Filename: network (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4657759666 seconds
Hash: 1b6c320a4cb0c766fbfa91e510b04416
Uploaded: 1562333087

Logfiles


packet_stats.log - (14078 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            23          1477283       37330574      13616867        313.2m   87.08
 IPv4      17             7          1058931       18199613       6384738         44.7m   12.43
 IPv6      17             1          1777776        1777776       1777776          1.8m    0.49
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            23            68111       17305003       1456966         33.5m   89.49
TMM_FLOWWORKER              IPv4      17             7           168810         851653        486990          3.4m    9.10
TMM_RECEIVEPCAPFILE         IPv4       6            22             2532           3672          2884         63.5k    0.17
TMM_RECEIVEPCAPFILE         IPv4      17             7             2577          12088          4149         29.0k    0.08
TMM_DECODEPCAPFILE          IPv4       6            22             2671           3935          3070         67.6k    0.18
TMM_DECODEPCAPFILE          IPv4      17             7             2731          19856          5308         37.2k    0.10
TMM_FLOWWORKER              IPv6      17             1           307658         307658        307658        307.7k    0.82
TMM_RECEIVEPCAPFILE         IPv6      17             1             2932           2932          2932          2.9k    0.01
TMM_DECODEPCAPFILE          IPv6      17             1            16877          16877         16877         16.9k    0.05

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            22             2859           5664          3610         79.4k  0.22  
flow                    IPv4      17             7             2826          17908          6612         46.3k  0.13  
stream                  IPv4       6            23             3562         328063         46439          1.1m  3.00  
app-layer               IPv4      17             7             2563          23208         13430         94.0k  0.26  
detect                  IPv4       6            23            44874       16668910       1358944         31.3m  87.85 
detect                  IPv4      17             7           143818         732786        377421          2.6m  7.43  
tcp-prune               IPv4       6            23             2545          19197          4117         94.7k  0.27  
flow                    IPv6      17             1             3663           3663          3663          3.7k  0.01  
app-layer               IPv6      17             1             8994           8994          8994          9.0k  0.03  
detect                  IPv6      17             1           284235         284235        284235        284.2k  0.80  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             5288          45633         19371         58.1k  68.26 
dns                     IPv4      17             4             5242           9524          6755         27.0k  31.74 
Proto detect            IPv4      17             5             5435          14800          7749         38.7k
Proto detect            IPv6      17             1             3310           3310          3310          3.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            48766         323461        129057        516.2k  43.92 
LOGGER_JSON_HTTP            IPv4       6             2           123468         535621        329544        659.1k  56.08 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            10             2599          79455         26223       262.2k  1.57  
payload                           IPv4      17             7             6582         407100         77327       541.3k  3.24  
stream                            IPv4       6            10             2543        8983242        919245         9.2m  55.04 
http_uri                          IPv4       6             2            29402          32631         31016        62.0k  0.37  
http_request_line                 IPv4       6             2             7841           8955          8398        16.8k  0.10  
http_client_body                  IPv4       6             2             3507           3711          3609         7.2k  0.04  
http_header (request)             IPv4       6             2            73416          76495         74955       149.9k  0.90  
http_header (request trailer)     IPv4       6             2             2625           2632          2628         5.3k  0.03  
http_header_names (request)       IPv4       6             2            24589          26120         25354        50.7k  0.30  
http_accept (request)             IPv4       6             2             4750           4800          4775         9.6k  0.06  
http_referer (request)            IPv4       6             2             3258           3853          3555         7.1k  0.04  
http_content_len (request)        IPv4       6             2             3377           3940          3658         7.3k  0.04  
http_content_type (request)       IPv4       6             2             3459           3644          3551         7.1k  0.04  
http_protocol (request)           IPv4       6             2             5386           5553          5469        10.9k  0.07  
http_start (request)              IPv4       6             2            14748          15388         15068        30.1k  0.18  
http_raw_header (request)         IPv4       6             2            17170          19113         18141        36.3k  0.22  
http_method                       IPv4       6             2             7068           8624          7846        15.7k  0.09  
http_cookie (request)             IPv4       6             2             3199           3562          3380         6.8k  0.04  
http_raw_uri                      IPv4       6             2             7035           9490          8262        16.5k  0.10  
http_user_agent                   IPv4       6             2            31122         418798        224960       449.9k  2.69  
http_host                         IPv4       6             2             7102           8548          7825        15.6k  0.09  
dns_query                         IPv4      17             2            11455          12477         11966        23.9k  0.14  
http_response_line                IPv4       6             2             9651          10450         10050        20.1k  0.12  
http_header (response)            IPv4       6             2            38805          47182         42993        86.0k  0.51  
http_header (response trailer)    IPv4       6             2             2691           4669          3680         7.4k  0.04  
http_content_type (response)      IPv4       6             2            10254        5589566       2799910         5.6m  33.53 
http_raw_header (response)        IPv4       6             2             9933          12415         11174        22.3k  0.13  
http_cookie (response)            IPv4       6             2             3424           6393          4908         9.8k  0.06  
http_stat_code                    IPv4       6             2             4197           4377          4287         8.6k  0.05  
Total                             IPv4                    79                                        211124        16.7m
payload                           IPv6      17             1            23930          23930         23930        23.9k  0.14  
Total                             IPv6                     1                                         23930        23.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             5            12116         461803        116263        581.3k  1.03  
PROF_DETECT_IPONLY          IPv4      17             5            15173          70211         42103        210.5k  0.37  
PROF_DETECT_RULES           IPv4       6            23             2560        6885700        559127         12.9m  22.71 
PROF_DETECT_RULES           IPv4      17             7            80463         542720        174857          1.2m  2.16  
PROF_DETECT_STATEFUL_START    IPv4       6             7             5123        3748649        858020          6.0m  10.61 
PROF_DETECT_STATEFUL_CONT    IPv4       6            23             2508          13562          5625        129.4k  0.23  
PROF_DETECT_STATEFUL_CONT    IPv4      17             7             2521          45003         10341         72.4k  0.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            14             2578           3361          2804         39.3k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2879           3354          3145         12.6k  0.02  
PROF_DETECT_PREFILTER       IPv4       6            23             7918        9735064        728830         16.8m  29.61 
PROF_DETECT_PREFILTER       IPv4      17             7            28778         466867        114955        804.7k  1.42  
PROF_DETECT_PF_PAYLOAD      IPv4       6            10            14006        8994715        954627          9.5m  16.86 
PROF_DETECT_PF_PAYLOAD      IPv4      17             7            12245         412611         82624        578.4k  1.02  
PROF_DETECT_PF_TX           IPv4       6            14             2779        5699129        489402          6.9m  12.10 
PROF_DETECT_PF_TX           IPv4      17             2            17321          18780         18050         36.1k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6            10             2577          15505          5603         56.0k  0.10  
PROF_DETECT_PF_SORT1        IPv4      17             7             3166          13383          5043         35.3k  0.06  
PROF_DETECT_PF_SORT2        IPv4       6            23             2560           7528          3561         81.9k  0.14  
PROF_DETECT_PF_SORT2        IPv4      17             7             2625           4666          3670         25.7k  0.05  
PROF_DETECT_NONMPMLIST      IPv4       6            23             2616           3769          3125         71.9k  0.13  
PROF_DETECT_NONMPMLIST      IPv4      17             7             2520           3671          3110         21.8k  0.04  
PROF_DETECT_ALERT           IPv4       6            23             2522           4351          2881         66.3k  0.12  
PROF_DETECT_ALERT           IPv4      17             7             2551           5172          3134         21.9k  0.04  
PROF_DETECT_CLEANUP         IPv4       6            23             2610          12374          3560         81.9k  0.14  
PROF_DETECT_CLEANUP         IPv4      17             7             2551           5389          3569         25.0k  0.04  
PROF_DETECT_GETSGH          IPv4       6            23             2531           6631          3536         81.3k  0.14  
PROF_DETECT_GETSGH          IPv4      17             7             2551          10948          5801         40.6k  0.07  
PROF_DETECT_IPONLY          IPv6      17             1             6948           6948          6948          6.9k  0.01  
PROF_DETECT_RULES           IPv6      17             1           139540         139540        139540        139.5k  0.25  
PROF_DETECT_STATEFUL_CONT    IPv6      17             1             2511           2511          2511          2.5k  0.00  
PROF_DETECT_PREFILTER       IPv6      17             1            47961          47961         47961         48.0k  0.08  
PROF_DETECT_PF_PAYLOAD      IPv6      17             1            29262          29262         29262         29.3k  0.05  
PROF_DETECT_PF_SORT1        IPv6      17             1             4121           4121          4121          4.1k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             1             4227           4227          4227          4.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             1            38912          38912         38912         38.9k  0.07  
PROF_DETECT_ALERT           IPv6      17             1             2559           2559          2559          2.6k  0.00  
PROF_DETECT_CLEANUP         IPv6      17             1             2931           2931          2931          2.9k  0.01  
PROF_DETECT_GETSGH          IPv6      17             1            16730          16730         16730         16.7k  0.03  


suricata-4.0.0-etpro-all-perf.txt-2019-07-05-T-13-25-10-07052019.1324-network_1.pcap.txt - (23381 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/5/2019 -- 13:25:10. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2019821      1        8        478470       4.21   2        2        428861      239235.00   239235.00   0.00       
  2        2814182      1        2        453097       3.99   2        0        417737      226548.50   0.00        226548.50  
  3        2809360      1        2        452171       3.98   2        0        417363      226085.50   0.00        226085.50  
  4        2824909      1        2        450897       3.97   2        0        417307      225448.50   0.00        225448.50  
  5        2024136      1        2        414963       3.65   1        0        414963      414963.00   0.00        414963.00  
  6        2829848      1        2        437817       3.85   2        0        409855      218908.50   0.00        218908.50  
  7        2016223      1        10       426047       3.75   2        0        404985      213023.50   0.00        213023.50  
  8        2020705      1        4        426179       3.75   2        0        404607      213089.50   0.00        213089.50  
  9        2008120      1        4        397246       3.50   5        0        385384      79449.20    0.00        79449.20   
  10       2828060      1        4        304502       2.68   2        0        270465      152251.00   0.00        152251.00  
  11       2816895      1        2        123620       1.09   2        0        66923       61810.00    0.00        61810.00   
  12       2015877      1        6        95860        0.84   2        0        66521       47930.00    0.00        47930.00   
  13       2020496      1        2        88169        0.78   2        0        59568       44084.50    0.00        44084.50   
  14       2822697      1        2        116164       1.02   2        0        59180       58082.00    0.00        58082.00   
  15       2016706      1        20       98308        0.87   2        0        58413       49154.00    0.00        49154.00   
  16       2021304      1        4        97277        0.86   2        0        49265       48638.50    0.00        48638.50   
  17       2811905      1        3        91355        0.80   2        0        47648       45677.50    0.00        45677.50   
  18       2816747      1        2        94619        0.83   2        0        47406       47309.50    0.00        47309.50   
  19       2815180      1        3        80293        0.71   2        0        44027       40146.50    0.00        40146.50   
  20       2011290      1        7        85243        0.75   2        0        43491       42621.50    0.00        42621.50   
  21       2827365      1        1        86090        0.76   2        0        43421       43045.00    0.00        43045.00   
  22       2024367      1        2        76775        0.68   2        0        41936       38387.50    0.00        38387.50   
  23       2014701      1        12       71521        0.63   4        0        41116       17880.25    0.00        17880.25   
  24       2014442      1        6        72790        0.64   2        0        40279       36395.00    0.00        36395.00   
  25       2022652      1        2        73720        0.65   2        0        40161       36860.00    0.00        36860.00   
  26       2020963      1        2        70023        0.62   2        0        39827       35011.50    0.00        35011.50   
  27       2024133      1        2        38599        0.34   1        0        38599       38599.00    0.00        38599.00   
  28       2812801      1        2        74462        0.66   2        0        38333       37231.00    0.00        37231.00   
  29       2824942      1        2        67553        0.59   2        0        37499       33776.50    0.00        33776.50   
  30       2809087      1        2        73802        0.65   2        0        37320       36901.00    0.00        36901.00   
  31       2826616      1        2        73487        0.65   2        0        36911       36743.50    0.00        36743.50   
  32       2815220      1        2        72069        0.63   2        0        36593       36034.50    0.00        36034.50   
  33       2823915      1        3        72573        0.64   2        0        36372       36286.50    0.00        36286.50   
  34       2812896      1        5        71448        0.63   2        0        36292       35724.00    0.00        35724.00   
  35       2021718      1        4        71545        0.63   2        0        35790       35772.50    0.00        35772.50   
  36       2022901      1        2        63759        0.56   2        0        35313       31879.50    0.00        31879.50   
  37       2815568      1        2        70323        0.62   2        0        35244       35161.50    0.00        35161.50   
  38       2021413      1        2        64161        0.56   2        0        35221       32080.50    0.00        32080.50   
  39       2024134      1        2        35084        0.31   1        0        35084       35084.00    0.00        35084.00   
  40       2815181      1        3        69704        0.61   2        0        34874       34852.00    0.00        34852.00   
  41       2821471      1        2        63417        0.56   2        0        34481       31708.50    0.00        31708.50   
  42       2021418      1        9        68696        0.60   2        0        34372       34348.00    0.00        34348.00   
  43       2024135      1        2        34272        0.30   1        0        34272       34272.00    0.00        34272.00   
  44       2816636      1        2        68152        0.60   2        0        34241       34076.00    0.00        34076.00   
  45       2024138      1        2        34189        0.30   1        0        34189       34189.00    0.00        34189.00   
  46       2811826      1        7        67747        0.60   2        0        34127       33873.50    0.00        33873.50   
  47       2815182      1        3        67636        0.60   2        0        34072       33818.00    0.00        33818.00   
  48       2807793      1        4        62961        0.55   2        0        34015       31480.50    0.00        31480.50   
  49       2807970      1        8        63213        0.56   2        0        33933       31606.50    0.00        31606.50   
  50       2024142      1        2        33902        0.30   1        0        33902       33902.00    0.00        33902.00   
  51       2024137      1        2        33895        0.30   1        0        33895       33895.00    0.00        33895.00   
  52       2809363      1        3        62750        0.55   2        0        33156       31375.00    0.00        31375.00   
  53       2024140      1        2        32911        0.29   1        0        32911       32911.00    0.00        32911.00   
  54       2024139      1        2        32853        0.29   1        0        32853       32853.00    0.00        32853.00   
  55       2024141      1        2        32145        0.28   1        0        32145       32145.00    0.00        32145.00   
  56       2815664      1        3        63191        0.56   2        0        31850       31595.50    0.00        31595.50   
  57       2828986      1        2        62634        0.55   2        0        31698       31317.00    0.00        31317.00   
  58       2024758      1        4        61650        0.54   2        0        30852       30825.00    0.00        30825.00   
  59       2829091      1        2        61576        0.54   2        0        30844       30788.00    0.00        30788.00   
  60       2816356      1        2        59051        0.52   2        0        30807       29525.50    0.00        29525.50   
  61       2019094      1        5        60027        0.53   2        0        30413       30013.50    0.00        30013.50   
  62       2812433      1        2        58106        0.51   2        0        30398       29053.00    0.00        29053.00   
  63       2820673      1        2        60031        0.53   2        0        30393       30015.50    0.00        30015.50   
  64       2021531      1        2        59489        0.52   2        0        30231       29744.50    0.00        29744.50   
  65       2830471      1        2        59451        0.52   2        0        30082       29725.50    0.00        29725.50   
  66       2815156      1        2        59426        0.52   2        0        30061       29713.00    0.00        29713.00   
  67       2824387      1        2        59582        0.52   2        0        30059       29791.00    0.00        29791.00   
  68       2829260      1        1        59322        0.52   2        0        29992       29661.00    0.00        29661.00   
  69       2823858      1        3        58465        0.51   2        0        29969       29232.50    0.00        29232.50   
  70       2017119      1        4        58854        0.52   2        0        29767       29427.00    0.00        29427.00   
  71       2014303      1        2        57937        0.51   2        0        29535       28968.50    0.00        28968.50   
  72       2024771      1        1        29525        0.26   1        0        29525       29525.00    0.00        29525.00   
  73       2809012      1        4        58122        0.51   2        0        29350       29061.00    0.00        29061.00   
  74       2809709      1        4        57494        0.51   2        0        29089       28747.00    0.00        28747.00   
  75       2020962      1        3        56742        0.50   2        0        28804       28371.00    0.00        28371.00   
  76       2821615      1        2        57281        0.50   2        0        28682       28640.50    0.00        28640.50   
  77       2816777      1        3        56894        0.50   2        0        28636       28447.00    0.00        28447.00   
  78       2815924      1        2        56266        0.50   2        0        28481       28133.00    0.00        28133.00   
  79       2823218      1        2        56128        0.49   2        0        28286       28064.00    0.00        28064.00   
  80       2020964      1        2        56341        0.50   2        0        28243       28170.50    0.00        28170.50   
  81       2020181      1        8        55897        0.49   2        0        28054       27948.50    0.00        27948.50   
  82       2008377      1        5        55727        0.49   2        0        27906       27863.50    0.00        27863.50   
  83       2017948      1        2        54933        0.48   2        0        27807       27466.50    0.00        27466.50   
  84       2017261      1        3        54944        0.48   2        0        27507       27472.00    0.00        27472.00   
  85       2021399      1        3        54444        0.48   2        0        27464       27222.00    0.00        27222.00   
  86       2024606      1        2        48405        0.43   2        0        26890       24202.50    0.00        24202.50   
  87       2821569      1        7        47304        0.42   2        0        25853       23652.00    0.00        23652.00   
  88       2003492      1        30       47836        0.42   2        0        25800       23918.00    0.00        23918.00   
  89       2012707      1        5        48208        0.42   2        0        25186       24104.00    0.00        24104.00   
  90       2804626      1        9        45750        0.40   2        0        25054       22875.00    0.00        22875.00   
  91       2805260      1        4        46671        0.41   2        0        25028       23335.50    0.00        23335.50   
  92       2012612      1        16       46681        0.41   2        0        23709       23340.50    0.00        23340.50   
  93       2809511      1        4        47025        0.41   2        0        23578       23512.50    0.00        23512.50   
  94       2815547      1        2        45825        0.40   2        0        23420       22912.50    0.00        22912.50   
  95       2827279      1        5        45736        0.40   2        0        23131       22868.00    0.00        22868.00   
  96       2012249      1        4        44845        0.39   2        0        22700       22422.50    0.00        22422.50   
  97       2816621      1        2        44708        0.39   2        0        22668       22354.00    0.00        22354.00   
  98       2826256      1        2        44989        0.40   2        0        22653       22494.50    0.00        22494.50   
  99       2022502      1        4        44449        0.39   2        0        22628       22224.50    0.00        22224.50   
  100      2017552      1        6        86386        0.76   5        0        22583       17277.20    0.00        17277.20   
  101      2024178      1        2        44524        0.39   2        0        22508       22262.00    0.00        22262.00   
  102      2830036      1        1        44565        0.39   2        0        22501       22282.50    0.00        22282.50   
  103      2822633      1        3        43634        0.38   2        0        22500       21817.00    0.00        21817.00   
  104      2813027      1        3        43770        0.39   2        0        22033       21885.00    0.00        21885.00   
  105      2828008      1        2        43479        0.38   2        0        21949       21739.50    0.00        21739.50   
  106      2017036      1        3        43559        0.38   2        0        21887       21779.50    0.00        21779.50   
  107      2017076      1        9        43324        0.38   2        0        21677       21662.00    0.00        21662.00   
  108      2016809      1        5        42538        0.37   2        0        21642       21269.00    0.00        21269.00   
  109      2816165      1        5        42946        0.38   2        0        21600       21473.00    0.00        21473.00   
  110      2809682      1        5        41965        0.37   2        0        21406       20982.50    0.00        20982.50   
  111      2019378      1        12       42531        0.37   2        0        21388       21265.50    0.00        21265.50   
  112      2017454      1        12       42550        0.37   2        0        21383       21275.00    0.00        21275.00   
  113      2017456      1        3        41774        0.37   2        0        21292       20887.00    0.00        20887.00   
  114      2807682      1        2        42004        0.37   2        0        21121       21002.00    0.00        21002.00   
  115      2809547      1        5        42184        0.37   2        0        21105       21092.00    0.00        21092.00   
  116      2017556      1        3        41281        0.36   2        0        20832       20640.50    0.00        20640.50   
  117      2806659      1        4        41160        0.36   2        0        20638       20580.00    0.00        20580.00   
  118      2014967      1        3        40822        0.36   2        0        20533       20411.00    0.00        20411.00   
  119      2816899      1        2        40504        0.36   2        0        20315       20252.00    0.00        20252.00   
  120      2024513      1        5        38014        0.33   2        0        20017       19007.00    0.00        19007.00   
  121      2022543      1        1        35710        0.31   2        0        19019       17855.00    0.00        17855.00   
  122      2826281      1        2        33974        0.30   2        0        17041       16987.00    0.00        16987.00   
  123      2803760      1        3        31762        0.28   2        0        16330       15881.00    0.00        15881.00   
  124      2016537      1        2        43858        0.39   3        0        15482       14619.33    0.00        14619.33   
  125      2815660      1        4        15

This file has been truncated. Go here to download in full.


suricata-report-2019-07-05-T-13-25-10-07052019.1324-network_1.pcap.txt - (17436 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1b6c320a4cb0c766fbfa91e510b0441656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1324-network_1.pcap -vvv -k none
elapsedtime:21.565734
stderr:
stdout:
5/7/2019 -- 13:24:48 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 13:24:48 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 13:24:48 - <Info> - CPUs/cores online: 1
5/7/2019 -- 13:24:48 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34012 and 'request-body-inspect-window' set to 15661 after randomization.
5/7/2019 -- 13:24:48 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32818 and 'response-body-inspect-window' set to 16250 after randomization.
5/7/2019 -- 13:24:48 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 13:24:48 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 13:24:48 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 13:24:48 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 13:24:48 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 13:24:48 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 13:24:48 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 13:24:48 - <Config> - Core dump size is unlimited.
5/7/2019 -- 13:24:48 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 13:24:48 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 13:24:48 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 13:24:48 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 13:24:48 - <Config> - stream "memcap": 33554432
5/7/2019 -- 13:24:48 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 13:24:48 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 13:24:48 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 13:24:48 - <Config> - stream."inline": disabled
5/7/2019 -- 13:24:48 - <Config> - stream "bypass": disabled
5/7/2019 -- 13:24:48 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly "toserver-chunk-size": 2679
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly "toclient-chunk-size": 2511
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 13:24:48 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 13:24:48 - <Config> - Delayed detect disabled
5/7/2019 -- 13:24:48 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 13:24:48 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 13:24:48 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 13:24:48 - <Config> - prefilter engines: MPM
5/7/2019 -- 13:24:48 - <Config> - IP reputation disabled
5/7/2019 -- 13:24:48 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 13:24:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 13:24:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 13:24:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 13:24:54 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 13:24:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 13:24:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 13:24:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 13:24:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 13:24:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 13:24:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 13:25:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 13:25:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 13:25:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 13:25:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 13:25:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 13:25:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 13:25:01 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 13:25:01 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 13:25:01 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:25:02 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:25:02 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 13:25:02 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 13:25:02 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 13:25:02 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 13:25:02 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 13:25:02 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 13:25:02 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 13:25:02 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 13:25:07 - <Perf> - Unique rule groups: 104
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 13:25:07 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 13:25:07 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 13:25:09 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 13:25:09 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 13:25:09 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 13:25:09 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 13:25:09 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 13:25:09 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 13:25:09 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 13:25:09 - <Info> - reading pcap file /var/pcap/07052019.1324-network_1.pcap
5/7/2019 -- 13:25:09 - <Config> - using 1 flow manager threads
5/7/2019 -- 13:25:09 - <Config> - using 1 flow recycler threads
5/7/2019 -- 13:25:09 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
5/7/2019 -- 13:25:09 - <Info> - pcap file e

This file has been truncated. Go here to download in full.


stats.log - (3202 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 7/5/2019 -- 13:25:10 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 32
decoder.bytes                              | Total                     | 3392
decoder.ipv4                               | Total                     | 29
decoder.ipv6                               | Total                     | 1
decoder.ethernet                           | Total                     | 32
decoder.tcp                                | Total                     | 22
decoder.udp                                | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 106
decoder.max_pkt_size                       | Total                     | 269
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 4
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 2
tcp.overlap                                | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 12
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076320


eve.json - (2063 bytes) - download
1
2
3
4
5
6
{"timestamp":"2019-07-03T22:31:23.734707+0000","flow_id":1073450516690419,"pcap_cnt":8,"event_type":"dns","src_ip":"192.168.240.123","src_port":64727,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65098,"rrname":"motionart.co.uk","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-03T22:31:23.845883+0000","flow_id":1073450516690419,"pcap_cnt":9,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.123","dest_port":64727,"proto":"UDP","dns":{"type":"answer","id":65098,"rcode":"NOERROR","rrname":"motionart.co.uk","rrtype":"A","ttl":14399,"rdata":"91.146.107.85"}}
{"timestamp":"2019-07-03T22:31:24.658425+0000","flow_id":2172079528678087,"pcap_cnt":17,"event_type":"http","src_ip":"192.168.240.123","src_port":49336,"dest_ip":"91.146.107.85","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"motionart.co.uk","url":"\/help.php?mzyvunindepcsj=4901617843381568","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-07-03T22:31:52.757323+0000","flow_id":361710013156939,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.240.123","src_port":61987,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22375,"rrname":"okna-tomaszow.pl","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-03T22:31:52.813596+0000","flow_id":361710013156939,"pcap_cnt":23,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.123","dest_port":61987,"proto":"UDP","dns":{"type":"answer","id":22375,"rcode":"NOERROR","rrname":"okna-tomaszow.pl","rrtype":"A","ttl":3599,"rdata":"79.96.164.57"}}
{"timestamp":"2019-07-03T22:31:53.271660+0000","flow_id":17743262290654,"pcap_cnt":31,"event_type":"http","src_ip":"192.168.240.123","src_port":49337,"dest_ip":"79.96.164.57","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"okna-tomaszow.pl","url":"\/help.php?mzyvunindepcsj=32097706847934226","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}


keyword_perf.log - (9926 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/5/2019 -- 13:25:10
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             807502          236             236             5061            3421.00         3421.00         0.00           
  content          2638739         383             229             385561          6889.00         7335.00         6227.00        
  pcre             357197          48              10              24838           7441.00         8004.00         7293.00        
  byte_test        32542           8               2               10314           4067.00         7293.00         2992.00        
  isdataat         5800            2               0               2943            2900.00         0.00            2900.00        
  flowbits         39688           9               2               10027           4409.00         7686.00         3473.00        
  urilen           190408          50              17              31829           3808.00         3343.00         4047.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             807502          236             236             5061            3421.00         3421.00         0.00           
  flowbits         24316           7               0               5776            3473.00         0.00            3473.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77027           20              14              5817            3851.00         4052.00         3382.00        
  byte_test        32542           8               2               10314           4067.00         7293.00         2992.00        
  isdataat         5800            2               0               2943            2900.00         0.00            2900.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         15372           2               2               10027           7686.00         7686.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          505763          127             70              5734            3982.00         3953.00         4017.00        
  pcre             301162          40              8               24838           7529.00         8713.00         7232.00        
  urilen           190408          50              17              31829           3808.00         3343.00         4047.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6798            2               0               3549            3399.00         0.00            3399.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1400285         158             113             385561          8862.00         10826.00        3930.00        
  pcre             56035           8               2               12973           7004.00         5166.00         7617.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30661           8               0               4577            3832.00         0.00            3832.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15001           4               4               4207            3750.00         3750.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          75177           24              8               3940            3132.00         3339.00         3029.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          514199          36              20              385401          14283.00        4057.00         27065.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13828           4               0               4051            3457.00         0.00            3457.00        


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2019-07-05 13:24:48,021 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 13:24:48,733 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 13:24:48,734 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 13:24:48,734 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 13:24:48,734 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 13:24:48,734 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1b6c320a4cb0c766fbfa91e510b0441656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1324-network_1.pcap -vvv -k none
2019-07-05 13:25:10,302 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-05 13:25:10,302 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2896151543