Filename: Phishing.pcapng
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 10.0982089043 seconds
Hash: 0c75c54e096bb79be2796c260fc2915e
Uploaded: 1543249100

Logfiles


suricata-4.0.0-etopen-all-perf.txt-2018-11-26-T-16-18-30-11262018.1618-Phishing.pcapng.txt - (17879 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/26/2018 -- 16:18:30. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021749      1        6        3358181      19.44  31       0        225742      108328.42   0.00        108328.42  
  2        2021529      1        3        755030       4.37   5        0        191872      151006.00   0.00        151006.00  
  3        2018316      1        4        165882       0.96   6        0        122753      27647.00    0.00        27647.00   
  4        2017935      1        3        369260       2.14   73       0        101198      5058.36     0.00        5058.36    
  5        2018005      1        6        1672853      9.69   39       0        93658       42893.67    0.00        42893.67   
  6        2020661      1        3        367234       2.13   8        0        72988       45904.25    0.00        45904.25   
  7        2009702      1        5        533618       3.09   38       0        65081       14042.58    0.00        14042.58   
  8        2018457      1        1        1027305      5.95   39       0        54317       26341.15    0.00        26341.15   
  9        2021152      1        1        106723       0.62   21       0        49254       5082.05     0.00        5082.05    
  10       2018153      1        4        44559        0.26   1        0        44559       44559.00    0.00        44559.00   
  11       2018666      1        4        99225        0.57   6        0        41367       16537.50    0.00        16537.50   
  12       2022547      1        1        362176       2.10   118      0        40647       3069.29     0.00        3069.29    
  13       2012707      1        5        61065        0.35   2        0        37480       30532.50    0.00        30532.50   
  14       2020766      1        2        37446        0.22   1        0        37446       37446.00    0.00        37446.00   
  15       2020779      1        3        53442        0.31   2        0        35032       26721.00    0.00        26721.00   
  16       2019230      1        2        285764       1.65   26       0        33841       10990.92    0.00        10990.92   
  17       2007880      1        7        59074        0.34   2        0        33726       29537.00    0.00        29537.00   
  18       2023622      1        3        239033       1.38   73       0        32675       3274.42     0.00        3274.42    
  19       2014701      1        12       464002       2.69   38       0        32202       12210.58    0.00        12210.58   
  20       2020496      1        2        62138        0.36   2        0        31903       31069.00    0.00        31069.00   
  21       2020741      1        1        71322        0.41   6        0        31560       11887.00    0.00        11887.00   
  22       2024771      1        1        61952        0.36   2        0        31290       30976.00    0.00        30976.00   
  23       2020742      1        1        71533        0.41   6        0        31120       11922.17    0.00        11922.17   
  24       2017707      1        4        30852        0.18   1        0        30852       30852.00    0.00        30852.00   
  25       2022543      1        1        316565       1.83   19       0        30187       16661.32    0.00        16661.32   
  26       2008120      1        4        252604       1.46   81       0        28262       3118.57     0.00        3118.57    
  27       2017914      1        2        27647        0.16   1        0        27647       27647.00    0.00        27647.00   
  28       2020786      1        4        46943        0.27   2        0        27590       23471.50    0.00        23471.50   
  29       2014702      1        9        344634       2.00   38       0        27007       9069.32     0.00        9069.32    
  30       2020767      1        2        26518        0.15   1        0        26518       26518.00    0.00        26518.00   
  31       2020768      1        2        26103        0.15   1        0        26103       26103.00    0.00        26103.00   
  32       2018636      1        2        49874        0.29   2        0        25651       24937.00    0.00        24937.00   
  33       2022773      1        2        25041        0.14   1        0        25041       25041.00    0.00        25041.00   
  34       2020789      1        2        48102        0.28   2        0        24999       24051.00    0.00        24051.00   
  35       2020800      1        2        24793        0.14   1        0        24793       24793.00    0.00        24793.00   
  36       2017552      1        6        105213       0.61   6        0        24582       17535.50    0.00        17535.50   
  37       2020698      1        2        46697        0.27   2        0        24372       23348.50    0.00        23348.50   
  38       2012612      1        16       46796        0.27   2        0        23763       23398.00    0.00        23398.00   
  39       2020607      1        3        23630        0.14   1        0        23630       23630.00    0.00        23630.00   
  40       2020783      1        3        46498        0.27   2        0        23620       23249.00    0.00        23249.00   
  41       2018637      1        2        23397        0.14   1        0        23397       23397.00    0.00        23397.00   
  42       2019010      1        3        32952        0.19   4        0        23181       8238.00     0.00        8238.00    
  43       2020586      1        3        22208        0.13   1        0        22208       22208.00    0.00        22208.00   
  44       2019809      1        2        122920       0.71   36       0        21567       3414.44     0.00        3414.44    
  45       2020778      1        2        21461        0.12   1        0        21461       21461.00    0.00        21461.00   
  46       2018085      1        2        39745        0.23   2        0        21291       19872.50    0.00        19872.50   
  47       2020608      1        4        20343        0.12   1        0        20343       20343.00    0.00        20343.00   
  48       2008306      1        3        120058       0.70   36       0        19902       3334.94     0.00        3334.94    
  49       2016537      1        2        64306        0.37   4        0        19817       16076.50    0.00        16076.50   
  50       2017913      1        3        19631        0.11   1        0        19631       19631.00    0.00        19631.00   
  51       2020769      1        2        19273        0.11   1        0        19273       19273.00    0.00        19273.00   
  52       2001330      1        8        399424       2.31   132      0        17719       3025.94     0.00        3025.94    
  53       2102190      1        5        227121       1.32   75       0        16790       3028.28     0.00        3028.28    
  54       2102523      1        8        105340       0.61   30       0        16610       3511.33     0.00        3511.33    
  55       2023625      1        3        210733       1.22   74       0        16430       2847.74     0.00        2847.74    
  56       2023627      1        3        208030       1.20   67       0        15849       3104.93     0.00        3104.93    
  57       2010140      1        7        175060       1.01   58       0        15728       3018.28     0.00        3018.28    
  58       2014703      1        9        318019       1.84   38       0        14636       8368.92     0.00        8368.92    
  59       2018485      1        3        12089        0.07   1        0        12089       12089.00    0.00        12089.00   
  60       2018487      1        4        11184        0.06   1        0        11184       11184.00    0.00        11184.00   
  61       2017988      1        6        10838        0.06   1        0        10838       10838.00    0.00        10838.00   
  62       2018789      1        3        139590       0.81   39       0        5575        3579.23     0.00        3579.23    
  63       2009387      1        4        100416       0.58   31       0        4783        3239.23     0.00        3239.23    
  64       2015986      1        5        96786        0.56   32       0        4737        3024.56     0.00        3024.56    
  65       2017938      1        6        8079         0.05   2        0        4660        4039.50     0.00        4039.50    
  66       2025200      1        1        123439       0.71   38       0        4618        3248.39     0.00        3248.39    
  67       2100327      1        10       91248        0.53   29       0        4387        3146.48     0.00        3146.48    
  68       2008116      1        4        20701        0.12   6        0        4360        3450.17     0.00        3450.17    
  69       2017548      1        6        11862        0.07   3        0        4275        3954.00     0.00        3954.00    
  70       2019017      1        3        13175        0.08   4        0        4262        3293.75     0.00        3293.75    
  71       2009243      1        2        153451       0.89   53       0        4192        2895.30     0.00        2895.30    
  72       2102461      1        5        41383        0.24   14       0        4071        2955.93     0.00        2955.93    
  73       2018281      1        4        56299        0.33   18       0        3995        3127.72     0.00        3127.72    
  74       2019738      1        2        9514         0.06   3        0        3966        3171.33     0.00        3171.33    
  75       2019011      1        3        30619        0.18   9        0        3934        3402.11     0.00        3402.11    
  76       2016179      1        2        7410         0.04   2        0        3914        3705.00     0.00        3705.00    
  77       2102523      1        8        88650        0.51   30       0        3897        2955.00     0.00        2955.00    
  78       2016181      1        2        7423         0.04   2        0        3776        3711.50     0.00        3711.50    
  79       2010143      1        3        164860       0.95   58       0        3770        2842.41     0.00        2842.41    
  80       2008420      1        4        12928        0.07   4        0        3763        3232.00     0.00        3232.00    
  81       2021976      1        2        54421        0.32   18       0        3756        3023.39     0.00        3023.39    
  82       2022506      1        3        14520        0.08   5        0        3745        2904.00     0.00        2904.00    
  83       2024777      1        2        105518       0.61   36       0        3740        2931.06     0.00        2931.06    
  84       2023618      1        3        31461        0.18   11       0        3733        2860.09     0.00        2860.09    
  85       2014704      1        7        7071         0.04   2        0        3647        3535.50     0.00        3535.50    
  86       2019016      1        3        27474        0.16   9        0        3645        3052.67     0.00        3052.67    
  87       2012236      1        2        3623         0.02   1        0        3623        3623.00     0.00        3623.00    
  88       2021702      1        1        31268        0.18   10       0        3623        3126.80     0.00        3126.80    
  89       2102257      1        10       6636         0.04   2        0        3615        3318.00     0.00        3318.00    
  90       2021978      1        6        54525        0.32   18       0        3597        3029.17     0.00        3029.17    
  91       2023624      1        3        200881       1.16   74       0        3585        2714.61     0.00        2714.61    
  92       2008118      1        3        145087       0.84   53       0        3571        2737.49     0.00        2737.49    
  93       2016178      1        2        6591         0.04   2        0        3568        3295.50     0.00        3295.50    
  94       2025401      1        2        3553         0.02   1        0        3553        3553.00     0.00        3553.00    
  95       2103238      1        4        60260        0.35   22       0        3534        2739.09     0.00        2739.09    
  96       2103158      1        6        102229       0.59   36       0        3533        2839.69     0.00        2839.69    
  97       2009984      1        2        6802         0.04   2        0        3518        3401.00     0.00        3401.00    
  98       2100518      1        8        18996        0.11   6        0        3496        3166.00     0.00        3166.00    
  99       2023614      1        3        21211        0.12   7        0        3472        3030.14     0.00        3030.14    
  100      2021701      1        1        31416        0.18   10       0        3467        3141.60     0.00        3141.60    
  101      2023316      1        2        3450         0.02   1        0        3450        3450.00     0.00        3450.00    
  102      2010142      1        4        154531       0.89   58       0        3422        2664.33     0.00        2664.33    
  103      2018558      1        5        54802        0.32   19       0        3422        2884.32     0.00        2884.32    
  104      2023615      1        3        34237        0.20   12       0        3420        2853.08     0.00        2853.08    
  105      2023612      1        4        40333        0.23   14       0        3418        2880.93     0.00        2880.93    
  106      2008119      1        3        67870        0.39   24       0        3376        2827.92     0.00        2827.92    
  107      2023616      1        3        36411        0.21   13       0        3352        2800.85     0.00        2800.85    
  108      2023626      1        3        217147       1.26   81       0        3351        2680.83     0.00        2680.83    
  109      2008117      1        3        64271        0.37   22       0        3340        2921.41     0.00        2921.41    
  110      2103159      1        4        55409        0.32   18       0        3335        3078.28     0.00        3078.28    
  111      2021248      1        7        3330         0.02   1        0        3330        3330.00     0.00        3330.00    
  112      2008297      1        5        11772        0.07   4        0        3284        2943.00     0.00        2943.00    
  113      2023613      1        3        51341        0.30   18       0        3255        2852.28     0.00        2852.28    
  114      2019312      1        2        3252         0.02   1        0        3252        3252.00     0.00        3252.00    
  115      2024778      1        1        11609        0.07   4        0        3251        2902.25     0.00        2902.25    
  116      2021977      1        6        11656        0.07   4        0        3247        2914.00     0.00        2914.00    
  117      2023054      1        2        5859         0.03   2        0        3242        2929.50     0.00        2929.50    
  118      2023619      1        3        13886        0.08   5        0        3232        2777.20     0.00        2777.20    
  119      2023053      1        2        5807         0.03   2        0        3201        2903.50     0.00        2903.50    
  120      2100540      1        12       12267        0.07   4        0        3185        3066.75     0.00        3066.75    
  121      2024435      1        1        3184         0.02   1        0        3184        3184.00     0.00        3184.00    
  122      2023621      1        4        27495        0.16   10       0        3168        2749.50     0.00        2749.50    
  123      2023617      1        3        19614        0.11   7        0        3161        2802.00     0.00        2802.00    
  124      2018283      1        5        11460        0.07   4        0        3104        2865.00     0.00        2865.00    
  125      2021267      1        2        

This file has been truncated. Go here to download in full.


packet_stats.log - (17017 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           755            86097      148212788      89123007         67.3b   87.57
 IPv4      17            78         24723161      148042300     105277141          8.2b   10.69
 IPv6      17             3        102980602      103377020     103191720        309.6m    0.40
 IPv6      58            10        102283205      103561885     102841644          1.0b    1.34
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           755            65912       10590667        183529        138.6m   72.53
TMM_FLOWWORKER              IPv4      17            78           134738       15935568        485625         37.9m   19.83
TMM_RECEIVEPCAPFILE         IPv4       6           715             2532          29065          2957          2.1m    1.11
TMM_RECEIVEPCAPFILE         IPv4      17            78             2556           3643          2893        225.7k    0.12
TMM_DECODEPCAPFILE          IPv4       6           715             2654        8371509         14798         10.6m    5.54
TMM_DECODEPCAPFILE          IPv4      17            78             2689           9033          3021        235.7k    0.12
TMM_FLOWWORKER              IPv6      17             3           167317         223561        197262        591.8k    0.31
TMM_FLOWWORKER              IPv6      58            10            66834          86889         74686        746.9k    0.39
TMM_RECEIVEPCAPFILE         IPv6      17             3             2545           3214          2872          8.6k    0.00
TMM_RECEIVEPCAPFILE         IPv6      58            10             2611           2855          2799         28.0k    0.01
TMM_DECODEPCAPFILE          IPv6      17             3             2700           3135          2900          8.7k    0.00
TMM_DECODEPCAPFILE          IPv6      58            10             2787          20948          4765         47.7k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           715             2829          38359          3519          2.5m  1.74  
flow                    IPv4      17            78             2833          19030          4005        312.4k  0.22  
stream                  IPv4       6           755             2557        9380780         27715         20.9m  14.45 
app-layer               IPv4      17            78             2538          40897          9897        772.0k  0.53  
detect                  IPv4       6           755            44645       10557333        131245         99.1m  68.40 
detect                  IPv4      17            78           118389         543065        226265         17.6m  12.18 
tcp-prune               IPv4       6           755             2518          40083          3171          2.4m  1.65  
flow                    IPv6      17             3             2945           4698          3867         11.6k  0.01  
flow                    IPv6      58            10             2846           3835          3145         31.5k  0.02  
app-layer               IPv6      17             3             2763           9536          7043         21.1k  0.01  
detect                  IPv6      17             3           142426         199175        175121        525.4k  0.36  
detect                  IPv6      58            10            55133          74319         61054        610.5k  0.42  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            20125          64231         42178         84.4k  19.39 
tls                     IPv4       6            29             2675          22928          4007        116.2k  26.72 
dns                     IPv4      17            38             3557          15945          6168        234.4k  53.89 
Proto detect            IPv4      17            36             3321          15919          6697        241.1k
Proto detect            IPv6      17             2             3227           3597          3412          6.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            34            28751       15480678        531389         18.1m  91.53 
LOGGER_JSON_HTTP            IPv4       6             2           103676         133522        118599        237.2k  1.20  
LOGGER_JSON_TLS             IPv4       6            18            39348          97322         64886          1.2m  5.92  
LOGGER_JSON_FILE            IPv4       6             2            85697         180118        132907        265.8k  1.35  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           257             2564        4790962         42106        10.8m  51.77 
payload                           IPv4      17            78             3636          51505         15972         1.2m  5.96  
stream                            IPv4       6           257             2544         265425         28025         7.2m  34.46 
http_uri                          IPv4       6             2            36546          38851         37698        75.4k  0.36  
http_request_line                 IPv4       6             2             7975           8996          8485        17.0k  0.08  
http_client_body                  IPv4       6             2             3179           4612          3895         7.8k  0.04  
http_header (request)             IPv4       6             2            33131          37691         35411        70.8k  0.34  
http_header (request trailer)     IPv4       6             2             2642           3250          2946         5.9k  0.03  
http_header_names (request)       IPv4       6             2            15159          16050         15604        31.2k  0.15  
http_accept (request)             IPv4       6             2             4275           4375          4325         8.6k  0.04  
http_referer (request)            IPv4       6             2             3170           3721          3445         6.9k  0.03  
http_content_len (request)        IPv4       6             2             3422           4363          3892         7.8k  0.04  
http_content_type (request)       IPv4       6             2             3404           3695          3549         7.1k  0.03  
http_start (request)              IPv4       6             2             9865          10552         10208        20.4k  0.10  
http_raw_header (request)         IPv4       6             2             9886          10040          9963        19.9k  0.10  
http_method                       IPv4       6             2             4290           4311          4300         8.6k  0.04  
http_cookie (request)             IPv4       6             2             3251           3467          3359         6.7k  0.03  
http_raw_uri                      IPv4       6             2             6366          23206         14786        29.6k  0.14  
http_user_agent                   IPv4       6             2            11644          12983         12313        24.6k  0.12  
http_host                         IPv4       6             2             9863           9874          9868        19.7k  0.09  
dns_query                         IPv4      17            17             4576          13630          9868       167.8k  0.80  
tls_sni                           IPv4       6            42             2847          10018          4893       205.5k  0.98  
http_response_line                IPv4       6             2             8026           9547          8786        17.6k  0.08  
http_header (response)            IPv4       6             2            53523          76969         65246       130.5k  0.62  
http_header (response trailer)    IPv4       6             2             2608           2661          2634         5.3k  0.03  
http_content_type (response)      IPv4       6             2             5076           5248          5162        10.3k  0.05  
http_raw_header (response)        IPv4       6             2            15181          15282         15231        30.5k  0.15  
http_cookie (response)            IPv4       6             2             3542           4472          4007         8.0k  0.04  
http_stat_code                    IPv4       6             2             3901           5450          4675         9.4k  0.04  
tls_cert_issuer                   IPv4       6            18             3514          51853          8366       150.6k  0.72  
tls_cert_subject                  IPv4       6            18             3072          45855          8401       151.2k  0.72  
tls_cert_serial                   IPv4       6            18             3203          19624          5689       102.4k  0.49  
file_data (http response)         IPv4       6             2            99185         109581        104383       208.8k  1.00  
Total                             IPv4                   755                                         27596        20.8m
payload                           IPv6      17             3             4453          12857          9400        28.2k  0.13  
payload                           IPv6      58            10             2888           7419          4005        40.1k  0.19  
Total                             IPv6                    13                                          5250        68.3k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            78             3336         110950         21588          1.7m  1.47  
PROF_DETECT_IPONLY          IPv4      17            36            19040          58244         26656        959.7k  0.84  
PROF_DETECT_RULES           IPv4       6           755             2523         645849         23541         17.8m  15.51 
PROF_DETECT_RULES           IPv4      17            78            59255         396973        122094          9.5m  8.31  
PROF_DETECT_STATEFUL_START    IPv4       6             8             5389          64274         28118        224.9k  0.20  
PROF_DETECT_STATEFUL_CONT    IPv4       6           755             2514          52706          4160          3.1m  2.74  
PROF_DETECT_STATEFUL_CONT    IPv4      17            78             2537          26101          3954        308.5k  0.27  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           555             2553          83298          3010          1.7m  1.46  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            38             2613           3880          2931        111.4k  0.10  
PROF_DETECT_PREFILTER       IPv4       6           755             7768        4830187         46083         34.8m  30.35 
PROF_DETECT_PREFILTER       IPv4      17            78            24530         113504         44905          3.5m  3.06  
PROF_DETECT_PF_PAYLOAD      IPv4       6           257            13851        4802880         78543         20.2m  17.61 
PROF_DETECT_PF_PAYLOAD      IPv4      17            78             8702          95130         22576          1.8m  1.54  
PROF_DETECT_PF_TX           IPv4       6           555             2638         256479          6578          3.7m  3.18  
PROF_DETECT_PF_TX           IPv4      17            19             2717          19471         14452        274.6k  0.24  
PROF_DETECT_PF_SORT1        IPv4       6           212             2527          52829          3376        715.9k  0.62  
PROF_DETECT_PF_SORT1        IPv4      17            78             2827           5105          3579        279.2k  0.24  
PROF_DETECT_PF_SORT2        IPv4       6           755             2516          51230          2865          2.2m  1.89  
PROF_DETECT_PF_SORT2        IPv4      17            78             2556           4244          2936        229.1k  0.20  
PROF_DETECT_NONMPMLIST      IPv4       6           755             2531          38047          3045          2.3m  2.01  
PROF_DETECT_NONMPMLIST      IPv4      17            78             2529          36083          3703        288.9k  0.25  
PROF_DETECT_ALERT           IPv4       6           755             2521         105570          3064          2.3m  2.02  
PROF_DETECT_ALERT           IPv4      17            78             2537           3645          2700        210.7k  0.18  
PROF_DETECT_CLEANUP         IPv4       6           755             2519          32020          3006          2.3m  1.98  
PROF_DETECT_CLEANUP         IPv4      17            78             2527           4607          3011        234.9k  0.20  
PROF_DETECT_GETSGH          IPv4       6           755             2518          51925          3501          2.6m  2.31  
PROF_DETECT_GETSGH          IPv4      17            78             2531          39846          5092        397.2k  0.35  
PROF_DETECT_IPONLY          IPv6      17             2             3207           3344          3275          6.6k  0.01  
PROF_DETECT_IPONLY          IPv6      58             1             6347           6347          6347          6.3k  0.01  
PROF_DETECT_RULES           IPv6      17             3            54397         115838         88337        265.0k  0.23  
PROF_DETECT_RULES           IPv6      58            10             2540          10751          4123         41.2k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv6      17             3             2525           2864          2640          7.9k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv6      58            10             2755           2903          2809         28.1k  0.02  
PROF_DETECT_PREFILTER       IPv6      17             3            26462          35486         31840         95.5k  0.08  
PROF_DETECT_PREFILTER       IPv6      58            10            18487          25375         20307        203.1k  0.18  
PROF_DETECT_PF_PAYLOAD      IPv6      17             3             9961          18188         14781         44.3k  0.04  
PROF_DETECT_PF_PAYLOAD      IPv6      58            10             7968          13440          9365         93.7k  0.08  
PROF_DETECT_PF_SORT1        IPv6      17             3             3477           4008          3739         11.2k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             3             2675           3126          2921          8.8k  0.01  
PROF_DETECT_PF_SORT2        IPv6      58            10             2531           3048          2659         26.6k  0.02  
PROF_DETECT_NONMPMLIST      IPv6      17             3             2743           3050          2848          8.5k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      58            10             2728           3407          2880         28.8k  0.03  
PROF_DETECT_ALERT           IPv6      17             3             2557          16105          7080     

This file has been truncated. Go here to download in full.


stats.log - (3756 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
------------------------------------------------------------------------------------
Date: 11/26/2018 -- 16:18:30 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 949
decoder.bytes                              | Total                     | 283143
decoder.invalid                            | Total                     | 18
decoder.ipv4                               | Total                     | 811
decoder.ipv6                               | Total                     | 13
decoder.ethernet                           | Total                     | 949
decoder.tcp                                | Total                     | 715
decoder.udp                                | Total                     | 81
decoder.icmpv6                             | Total                     | 10
decoder.avg_pkt_size                       | Total                     | 298
decoder.max_pkt_size                       | Total                     | 10987
flow.tcp                                   | Total                     | 40
flow.udp                                   | Total                     | 21
flow.icmpv6                                | Total                     | 1
decoder.ipv4.iplen_smaller_than_hlen       | Total                     | 18
tcp.sessions                               | Total                     | 25
tcp.syn                                    | Total                     | 25
tcp.synack                                 | Total                     | 25
tcp.rst                                    | Total                     | 14
tcp.reassembly_gap                         | Total                     | 5
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 18
app_layer.flow.dns_udp                     | Total                     | 17
app_layer.tx.dns_udp                       | Total                     | 17
app_layer.flow.failed_udp                  | Total                     | 4
flow_mgr.closed_pruned                     | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 19
flow_mgr.est_pruned                        | Total                     | 11
flow.spare                                 | Total                     | 10032
flow_mgr.flows_checked                     | Total                     | 62
flow_mgr.flows_notimeout                   | Total                     | 14
flow_mgr.flows_timeout                     | Total                     | 48
flow_mgr.flows_timeout_inuse               | Total                     | 16
flow_mgr.flows_removed                     | Total                     | 32
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65474
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7092160


eve.json - (31918 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2018-11-22T05:25:13.004934+0000","flow_id":2223441180169030,"pcap_cnt":38,"event_type":"dns","src_ip":"172.16.68.157","src_port":58362,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65450,"rrname":"contentstorage.osi.office.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:13.095500+0000","flow_id":2223441180169030,"pcap_cnt":39,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":58362,"proto":"UDP","dns":{"type":"answer","id":65450,"rcode":"NOERROR","rrname":"contentstorage.osi.office.net","rrtype":"CNAME","ttl":5,"rdata":"wildcard-contentstorage.osi.office.net.edgekey.net"}}
{"timestamp":"2018-11-22T05:25:13.095500+0000","flow_id":2223441180169030,"pcap_cnt":39,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":58362,"proto":"UDP","dns":{"type":"answer","id":65450,"rcode":"NOERROR","rrname":"wildcard-contentstorage.osi.office.net.edgekey.net","rrtype":"CNAME","ttl":5,"rdata":"e9398.g.akamaiedge.net"}}
{"timestamp":"2018-11-22T05:25:13.095500+0000","flow_id":2223441180169030,"pcap_cnt":39,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":58362,"proto":"UDP","dns":{"type":"answer","id":65450,"rcode":"NOERROR","rrname":"e9398.g.akamaiedge.net","rrtype":"A","ttl":5,"rdata":"23.12.217.216"}}
{"timestamp":"2018-11-22T05:25:13.284538+0000","flow_id":506671885031901,"pcap_cnt":51,"event_type":"tls","src_ip":"172.16.68.157","src_port":49764,"dest_ip":"23.12.217.216","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.osi.office.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:17.551934+0000","flow_id":793644420131838,"pcap_cnt":61,"event_type":"dns","src_ip":"172.16.68.157","src_port":53644,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21930,"rrname":"v10.events.data.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:17.615659+0000","flow_id":793644420131838,"pcap_cnt":62,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53644,"proto":"UDP","dns":{"type":"answer","id":21930,"rcode":"NOERROR","rrname":"v10.events.data.microsoft.com","rrtype":"CNAME","ttl":5,"rdata":"v10.events.data.microsoft.com.aria.akadns.net"}}
{"timestamp":"2018-11-22T05:25:17.615659+0000","flow_id":793644420131838,"pcap_cnt":62,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53644,"proto":"UDP","dns":{"type":"answer","id":21930,"rcode":"NOERROR","rrname":"v10.events.data.microsoft.com.aria.akadns.net","rrtype":"CNAME","ttl":5,"rdata":"onecollector.cloudapp.aria.akadns.net"}}
{"timestamp":"2018-11-22T05:25:17.615659+0000","flow_id":793644420131838,"pcap_cnt":62,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53644,"proto":"UDP","dns":{"type":"answer","id":21930,"rcode":"NOERROR","rrname":"onecollector.cloudapp.aria.akadns.net","rrtype":"A","ttl":5,"rdata":"52.114.6.46"}}
{"timestamp":"2018-11-22T05:25:17.823590+0000","flow_id":1576760839595955,"pcap_cnt":72,"event_type":"tls","src_ip":"172.16.68.157","src_port":49766,"dest_ip":"52.114.6.46","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft, CN=*.events.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011"}}
{"timestamp":"2018-11-22T05:25:17.993292+0000","flow_id":2181264601589772,"pcap_cnt":80,"event_type":"dns","src_ip":"172.16.68.157","src_port":59374,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46404,"rrname":"mobile.pipe.aria.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:18.028973+0000","flow_id":2181264601589772,"pcap_cnt":81,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59374,"proto":"UDP","dns":{"type":"answer","id":46404,"rcode":"NOERROR","rrname":"mobile.pipe.aria.microsoft.com","rrtype":"CNAME","ttl":5,"rdata":"prd.col.aria.mobile.skypedata.akadns.net"}}
{"timestamp":"2018-11-22T05:25:18.028973+0000","flow_id":2181264601589772,"pcap_cnt":81,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59374,"proto":"UDP","dns":{"type":"answer","id":46404,"rcode":"NOERROR","rrname":"prd.col.aria.mobile.skypedata.akadns.net","rrtype":"CNAME","ttl":5,"rdata":"pipe.skype.com"}}
{"timestamp":"2018-11-22T05:25:18.028973+0000","flow_id":2181264601589772,"pcap_cnt":81,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59374,"proto":"UDP","dns":{"type":"answer","id":46404,"rcode":"NOERROR","rrname":"pipe.skype.com","rrtype":"CNAME","ttl":5,"rdata":"pipe.prd.skypedata.akadns.net"}}
{"timestamp":"2018-11-22T05:25:18.028973+0000","flow_id":2181264601589772,"pcap_cnt":81,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59374,"proto":"UDP","dns":{"type":"answer","id":46404,"rcode":"NOERROR","rrname":"pipe.prd.skypedata.akadns.net","rrtype":"CNAME","ttl":5,"rdata":"pipe.cloudapp.aria.akadns.net"}}
{"timestamp":"2018-11-22T05:25:18.028973+0000","flow_id":2181264601589772,"pcap_cnt":81,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59374,"proto":"UDP","dns":{"type":"answer","id":46404,"rcode":"NOERROR","rrname":"pipe.cloudapp.aria.akadns.net","rrtype":"A","ttl":5,"rdata":"52.114.76.35"}}
{"timestamp":"2018-11-22T05:25:18.780531+0000","flow_id":281744448058884,"pcap_cnt":126,"event_type":"tls","src_ip":"172.16.68.157","src_port":49768,"dest_ip":"52.114.76.35","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.pipe.aria.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1"}}
{"timestamp":"2018-11-22T05:25:18.803428+0000","flow_id":791200583808357,"pcap_cnt":132,"event_type":"tls","src_ip":"172.16.68.157","src_port":49767,"dest_ip":"52.114.76.35","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.pipe.aria.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1"}}
{"timestamp":"2018-11-22T05:25:20.609821+0000","flow_id":913544874839581,"pcap_cnt":163,"event_type":"dns","src_ip":"172.16.68.157","src_port":52688,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7265,"rrname":"officeclient.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:20.682701+0000","flow_id":913544874839581,"pcap_cnt":164,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52688,"proto":"UDP","dns":{"type":"answer","id":7265,"rcode":"NOERROR","rrname":"officeclient.microsoft.com","rrtype":"CNAME","ttl":5,"rdata":"config.officeapps.live.com"}}
{"timestamp":"2018-11-22T05:25:20.682701+0000","flow_id":913544874839581,"pcap_cnt":164,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52688,"proto":"UDP","dns":{"type":"answer","id":7265,"rcode":"NOERROR","rrname":"config.officeapps.live.com","rrtype":"CNAME","ttl":5,"rdata":"prod.configsvc1.live.com.akadns.net"}}
{"timestamp":"2018-11-22T05:25:20.682701+0000","flow_id":913544874839581,"pcap_cnt":164,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52688,"proto":"UDP","dns":{"type":"answer","id":7265,"rcode":"NOERROR","rrname":"prod.configsvc1.live.com.akadns.net","rrtype":"CNAME","ttl":5,"rdata":"asia.configsvc1.live.com.akadns.net"}}
{"timestamp":"2018-11-22T05:25:20.682701+0000","flow_id":913544874839581,"pcap_cnt":164,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52688,"proto":"UDP","dns":{"type":"answer","id":7265,"rcode":"NOERROR","rrname":"asia.configsvc1.live.com.akadns.net","rrtype":"A","ttl":5,"rdata":"52.109.124.4"}}
{"timestamp":"2018-11-22T05:25:40.818255+0000","flow_id":1177930178001999,"pcap_cnt":179,"event_type":"dns","src_ip":"172.16.68.157","src_port":52921,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30409,"rrname":"fp.msedge.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:40.868901+0000","flow_id":1177930178001999,"pcap_cnt":184,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52921,"proto":"UDP","dns":{"type":"answer","id":30409,"rcode":"NOERROR","rrname":"fp.msedge.net","rrtype":"CNAME","ttl":5,"rdata":"1.perf.msedge.net"}}
{"timestamp":"2018-11-22T05:25:40.868901+0000","flow_id":1177930178001999,"pcap_cnt":184,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52921,"proto":"UDP","dns":{"type":"answer","id":30409,"rcode":"NOERROR","rrname":"1.perf.msedge.net","rrtype":"CNAME","ttl":5,"rdata":"a-0019.a-msedge.net"}}
{"timestamp":"2018-11-22T05:25:40.868901+0000","flow_id":1177930178001999,"pcap_cnt":184,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52921,"proto":"UDP","dns":{"type":"answer","id":30409,"rcode":"NOERROR","rrname":"a-0019.a-msedge.net","rrtype":"A","ttl":5,"rdata":"204.79.197.222"}}
{"timestamp":"2018-11-22T05:25:40.869958+0000","flow_id":1482271560618515,"pcap_cnt":189,"event_type":"tls","src_ip":"172.16.68.157","src_port":49769,"dest_ip":"13.107.21.200","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.bing.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:41.076067+0000","flow_id":2178419187271076,"pcap_cnt":227,"event_type":"tls","src_ip":"172.16.68.157","src_port":49770,"dest_ip":"204.79.197.222","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.msedge.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:43.279201+0000","flow_id":2239936004047521,"pcap_cnt":256,"event_type":"dns","src_ip":"172.16.68.157","src_port":52939,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51765,"rrname":"iteactive-sge.msedge.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:43.342557+0000","flow_id":2239936004047521,"pcap_cnt":257,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52939,"proto":"UDP","dns":{"type":"answer","id":51765,"rcode":"NOERROR","rrname":"iteactive-sge.msedge.net","rrtype":"CNAME","ttl":5,"rdata":"m1-0042.m1-msedge.net"}}
{"timestamp":"2018-11-22T05:25:43.342557+0000","flow_id":2239936004047521,"pcap_cnt":257,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":52939,"proto":"UDP","dns":{"type":"answer","id":51765,"rcode":"NOERROR","rrname":"m1-0042.m1-msedge.net","rrtype":"A","ttl":5,"rdata":"13.107.255.97"}}
{"timestamp":"2018-11-22T05:25:43.545186+0000","flow_id":701921100250405,"pcap_cnt":268,"event_type":"tls","src_ip":"172.16.68.157","src_port":49771,"dest_ip":"13.107.255.97","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.msedge.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:43.756662+0000","flow_id":1413028098050998,"pcap_cnt":295,"event_type":"dns","src_ip":"172.16.68.157","src_port":53536,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40735,"rrname":"l-ring.msedge.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:43.816564+0000","flow_id":1413028098050998,"pcap_cnt":296,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53536,"proto":"UDP","dns":{"type":"answer","id":40735,"rcode":"NOERROR","rrname":"l-ring.msedge.net","rrtype":"CNAME","ttl":5,"rdata":"l-ring.l-9999.l-msedge.net"}}
{"timestamp":"2018-11-22T05:25:43.816564+0000","flow_id":1413028098050998,"pcap_cnt":296,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53536,"proto":"UDP","dns":{"type":"answer","id":40735,"rcode":"NOERROR","rrname":"l-ring.l-9999.l-msedge.net","rrtype":"CNAME","ttl":5,"rdata":"l-9999.l-msedge.net"}}
{"timestamp":"2018-11-22T05:25:43.816564+0000","flow_id":1413028098050998,"pcap_cnt":296,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":53536,"proto":"UDP","dns":{"type":"answer","id":40735,"rcode":"NOERROR","rrname":"l-9999.l-msedge.net","rrtype":"A","ttl":5,"rdata":"13.107.42.254"}}
{"timestamp":"2018-11-22T05:25:43.993293+0000","flow_id":911519799277725,"pcap_cnt":307,"event_type":"tls","src_ip":"172.16.68.157","src_port":49772,"dest_ip":"13.107.42.254","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.msedge.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:44.219250+0000","flow_id":1728562165471346,"pcap_cnt":334,"event_type":"dns","src_ip":"172.16.68.157","src_port":59477,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27266,"rrname":"a-ring.msedge.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:44.278194+0000","flow_id":1728562165471346,"pcap_cnt":335,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59477,"proto":"UDP","dns":{"type":"answer","id":27266,"rcode":"NOERROR","rrname":"a-ring.msedge.net","rrtype":"CNAME","ttl":5,"rdata":"a-ring.a-9999.a-msedge.net"}}
{"timestamp":"2018-11-22T05:25:44.278194+0000","flow_id":1728562165471346,"pcap_cnt":335,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59477,"proto":"UDP","dns":{"type":"answer","id":27266,"rcode":"NOERROR","rrname":"a-ring.a-9999.a-msedge.net","rrtype":"CNAME","ttl":5,"rdata":"a-9999.a-msedge.net"}}
{"timestamp":"2018-11-22T05:25:44.278194+0000","flow_id":1728562165471346,"pcap_cnt":335,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59477,"proto":"UDP","dns":{"type":"answer","id":27266,"rcode":"NOERROR","rrname":"a-9999.a-msedge.net","rrtype":"A","ttl":5,"rdata":"204.79.197.254"}}
{"timestamp":"2018-11-22T05:25:44.449649+0000","flow_id":1659595728110453,"pcap_cnt":346,"event_type":"tls","src_ip":"172.16.68.157","src_port":49773,"dest_ip":"204.79.197.254","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.msedge.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-11-22T05:25:45.701235+0000","flow_id":1213088780628787,"pcap_cnt":389,"event_type":"dns","src_ip":"172.16.68.157","src_port":59128,"dest_ip":"172.16.68.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18069,"rrname":"cdn.content.prod.cms.msn.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T05:25:45.749731+0000","flow_id":1213088780628787,"pcap_cnt":390,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59128,"proto":"UDP","dns":{"type":"answer","id":18069,"rcode":"NOERROR","rrname":"cdn.content.prod.cms.msn.com","rrtype":"CNAME","ttl":5,"rdata":"cdn.content.prod.cms.msn.com.edgekey.net"}}
{"timestamp":"2018-11-22T05:25:45.749731+0000","flow_id":1213088780628787,"pcap_cnt":390,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59128,"proto":"UDP","dns":{"type":"answer","id":18069,"rcode":"NOERROR","rrname":"cdn.content.prod.cms.msn.com.edgekey.net","rrtype":"CNAME","ttl":5,"rdata":"e10663.dscg.akamaiedge.net"}}
{"timestamp":"2018-11-22T05:25:45.749731+0000","flow_id":1213088780628787,"pcap_cnt":390,"event_type":"dns","src_ip":"172.16.68.2","src_port":53,"dest_ip":"172.16.68.157","dest_port":59128,"proto":"UDP","dns":{"type":"answer","id":18069,"rcode":"NOERROR","rrname":"e10663.dscg.akamaiedge.net","rrtype":"A","ttl":5,"rdata":"171.102.242.75"}}
{"timestamp":"2018-11-22T05:25:45.822564+0000","flow_id":2025666528249279,"pcap_cnt":405,"ev

This file has been truncated. Go here to download in full.


keyword_perf.log - (7065 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/26/2018 -- 16:18:30
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             86749           22              22              12383           3943.00         3943.00         0.00           
  content          2758254         791             326             22001           3487.00         4232.00         2964.00        
  pcre             692533          138             0               92025           5018.00         0.00            5018.00        
  byte_test        595686          195             107             16778           3054.00         3155.00         2932.00        
  byte_jump        125045          34              8               17098           3677.00         3339.00         3782.00        
  isdataat         72613           19              0               18201           3821.00         0.00            3821.00        
  urilen           14236           4               0               4031            3559.00         0.00            3559.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             86749           22              22              12383           3943.00         3943.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2696424         779             324             22001           3461.00         4224.00         2917.00        
  pcre             692533          138             0               92025           5018.00         0.00            5018.00        
  byte_test        595686          195             107             16778           3054.00         3155.00         2932.00        
  byte_jump        125045          34              8               17098           3677.00         3339.00         3782.00        
  isdataat         72613           19              0               18201           3821.00         0.00            3821.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8056            2               0               4035            4028.00         0.00            4028.00        
  urilen           14236           4               0               4031            3559.00         0.00            3559.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21313           2               0               18039           10656.00        0.00            10656.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17516           4               2               5798            4379.00         5425.00         3333.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8328            2               0               4245            4164.00         0.00            4164.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6617            2               0               3487            3308.00         0.00            3308.00        


suricata-report-2018-11-26-T-16-18-30-11262018.1618-Phishing.pcapng.txt - (18178 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/0c75c54e096bb79be2796c260fc2915ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11262018.1618-Phishing.pcapng -vvv -k none
elapsedtime:9.054243
stderr:
stdout:
26/11/2018 -- 16:18:21 - <Info> - Configuration node 'rule-files' redefined.
26/11/2018 -- 16:18:21 - <Notice> - This is Suricata version 4.0.0 RELEASE
26/11/2018 -- 16:18:21 - <Info> - CPUs/cores online: 1
26/11/2018 -- 16:18:21 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32440 and 'request-body-inspect-window' set to 15805 after randomization.
26/11/2018 -- 16:18:21 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32230 and 'response-body-inspect-window' set to 15600 after randomization.
26/11/2018 -- 16:18:21 - <Config> - DNS request flood protection level: 500
26/11/2018 -- 16:18:21 - <Config> - DNS per flow memcap (state-memcap): 524288
26/11/2018 -- 16:18:21 - <Config> - DNS global memcap: 16777216
26/11/2018 -- 16:18:21 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
26/11/2018 -- 16:18:21 - <Config> - preallocated 1000 hosts of size 136
26/11/2018 -- 16:18:21 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
26/11/2018 -- 16:18:21 - <Config> - using magic-file /usr/share/file/magic
26/11/2018 -- 16:18:21 - <Config> - Core dump size is unlimited.
26/11/2018 -- 16:18:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
26/11/2018 -- 16:18:21 - <Config> - preallocated 1000 defrag trackers of size 168
26/11/2018 -- 16:18:21 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
26/11/2018 -- 16:18:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
26/11/2018 -- 16:18:21 - <Config> - stream "memcap": 33554432
26/11/2018 -- 16:18:21 - <Config> - stream "midstream" session pickups: disabled
26/11/2018 -- 16:18:21 - <Config> - stream "async-oneside": disabled
26/11/2018 -- 16:18:21 - <Config> - stream "checksum-validation": disabled
26/11/2018 -- 16:18:21 - <Config> - stream."inline": disabled
26/11/2018 -- 16:18:21 - <Config> - stream "bypass": disabled
26/11/2018 -- 16:18:21 - <Config> - stream "max-synack-queued": 5
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly "memcap": 134217728
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly "depth": 0
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly "toserver-chunk-size": 2439
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly "toclient-chunk-size": 2611
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly.raw: enabled
26/11/2018 -- 16:18:21 - <Config> - stream.reassembly "segment-prealloc": 2048
26/11/2018 -- 16:18:21 - <Config> - Delayed detect disabled
26/11/2018 -- 16:18:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
26/11/2018 -- 16:18:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
26/11/2018 -- 16:18:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
26/11/2018 -- 16:18:21 - <Config> - prefilter engines: MPM
26/11/2018 -- 16:18:21 - <Config> - IP reputation disabled
26/11/2018 -- 16:18:21 - <Perf> - Registered 148 keyword profiling counters.
26/11/2018 -- 16:18:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
26/11/2018 -- 16:18:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
26/11/2018 -- 16:18:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
26/11/2018 -- 16:18:22 - <Config> - No rules loaded from ET-emerging-icmp.rules.
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
26/11/2018 -- 16:18:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
26/11/2018 -- 16:18:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
26/11/2018 -- 16:18:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
26/11/2018 -- 16:18:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
26/11/2018 -- 16:18:26 - <Config> - No rules loaded from local.rules.
26/11/2018 -- 16:18:26 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
26/11/2018 -- 16:18:26 - <Info> - Threshold config parsed: 0 rule(s) found
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tcp-packet
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tcp-stream
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for udp-packet
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for other-ip
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_uri
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_request_line
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_client_body
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_response_line
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_header
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_header
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_header_names
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_header_names
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_accept
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_accept_enc
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_accept_lang
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_referer
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_connection
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_content_len
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_content_len
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_content_type
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_content_type
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_protocol
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_protocol
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_start
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_start
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_raw_header
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_raw_header
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_method
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_cookie
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_cookie
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_raw_uri
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_user_agent
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_host
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_raw_host
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_stat_msg
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_stat_code
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for dns_query
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tls_sni
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tls_cert_issuer
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tls_cert_subject
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for tls_cert_serial
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for dce_stub_data
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for dce_stub_data
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for ssh_protocol
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for ssh_protocol
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for ssh_software
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for ssh_software
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for file_data
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for file_data
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_request_line
26/11/2018 -- 16:18:26 - <Perf> - using shared mpm ctx' for http_response_line
26/11/2018 -- 16:18:26 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
26/11/2018 -- 16:18:26 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
26/11/2018 -- 16:18:26 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
26/11/2018 -- 16:18:26 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
26/11/2018 -- 16:18:26 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
26/11/2018 -- 16:18:26 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
26/11/2018 -- 16:18:26 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
26/11/2018 -- 16:18:26 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
26/11/2018 -- 16:18:27 - <Perf> - Unique rule groups: 111
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toserver TCP packet": 31
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toclient TCP packet": 20
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toserver TCP stream": 31
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toclient TCP stream": 21
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toserver UDP packet": 33
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "toclient UDP packet": 15
26/11/2018 -- 16:18:27 - <Perf> - Builtin MPM "other IP packet": 2
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_uri": 8
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_request_line": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_client_body": 6
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_response_line": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_header": 6
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_header": 3
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_header_names": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_accept": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_referer": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_content_len": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_content_type": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_content_type": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_start": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_method": 3
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_cookie": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_cookie": 2
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver http_host": 2
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver dns_query": 4
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver tls_sni": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toserver file_data": 1
26/11/2018 -- 16:18:27 - <Perf> - AppLayer MPM "toclient file_data": 5
26/11/2018 -- 16:18:28 - <Perf> - Registered 18241 rule profiling counters.
26/11/2018 -- 16:18:28 - <Info> - fast output device (regular) initialized: alert
26/11/2018 -- 16:18:28 - <Info> - eve-log output device (regular) initialized: eve.json
26/11/2018 -- 16:18:28 - <Config> - enabling 'eve-log' module 'alert'
26/11/2018 -- 16:18:28 - <Config> - enabling 'eve-log' module 'http'
26/11/2018 -- 16:18:28 - <Config> - enabling 'eve-log' module 'dns'
26/11/2018 -- 16:18:28 - <Config> - enabling 'eve-log' module 'tls'
26/11/2018 -- 16:18:28 - <Config> - enabling 'eve-log' module 'files'
26/11/2018 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1153 bytes) - download
1
2
3
4
5
6
7
8
2018-11-26 16:18:20,322 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-26 16:18:21,129 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-26 16:18:21,129 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-26 16:18:21,130 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-26 16:18:21,130 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-26 16:18:21,130 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/0c75c54e096bb79be2796c260fc2915ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11262018.1618-Phishing.pcapng -vvv -k none
2018-11-26 16:18:30,187 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-26 16:18:30,188 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.87648701668