.89     0.00        4903.89    
  123      2828876      1        1        52726        0.20   11       0        5448        4793.27     0.00        4793.27    
  124      2809132      1        1        5420         0.02   1        0        5420        5420.00     0.00        5420.00    
  125      2819882      1        2        5

This file has been truncated. Go here to download in full.


keyword_perf.log - (11127 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/23/2019 -- 11:43:27
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             889152          161             161             25916           5522.00         5522.00         0.00           
  content          3699724         505             298             819274          7326.00         8612.00         5475.00        
  pcre             1540660         63              11              834000          24454.00        11190.00        27260.00       
  byte_test        3005256         216             183             1120122         13913.00        9473.00         38533.00       
  byte_jump        21376           4               1               6492            5344.00         6492.00         4961.00        
  isdataat         43040           9               0               5322            4782.00         0.00            4782.00        
  urilen           203590          40              6               7020            5089.00         4836.00         5134.00        
  byte_extract     53142           8               8               20672           6642.00         6642.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             889152          161             161             25916           5522.00         5522.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2156592         256             138             819274          8424.00         11266.00        5100.00        
  pcre             1109238         28              7               834000          39615.00        12183.00        48759.00       
  byte_test        3005256         216             183             1120122         13913.00        9473.00         38533.00       
  byte_jump        21376           4               1               6492            5344.00         6492.00         4961.00        
  isdataat         43040           9               0               5322            4782.00         0.00            4782.00        
  byte_extract     53142           8               8               20672           6642.00         6642.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          42108           8               1               5836            5263.00         4812.00         5328.00        
  pcre             91042           8               1               25596           11380.00        6288.00         12107.00       
  urilen           203590          40              6               7020            5089.00         4836.00         5134.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11164           2               0               5588            5582.00         0.00            5582.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          946982          155             116             28230           6109.00         6256.00         5672.00        
  pcre             257918          21              3               48036           12281.00        10510.00        12577.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          129962          21              3               20690           6188.00         5345.00         6329.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21860           4               4               5680            5465.00         5465.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38558           5               2               18976           7711.00         5274.00         9336.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          304478          45              30              33898           6766.00         7038.00         6220.00        
  pcre             82462           6               0               31482           13743.00        0.00            13743.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15810           3               2               5742            5270.00         5546.00         4718.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27082           5               2               5996            5416.00         5171.00         5580.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5128            1               0               5128            5128.00         0.00            5128.00        


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-09-23 11:43:05,128 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-23 11:43:05,845 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-23 11:43:05,845 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-23 11:43:05,845 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-23 11:43:05,845 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-23 11:43:05,846 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0b419f711438e640edcb7d3516b68d6a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1143-network.pcap -vvv -k none
2019-09-23 11:43:27,322 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-23 11:43:27,323 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2033400536


suricata-report-2019-09-23-T-11-43-27-09232019.1143-network.pcap.txt - (17648 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0b419f711438e640edcb7d3516b68d6a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1143-network.pcap -vvv -k none
elapsedtime:21.474309
stderr:
stdout:
23/9/2019 -- 11:43:05 - <Info> - Configuration node 'rule-files' redefined.
23/9/2019 -- 11:43:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/9/2019 -- 11:43:05 - <Info> - CPUs/cores online: 1
23/9/2019 -- 11:43:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33278 and 'request-body-inspect-window' set to 15915 after randomization.
23/9/2019 -- 11:43:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31209 and 'response-body-inspect-window' set to 15713 after randomization.
23/9/2019 -- 11:43:05 - <Config> - DNS request flood protection level: 500
23/9/2019 -- 11:43:05 - <Config> - DNS per flow memcap (state-memcap): 524288
23/9/2019 -- 11:43:05 - <Config> - DNS global memcap: 16777216
23/9/2019 -- 11:43:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/9/2019 -- 11:43:05 - <Config> - preallocated 1000 hosts of size 136
23/9/2019 -- 11:43:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/9/2019 -- 11:43:05 - <Config> - using magic-file /usr/share/file/magic
23/9/2019 -- 11:43:05 - <Config> - Core dump size is unlimited.
23/9/2019 -- 11:43:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/9/2019 -- 11:43:05 - <Config> - preallocated 1000 defrag trackers of size 168
23/9/2019 -- 11:43:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/9/2019 -- 11:43:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/9/2019 -- 11:43:05 - <Config> - stream "memcap": 33554432
23/9/2019 -- 11:43:05 - <Config> - stream "midstream" session pickups: disabled
23/9/2019 -- 11:43:05 - <Config> - stream "async-oneside": disabled
23/9/2019 -- 11:43:05 - <Config> - stream "checksum-validation": disabled
23/9/2019 -- 11:43:05 - <Config> - stream."inline": disabled
23/9/2019 -- 11:43:05 - <Config> - stream "bypass": disabled
23/9/2019 -- 11:43:05 - <Config> - stream "max-synack-queued": 5
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly "memcap": 134217728
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly "depth": 0
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly "toserver-chunk-size": 2595
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly "toclient-chunk-size": 2669
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly.raw: enabled
23/9/2019 -- 11:43:05 - <Config> - stream.reassembly "segment-prealloc": 2048
23/9/2019 -- 11:43:05 - <Config> - Delayed detect disabled
23/9/2019 -- 11:43:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/9/2019 -- 11:43:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/9/2019 -- 11:43:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/9/2019 -- 11:43:05 - <Config> - prefilter engines: MPM
23/9/2019 -- 11:43:05 - <Config> - IP reputation disabled
23/9/2019 -- 11:43:05 - <Perf> - Registered 148 keyword profiling counters.
23/9/2019 -- 11:43:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/9/2019 -- 11:43:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/9/2019 -- 11:43:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/9/2019 -- 11:43:10 - <Config> - No rules loaded from ET-icmp.rules.
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/9/2019 -- 11:43:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/9/2019 -- 11:43:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/9/2019 -- 11:43:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/9/2019 -- 11:43:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/9/2019 -- 11:43:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/9/2019 -- 11:43:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/9/2019 -- 11:43:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/9/2019 -- 11:43:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/9/2019 -- 11:43:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/9/2019 -- 11:43:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/9/2019 -- 11:43:18 - <Config> - No rules loaded from local.rules.
23/9/2019 -- 11:43:18 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/9/2019 -- 11:43:18 - <Info> - Threshold config parsed: 0 rule(s) found
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tcp-packet
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tcp-stream
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for udp-packet
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for other-ip
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_uri
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_client_body
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_accept
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_accept_enc
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_accept_lang
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_referer
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_connection
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_method
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_raw_uri
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_user_agent
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_host
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_raw_host
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_stat_msg
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_stat_code
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for dns_query
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tls_sni
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:43:19 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:43:19 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/9/2019 -- 11:43:19 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/9/2019 -- 11:43:19 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/9/2019 -- 11:43:19 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/9/2019 -- 11:43:19 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/9/2019 -- 11:43:19 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/9/2019 -- 11:43:19 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/9/2019 -- 11:43:19 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/9/2019 -- 11:43:24 - <Perf> - Unique rule groups: 104
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/9/2019 -- 11:43:24 - <Perf> - Builtin MPM "other IP packet": 3
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_header": 10
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_header": 6
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_start": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_method": 5
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver http_host": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toserver file_data": 1
23/9/2019 -- 11:43:24 - <Perf> - AppLayer MPM "toclient file_data": 7
23/9/2019 -- 11:43:26 - <Perf> - Registered 39590 rule profiling counters.
23/9/2019 -- 11:43:26 - <Info> - fast output device (regular) initialized: alert
23/9/2019 -- 11:43:26 - <Info> - eve-log output device (regular) initialized: eve.json
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'alert'
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'http'
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'dns'
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'tls'
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'files'
23/9/2019 -- 11:43:26 - <Config> - enabling 'eve-log' module 'ssh'
23/9/2019 -- 11:43:26 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/9/2019 -- 11:43:26 - <Info> - stats output device (regular) initialized: stats.log
23/9/2019 -- 11:43:26 - <Config> - AutoFP mode using "Hash" flow load balancer
23/9/2019 -- 11:43:26 - <Info> - reading pcap file /var/pcap/09232019.1143-network.pcap
23/9/2019 -- 11:43:26 - <Config> - using 1 flow manager threads
23/9/2019 -- 11:43:26 - <Config

This file has been truncated. Go here to download in full.