Filename: 0fad16e6-8982-42e7-a409-ce807b073c5b.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.5754899979 seconds
Hash: 1e52e308cf3e69808270fd5f9058d3a3
Uploaded: 1544021529

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2018-12-05-T-14-52-33-12052018.1452-0fad16e6-8982-42e7-a409-ce807b073c5b.pcap.txt - (20054 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/5/2018 -- 14:52:33. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2815180      1        3        651858       3.09   6        0        489659      108643.00   0.00        108643.00  
  2        2805348      1        4        1854269      8.78   15       0        454355      123617.93   0.00        123617.93  
  3        2017261      1        3        660476       3.13   6        0        454324      110079.33   0.00        110079.33  
  4        2020181      1        8        591589       2.80   6        0        430947      98598.17    0.00        98598.17   
  5        2022901      1        2        556368       2.63   6        0        426999      92728.00    0.00        92728.00   
  6        2815156      1        2        550864       2.61   6        0        419308      91810.67    0.00        91810.67   
  7        2017454      1        12       551818       2.61   6        0        369142      91969.67    0.00        91969.67   
  8        2019230      1        2        83895        0.40   2        0        80835       41947.50    0.00        41947.50   
  9        2017948      1        2        249721       1.18   9        0        77175       27746.78    0.00        27746.78   
  10       2021418      1        9        288511       1.37   6        0        74775       48085.17    0.00        48085.17   
  11       2811826      1        7        362585       1.72   6        0        72771       60430.83    0.00        60430.83   
  12       2017456      1        3        281222       1.33   6        0        72472       46870.33    0.00        46870.33   
  13       2816895      1        2        247800       1.17   6        0        67808       41300.00    0.00        41300.00   
  14       2016537      1        2        635002       3.01   20       1        66243       31750.10    58834.00    30324.63   
  15       2826256      1        2        283281       1.34   6        0        65941       47213.50    0.00        47213.50   
  16       2815568      1        2        202731       0.96   6        0        64247       33788.50    0.00        33788.50   
  17       2021718      1        4        264830       1.25   6        0        62430       44138.33    0.00        44138.33   
  18       2020418      1        5        111633       0.53   2        0        61423       55816.50    0.00        55816.50   
  19       2016706      1        20       236802       1.12   6        0        61268       39467.00    0.00        39467.00   
  20       2821615      1        2        56876        0.27   1        0        56876       56876.00    0.00        56876.00   
  21       2010140      1        7        323882       1.53   58       0        56209       5584.17     0.00        5584.17    
  22       2021399      1        3        236304       1.12   6        0        56010       39384.00    0.00        39384.00   
  23       2823858      1        3        275984       1.31   9        0        55482       30664.89    0.00        30664.89   
  24       2012401      1        11       214830       1.02   6        0        54262       35805.00    0.00        35805.00   
  25       2016869      1        3        91969        0.44   2        0        54059       45984.50    0.00        45984.50   
  26       2017552      1        6        359276       1.70   20       0        54005       17963.80    0.00        17963.80   
  27       2812433      1        2        287672       1.36   9        0        50565       31963.56    0.00        31963.56   
  28       2816165      1        5        298115       1.41   9        0        50005       33123.89    0.00        33123.89   
  29       2008377      1        5        178056       0.84   6        0        44240       29676.00    0.00        29676.00   
  30       2017036      1        3        207433       0.98   6        0        42720       34572.17    0.00        34572.17   
  31       2016809      1        5        210566       1.00   6        0        42258       35094.33    0.00        35094.33   
  32       2809363      1        3        187988       0.89   6        0        41417       31331.33    0.00        31331.33   
  33       2017076      1        9        209295       0.99   6        0        40683       34882.50    0.00        34882.50   
  34       2017556      1        3        211794       1.00   6        0        40619       35299.00    0.00        35299.00   
  35       2828986      1        2        181119       0.86   6        0        40542       30186.50    0.00        30186.50   
  36       2821471      1        2        174564       0.83   6        0        40485       29094.00    0.00        29094.00   
  37       2815182      1        3        197358       0.93   6        0        40402       32893.00    0.00        32893.00   
  38       2023083      1        2        186832       0.88   6        0        40322       31138.67    0.00        31138.67   
  39       2014442      1        6        226903       1.07   6        0        39694       37817.17    0.00        37817.17   
  40       2815220      1        2        195247       0.92   6        0        39632       32541.17    0.00        32541.17   
  41       2020964      1        2        180485       0.85   6        0        39276       30080.83    0.00        30080.83   
  42       2828060      1        4        176380       0.84   6        0        38748       29396.67    0.00        29396.67   
  43       2017119      1        4        177434       0.84   6        0        38297       29572.33    0.00        29572.33   
  44       2829848      1        2        168030       0.80   6        0        37825       28005.00    0.00        28005.00   
  45       2019094      1        5        173584       0.82   6        0        36296       28930.67    0.00        28930.67   
  46       2815181      1        3        193830       0.92   6        0        36103       32305.00    0.00        32305.00   
  47       2830036      1        1        35342        0.17   1        0        35342       35342.00    0.00        35342.00   
  48       2807793      1        4        163421       0.77   6        0        34876       27236.83    0.00        27236.83   
  49       2014778      1        4        65947        0.31   2        0        34521       32973.50    0.00        32973.50   
  50       2021413      1        2        165008       0.78   6        0        34510       27501.33    0.00        27501.33   
  51       2807970      1        8        163917       0.78   6        0        34493       27319.50    0.00        27319.50   
  52       2011336      1        5        170002       0.80   6        0        34341       28333.67    0.00        28333.67   
  53       2813027      1        3        147461       0.70   6        0        34272       24576.83    0.00        24576.83   
  54       2816899      1        2        132256       0.63   6        0        34208       22042.67    0.00        22042.67   
  55       2014967      1        3        144927       0.69   6        0        33935       24154.50    0.00        24154.50   
  56       2020963      1        2        162784       0.77   6        0        33872       27130.67    0.00        27130.67   
  57       2810578      1        3        55537        0.26   2        0        33845       27768.50    0.00        27768.50   
  58       2022538      1        6        131571       0.62   6        0        33561       21928.50    0.00        21928.50   
  59       2823077      1        4        138443       0.66   6        0        31646       23073.83    0.00        23073.83   
  60       2020962      1        3        159605       0.76   6        0        31430       26600.83    0.00        26600.83   
  61       2811905      1        3        162721       0.77   6        0        29693       27120.17    0.00        27120.17   
  62       2014803      1        7        55579        0.26   2        0        29627       27789.50    0.00        27789.50   
  63       2023626      1        3        164739       0.78   52       0        29614       3168.06     0.00        3168.06    
  64       2015877      1        6        161237       0.76   6        0        29373       26872.83    0.00        26872.83   
  65       2804556      1        2        55255        0.26   2        0        28916       27627.50    0.00        27627.50   
  66       2021506      1        4        53527        0.25   2        0        27715       26763.50    0.00        26763.50   
  67       2024606      1        2        154056       0.73   6        0        27345       25676.00    0.00        25676.00   
  68       2019378      1        12       123624       0.59   6        0        24501       20604.00    0.00        20604.00   
  69       2809511      1        4        130345       0.62   6        0        24215       21724.17    0.00        21724.17   
  70       2827580      1        7        105501       0.50   5        0        24186       21100.20    0.00        21100.20   
  71       2821569      1        7        127123       0.60   6        0        23617       21187.17    0.00        21187.17   
  72       2822633      1        3        122231       0.58   6        0        23525       20371.83    0.00        20371.83   
  73       2012707      1        5        123291       0.58   6        0        23252       20548.50    0.00        20548.50   
  74       2014701      1        12       25483        0.12   2        0        22559       12741.50    0.00        12741.50   
  75       2807682      1        2        119818       0.57   6        0        22375       19969.67    0.00        19969.67   
  76       2009702      1        5        25522        0.12   2        0        22086       12761.00    0.00        12761.00   
  77       2014380      1        4        176374       0.84   10       0        22016       17637.40    0.00        17637.40   
  78       2023917      1        3        41701        0.20   2        0        21859       20850.50    0.00        20850.50   
  79       2014643      1        7        42545        0.20   2        0        21407       21272.50    0.00        21272.50   
  80       2820263      1        5        41475        0.20   2        0        20827       20737.50    0.00        20737.50   
  81       2021584      1        4        37053        0.18   6        0        20097       6175.50     0.00        6175.50    
  82       2022543      1        1        18631        0.09   1        0        18631       18631.00    0.00        18631.00   
  83       2008420      1        4        20930        0.10   2        0        18093       10465.00    0.00        10465.00   
  84       2828876      1        1        59881        0.28   15       0        17964       3992.07     0.00        3992.07    
  85       2816382      1        1        30934        0.15   6        0        17170       5155.67     0.00        5155.67    
  86       2803760      1        3        16415        0.08   1        0        16415       16415.00    0.00        16415.00   
  87       2024513      1        5        31121        0.15   6        0        16311       5186.83     0.00        5186.83    
  88       2826281      1        2        16155        0.08   1        0        16155       16155.00    0.00        16155.00   
  89       2811577      1        2        19588        0.09   2        0        15652       9794.00     0.00        9794.00    
  90       2811544      1        1        18065        0.09   2        0        14838       9032.50     0.00        9032.50    
  91       2815836      1        1        47818        0.23   4        0        14823       11954.50    0.00        11954.50   
  92       2014703      1        9        18174        0.09   2        0        14763       9087.00     0.00        9087.00    
  93       2819882      1        2        30511        0.14   6        0        14754       5085.17     0.00        5085.17    
  94       2823937      1        13       30304        0.14   6        0        14415       5050.67     0.00        5050.67    
  95       2014702      1        9        17068        0.08   2        0        14081       8534.00     0.00        8534.00    
  96       2022914      1        1        30108        0.14   3        0        11846       10036.00    0.00        10036.00   
  97       2805211      1        1        26859        0.13   3        0        9981        8953.00     0.00        8953.00    
  98       2019017      1        3        42681        0.20   15       0        5303        2845.40     0.00        2845.40    
  99       2016323      1        1        34640        0.16   11       0        4594        3149.09     0.00        3149.09    
  100      2810792      1        5        11126        0.05   3        0        4527        3708.67     0.00        3708.67    
  101      2009243      1        2        45559        0.22   15       0        4478        3037.27     0.00        3037.27    
  102      2810793      1        5        21336        0.10   6        0        4448        3556.00     0.00        3556.00    
  103      2023625      1        3        139795       0.66   52       0        4393        2688.37     0.00        2688.37    
  104      2016363      1        2        32376        0.15   11       0        4286        2943.27     0.00        2943.27    
  105      2023627      1        3        115575       0.55   41       0        4097        2818.90     0.00        2818.90    
  106      2008120      1        4        162042       0.77   59       0        3993        2746.47     0.00        2746.47    
  107      2019011      1        3        51472        0.24   18       0        3977        2859.56     0.00        2859.56    
  108      2008116      1        4        50945        0.24   18       0        3975        2830.28     0.00        2830.28    
  109      2019016      1        3        49577        0.23   18       0        3864        2754.28     0.00        2754.28    
  110      2810794      1        5        7472         0.04   2        0        3828        3736.00     0.00        3736.00    
  111      2801347      1        5        66779        0.32   24       0        3757        2782.46     0.00        2782.46    
  112      2102257      1        10       3737         0.02   1        0        3737        3737.00     0.00        3737.00    
  113      2019010      1        3        42669        0.20   15       0        3728        2844.60     0.00        2844.60    
  114      2025200      1        1        6937         0.03   2        0        3658        3468.50     0.00        3468.50    
  115      2010143      1        3        159920       0.76   58       0        3614        2757.24     0.00        2757.24    
  116      2822100      1        2        9467         0.04   3        0        3612        3155.67     0.00        3155.67    
  117      2100540      1        12       34368        0.16   12       0        3546        2864.00     0.00        2864.00    
  118      2100566      1        5        30360        0.14   11       0        3534        2760.00     0.00        2760.00    
  119      2823788      1        4        3494         0.02   1        0        3494        3494.00     0.00        3494.00    
  120      2016178      1        2        3448         0.02   1        0        3448        3448.00     0.00        3448.00    
  121      2013926      1        8        16032        0.08   5        0        3424        3206.40     0.00        3206.40    
  122      2804586      1        2        3410         0.02   1        0        3410        3410.00     0.00        3410.00    
  123      2008118      1        3        42146        0.20   15       0        3405        2809.73     0.00        2809.73    
  124      2010142      1        4        153585       0.73   58       0        3389        2648.02     0.00        2648.02    
  125      2802822      1        1        4

This file has been truncated. Go here to download in full.


packet_stats.log - (14201 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            78          2563359       99866084      82665222          6.4b   83.89
 IPv4      17            59          5997183       60730943      18097417          1.1b   13.89
 IPv6      17            11          6359700       41950914      15520243        170.7m    2.22
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            78            67693        7094980        478429         37.3m   42.97
TMM_FLOWWORKER              IPv4      17            59           119225       20513644        793895         46.8m   53.94
TMM_RECEIVEPCAPFILE         IPv4       6            76             2533           3583          2772        210.7k    0.24
TMM_RECEIVEPCAPFILE         IPv4      17            59             2547           8891          2989        176.4k    0.20
TMM_DECODEPCAPFILE          IPv4       6            76             2647           8434          2974        226.0k    0.26
TMM_DECODEPCAPFILE          IPv4      17            59             2670          24285          3162        186.6k    0.21
TMM_FLOWWORKER              IPv6      17            11           109122         251770        164780          1.8m    2.09
TMM_RECEIVEPCAPFILE         IPv6      17            11             2544           3122          2766         30.4k    0.04
TMM_DECODEPCAPFILE          IPv6      17            11             2722          11351          3610         39.7k    0.05

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            76             2844          16735          3645        277.0k  0.38  
flow                    IPv4      17            59             2700          31583          4523        266.9k  0.37  
stream                  IPv4       6            78             3122         734291         27106          2.1m  2.90  
app-layer               IPv4      17            59             2520          47528          4828        284.9k  0.39  
detect                  IPv4       6            78            45437        7009478        416287         32.5m  44.51 
detect                  IPv4      17            59           103006       20485465        603376         35.6m  48.79 
tcp-prune               IPv4       6            78             2553          26711          3248        253.4k  0.35  
flow                    IPv6      17            11             2887          14050          6413         70.5k  0.10  
app-layer               IPv6      17            11             2597           9778          5430         59.7k  0.08  
detect                  IPv6      17            11            92133         233692        141864          1.6m  2.14  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7             3160          26115         15212        106.5k  79.92 
dns                     IPv4      17             2             8927          17831         13379         26.8k  20.08 
Proto detect            IPv4      17             9             2772          23963          9192         82.7k
Proto detect            IPv6      17             5             2766           3958          3288         16.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2           875221        9088723       4981972         10.0m  90.72 
LOGGER_JSON_HTTP            IPv4       6             6            59088         117293         79574        477.4k  4.35  
LOGGER_JSON_FILE            IPv4       6             8            48467          96037         67651        541.2k  4.93  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            35             2589        1005885         51672         1.8m  32.48 
payload                           IPv4      17            59             3247         252197         20024         1.2m  21.22 
stream                            IPv4       6            35             2534         236105         21501       752.6k  13.52 
http_uri                          IPv4       6             6            15046          55342         27585       165.5k  2.97  
http_request_line                 IPv4       6             6             4437           9414          6256        37.5k  0.67  
http_client_body                  IPv4       6             9             2796          16061          6981        62.8k  1.13  
http_header (request)             IPv4       6             6             6951          68242         29006       174.0k  3.13  
http_header (request trailer)     IPv4       6             6             2591           3128          2778        16.7k  0.30  
http_header_names (request)       IPv4       6             6             5865          22069         11556        69.3k  1.25  
http_accept (request)             IPv4       6             6             3023           5291          3536        21.2k  0.38  
http_referer (request)            IPv4       6             6             2706           3168          2896        17.4k  0.31  
http_content_len (request)        IPv4       6             6             2756           5677          3911        23.5k  0.42  
http_content_type (request)       IPv4       6             6             2739           3502          3001        18.0k  0.32  
http_protocol (request)           IPv4       6             6             3311           6930          4421        26.5k  0.48  
http_start (request)              IPv4       6             6             5931         399208         73679       442.1k  7.94  
http_raw_header (request)         IPv4       6             9             3876           9334          6413        57.7k  1.04  
http_method                       IPv4       6             6             3905          10812          5757        34.5k  0.62  
http_cookie (request)             IPv4       6             6             2798           3519          2973        17.8k  0.32  
http_raw_uri                      IPv4       6             6             4138           7412          5425        32.6k  0.58  
http_user_agent                   IPv4       6             6             2745           4086          3170        19.0k  0.34  
http_host                         IPv4       6             6             3807          15695          6923        41.5k  0.75  
dns_query                         IPv4      17             1            11593          11593         11593        11.6k  0.21  
http_response_line                IPv4       6            14             3860          10803          5945        83.2k  1.49  
http_header (response)            IPv4       6             6            15435          45710         25672       154.0k  2.77  
http_header (response trailer)    IPv4       6             6             4582           5314          4913        29.5k  0.53  
http_content_type (response)      IPv4       6             6             4804          10801          6249        37.5k  0.67  
http_raw_header (response)        IPv4       6             6             7845          10492          8612        51.7k  0.93  
http_cookie (response)            IPv4       6             6             2989           3225          3115        18.7k  0.34  
http_stat_code                    IPv4       6             6             3208          20466          6327        38.0k  0.68  
Total                             IPv4                   294                                         18518         5.4m
payload                           IPv6      17            11             3426          33195         11212       123.3k  2.22  
Total                             IPv6                    11                                         11212       123.3k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12             7211          67828         35498        426.0k  0.52  
PROF_DETECT_IPONLY          IPv4      17             9            37486         474975        106667        960.0k  1.18  
PROF_DETECT_RULES           IPv4       6            78             2540        5711057        246694         19.2m  23.68 
PROF_DETECT_RULES           IPv4      17            59            44390       20396561        487007         28.7m  35.37 
PROF_DETECT_STATEFUL_START    IPv4       6            26             5113        3453711        380527          9.9m  12.18 
PROF_DETECT_STATEFUL_CONT    IPv4       6            78             2538         403119         13788          1.1m  1.32  
PROF_DETECT_STATEFUL_CONT    IPv4      17            59             2503          47049          3787        223.5k  0.28  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            54             2558         398347         10281        555.2k  0.68  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             3295           4126          3710          7.4k  0.01  
PROF_DETECT_PREFILTER       IPv4       6            78             8079        1039196         83880          6.5m  8.05  
PROF_DETECT_PREFILTER       IPv4      17            59            23751         285655         44660          2.6m  3.24  
PROF_DETECT_PF_PAYLOAD      IPv4       6            35            13328        1017137         81448          2.9m  3.51  
PROF_DETECT_PF_PAYLOAD      IPv4      17            59             8314         258163         25379          1.5m  1.84  
PROF_DETECT_PF_TX           IPv4       6            54             2560         664509         43515          2.3m  2.89  
PROF_DETECT_PF_TX           IPv4      17             1            17947          17947         17947         17.9k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6            35             2577          41974          5143        180.0k  0.22  
PROF_DETECT_PF_SORT1        IPv4      17            59             2558           5671          3458        204.0k  0.25  
PROF_DETECT_PF_SORT2        IPv4       6            78             2542          39884          4341        338.7k  0.42  
PROF_DETECT_PF_SORT2        IPv4      17            59             2542          19515          3533        208.5k  0.26  
PROF_DETECT_NONMPMLIST      IPv4       6            78             2558           3601          2860        223.1k  0.27  
PROF_DETECT_NONMPMLIST      IPv4      17            59             2527          50154          3820        225.4k  0.28  
PROF_DETECT_ALERT           IPv4       6            78             2520          16711          2858        223.0k  0.27  
PROF_DETECT_ALERT           IPv4      17            59             2526          69276          3960        233.7k  0.29  
PROF_DETECT_CLEANUP         IPv4       6            78             2564           9541          3008        234.7k  0.29  
PROF_DETECT_CLEANUP         IPv4      17            59             2518           6720          2831        167.0k  0.21  
PROF_DETECT_GETSGH          IPv4       6            78             2527          29840          3646        284.5k  0.35  
PROF_DETECT_GETSGH          IPv4      17            59             2522          33248          3856        227.5k  0.28  
PROF_DETECT_IPONLY          IPv6      17             5             3085          12932          5531         27.7k  0.03  
PROF_DETECT_RULES           IPv6      17            11            33640         167310         61635        678.0k  0.83  
PROF_DETECT_STATEFUL_CONT    IPv6      17            11             2518           3479          2820         31.0k  0.04  
PROF_DETECT_PREFILTER       IPv6      17            11            24136          64777         33456        368.0k  0.45  
PROF_DETECT_PF_PAYLOAD      IPv6      17            11             8537          38339         16423        180.7k  0.22  
PROF_DETECT_PF_SORT1        IPv6      17            11             2566           3929          3037         33.4k  0.04  
PROF_DETECT_PF_SORT2        IPv6      17            11             2542           3588          2694         29.6k  0.04  
PROF_DETECT_NONMPMLIST      IPv6      17            11             2536           3072          2759         30.4k  0.04  
PROF_DETECT_ALERT           IPv6      17            11             2527           2951          2603         28.6k  0.04  
PROF_DETECT_CLEANUP         IPv6      17            11             2540           3043          2751         30.3k  0.04  
PROF_DETECT_GETSGH          IPv6      17            11             2540           7255          4384         48.2k  0.06  


suricata-report-2018-12-05-T-14-52-33-12052018.1452-0fad16e6-8982-42e7-a409-ce807b073c5b.pcap.txt - (17707 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1e52e308cf3e69808270fd5f9058d3a356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12052018.1452-0fad16e6-8982-42e7-a409-ce807b073c5b.pcap -vvv -k none
elapsedtime:22.531851
stderr:
stdout:
5/12/2018 -- 14:52:10 - <Info> - Configuration node 'rule-files' redefined.
5/12/2018 -- 14:52:10 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/12/2018 -- 14:52:10 - <Info> - CPUs/cores online: 1
5/12/2018 -- 14:52:10 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32878 and 'request-body-inspect-window' set to 16484 after randomization.
5/12/2018 -- 14:52:10 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32569 and 'response-body-inspect-window' set to 15688 after randomization.
5/12/2018 -- 14:52:10 - <Config> - DNS request flood protection level: 500
5/12/2018 -- 14:52:10 - <Config> - DNS per flow memcap (state-memcap): 524288
5/12/2018 -- 14:52:10 - <Config> - DNS global memcap: 16777216
5/12/2018 -- 14:52:10 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/12/2018 -- 14:52:10 - <Config> - preallocated 1000 hosts of size 136
5/12/2018 -- 14:52:10 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/12/2018 -- 14:52:10 - <Config> - using magic-file /usr/share/file/magic
5/12/2018 -- 14:52:10 - <Config> - Core dump size is unlimited.
5/12/2018 -- 14:52:10 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/12/2018 -- 14:52:10 - <Config> - preallocated 1000 defrag trackers of size 168
5/12/2018 -- 14:52:10 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/12/2018 -- 14:52:10 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/12/2018 -- 14:52:10 - <Config> - stream "memcap": 33554432
5/12/2018 -- 14:52:10 - <Config> - stream "midstream" session pickups: disabled
5/12/2018 -- 14:52:10 - <Config> - stream "async-oneside": disabled
5/12/2018 -- 14:52:10 - <Config> - stream "checksum-validation": disabled
5/12/2018 -- 14:52:10 - <Config> - stream."inline": disabled
5/12/2018 -- 14:52:10 - <Config> - stream "bypass": disabled
5/12/2018 -- 14:52:10 - <Config> - stream "max-synack-queued": 5
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly "memcap": 134217728
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly "depth": 0
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly "toserver-chunk-size": 2563
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly "toclient-chunk-size": 2668
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly.raw: enabled
5/12/2018 -- 14:52:10 - <Config> - stream.reassembly "segment-prealloc": 2048
5/12/2018 -- 14:52:10 - <Config> - Delayed detect disabled
5/12/2018 -- 14:52:10 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/12/2018 -- 14:52:10 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/12/2018 -- 14:52:10 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/12/2018 -- 14:52:10 - <Config> - prefilter engines: MPM
5/12/2018 -- 14:52:10 - <Config> - IP reputation disabled
5/12/2018 -- 14:52:10 - <Perf> - Registered 148 keyword profiling counters.
5/12/2018 -- 14:52:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/12/2018 -- 14:52:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/12/2018 -- 14:52:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/12/2018 -- 14:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/12/2018 -- 14:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/12/2018 -- 14:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/12/2018 -- 14:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/12/2018 -- 14:52:16 - <Config> - No rules loaded from ET-icmp.rules.
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/12/2018 -- 14:52:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/12/2018 -- 14:52:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/12/2018 -- 14:52:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/12/2018 -- 14:52:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/12/2018 -- 14:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/12/2018 -- 14:52:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/12/2018 -- 14:52:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/12/2018 -- 14:52:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/12/2018 -- 14:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/12/2018 -- 14:52:23 - <Config> - No rules loaded from local.rules.
5/12/2018 -- 14:52:23 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/12/2018 -- 14:52:23 - <Info> - Threshold config parsed: 0 rule(s) found
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tcp-packet
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tcp-stream
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for udp-packet
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for other-ip
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_uri
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_request_line
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_client_body
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_response_line
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_header
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_header
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_header_names
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_header_names
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_accept
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_accept_enc
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_accept_lang
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_referer
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_connection
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_content_len
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_content_len
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_content_type
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_content_type
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_protocol
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_protocol
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_start
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_start
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_raw_header
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_raw_header
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_method
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_cookie
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_cookie
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_raw_uri
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_user_agent
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_host
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_raw_host
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_stat_msg
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_stat_code
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for dns_query
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tls_sni
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for dce_stub_data
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for dce_stub_data
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for ssh_protocol
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for ssh_protocol
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for ssh_software
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for ssh_software
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for file_data
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for file_data
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_request_line
5/12/2018 -- 14:52:24 - <Perf> - using shared mpm ctx' for http_response_line
5/12/2018 -- 14:52:24 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/12/2018 -- 14:52:24 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/12/2018 -- 14:52:24 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/12/2018 -- 14:52:24 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/12/2018 -- 14:52:24 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/12/2018 -- 14:52:24 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/12/2018 -- 14:52:24 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/12/2018 -- 14:52:24 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/12/2018 -- 14:52:30 - <Perf> - Unique rule groups: 104
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/12/2018 -- 14:52:30 - <Perf> - Builtin MPM "other IP packet": 3
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_header": 10
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_header": 6
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_start": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_method": 5
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver http_host": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toserver file_data": 1
5/12/2018 -- 14:52:30 - <Perf> - AppLayer MPM "toclient file_data": 7
5/12/2018 -- 14:52:32 - <Perf> - Registered 39590 rule profiling counters.
5/12/2018 -- 14:52:32 - <Info> - fast output device (regular) initialized: alert
5/12/2018 -- 14:52:32 - <Info> - eve-log output device (regular) initialized: eve.json
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'alert'
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'http'
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'dns'
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'tls'
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'files'
5/12/2018 -- 14:52:32 - <Config> - enabling 'eve-log' module 'ssh'
5/12/2018 -- 14:52:32 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/12/2018 -- 14:52:32 - <Info> - stats output device (regular) initialized: stats.log
5/12/2018 -- 14:52:32 - <Config> - AutoFP mode using "Hash" flow load balancer
5/12/2018 -- 14:52:32 - <Info> - reading pcap file /var/pcap/12052018.1452-0fad16e6-8982-42e7-a409-ce807b073c5b.pcap
5/12/2018 -- 14:52:32 - <Config> - us

This file has been truncated. Go here to download in full.


stats.log - (2760 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 12/5/2018 -- 14:52:33 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 338
decoder.bytes                              | Total                     | 26287
decoder.ipv4                               | Total                     | 135
decoder.ipv6                               | Total                     | 11
decoder.ethernet                           | Total                     | 338
decoder.tcp                                | Total                     | 76
decoder.udp                                | Total                     | 70
decoder.avg_pkt_size                       | Total                     | 77
decoder.max_pkt_size                       | Total                     | 534
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 13
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 12
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 12
flow_mgr.flows_notimeout                   | Total                     | 12
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65524
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077760


eve.json - (7581 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
{"timestamp":"2018-11-30T13:33:43.931696+0000","flow_id":512218809972592,"pcap_cnt":160,"event_type":"dns","src_ip":"192.168.100.13","src_port":62803,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20295,"rrname":"andrasadam.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-30T13:33:43.974844+0000","flow_id":512218809972592,"pcap_cnt":161,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.13","dest_port":62803,"proto":"UDP","dns":{"type":"answer","id":20295,"rcode":"NOERROR","rrname":"andrasadam.com","rrtype":"A","ttl":14399,"rdata":"139.162.132.71"}}
{"timestamp":"2018-11-30T13:33:58.883814+0000","flow_id":314588037388054,"pcap_cnt":180,"event_type":"http","src_ip":"192.168.100.13","src_port":51367,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=info&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}
{"timestamp":"2018-11-30T13:33:58.883814+0000","flow_id":314588037388054,"pcap_cnt":180,"event_type":"fileinfo","src_ip":"192.168.100.13","src_port":51367,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=info&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":480,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:13.910388+0000","flow_id":314588037388054,"pcap_cnt":191,"event_type":"fileinfo","src_ip":"139.162.132.71","src_port":80,"dest_ip":"192.168.100.13","dest_port":51367,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=info&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:14.098993+0000","flow_id":2135055024887423,"pcap_cnt":201,"event_type":"http","src_ip":"192.168.100.13","src_port":51817,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}
{"timestamp":"2018-11-30T13:34:14.098993+0000","flow_id":2135055024887423,"pcap_cnt":201,"event_type":"fileinfo","src_ip":"192.168.100.13","src_port":51817,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":32,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:19.104317+0000","flow_id":2135055024887423,"pcap_cnt":205,"event_type":"fileinfo","src_ip":"139.162.132.71","src_port":80,"dest_ip":"192.168.100.13","dest_port":51817,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:29.363710+0000","flow_id":771128031567560,"pcap_cnt":221,"event_type":"http","src_ip":"192.168.100.13","src_port":52048,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=cmd&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}
{"timestamp":"2018-11-30T13:34:34.368387+0000","flow_id":771128031567560,"pcap_cnt":228,"event_type":"fileinfo","src_ip":"139.162.132.71","src_port":80,"dest_ip":"192.168.100.13","dest_port":52048,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=cmd&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:41.592820+0000","flow_id":1100176214306330,"pcap_cnt":244,"event_type":"http","src_ip":"192.168.100.13","src_port":52235,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=res&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}
{"timestamp":"2018-11-30T13:34:46.598585+0000","flow_id":1100176214306330,"pcap_cnt":251,"event_type":"fileinfo","src_ip":"139.162.132.71","src_port":80,"dest_ip":"192.168.100.13","dest_port":52235,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=res&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":0}}
{"timestamp":"2018-11-30T13:34:59.853808+0000","flow_id":910635013719021,"pcap_cnt":280,"event_type":"http","src_ip":"192.168.100.13","src_port":52510,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}
{"timestamp":"2018-11-30T13:34:59.853808+0000","flow_id":910635013719021,"pcap_cnt":280,"event_type":"fileinfo","src_ip":"192.168.100.13","src_port":52510,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":32,"tx_id":0}}
{"timestamp":"2018-11-30T13:35:04.859221+0000","flow_id":910635013719021,"pcap_cnt":285,"event_type":"fileinfo","src_ip":"139.162.132.71","src_port":80,"dest_ip":"192.168.100.13","dest_port":52510,"proto":"TCP","http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=s&type=live&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":10},"app_proto":"http","fileinfo":{"filename":"\/main.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":0}}
{"timestamp":"2018-11-30T13:35:18.087535+0000","flow_id":1179300251638883,"pcap_cnt":306,"event_type":"http","src_ip":"192.168.100.13","src_port":52785,"dest_ip":"139.162.132.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"andrasadam.com","url":"\/main.php?t=7d4580a3910c54d62b46f24c397c8d59&f=g&type=cmd&id=9771354DF2ED9C75C86F640E76D2B9A0","http_content_type":"text\/html"}}


keyword_perf.log - (10321 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/5/2018 -- 14:52:33
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1292884         418             418             15789           3093.00         3093.00         0.00           
  content          3099245         754             539             395752          4110.00         4317.00         3590.00        
  pcre             2330692         190             12              459146          12266.00        5097.00         12750.00       
  byte_test        191131          64              51              5181            2986.00         2952.00         3119.00        
  byte_jump        43028           15              15              3684            2868.00         2868.00         0.00           
  isdataat         3012            1               0               3012            3012.00         0.00            3012.00        
  flowbits         13861           4               1               4789            3465.00         4789.00         3024.00        
  urilen           389131          128             92              9025            3040.00         3061.00         2985.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1292884         418             418             15789           3093.00         3093.00         0.00           
  flowbits         9072            3               0               3267            3024.00         0.00            3024.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          403833          109             62              44796           3704.00         3625.00         3810.00        
  pcre             45874           7               0               15490           6553.00         0.00            6553.00        
  byte_test        191131          64              51              5181            2986.00         2952.00         3119.00        
  byte_jump        43028           15              15              3684            2868.00         2868.00         0.00           
  isdataat         3012            1               0               3012            3012.00         0.00            3012.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         4789            1               1               4789            4789.00         4789.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1263331         346             264             54076           3651.00         3673.00         3580.00        
  pcre             2186571         168             12              459146          13015.00        5097.00         13624.00       
  urilen           389131          128             92              9025            3040.00         3061.00         2985.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          70578           12              0               24083           5881.00         0.00            5881.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18071           6               0               3332            3011.00         0.00            3011.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          657536          189             151             16195           3479.00         3559.00         3158.00        
  pcre             98247           15              0               12792           6549.00         0.00            6549.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          44765           13              8               4441            3443.00         3544.00         3282.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37962           12              12              4076            3163.00         3163.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          567459          55              42              395752          10317.00        12596.00        2955.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35710           12              0               4078            2975.00         0.00            2975.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2018-12-05 14:52:10,018 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-05 14:52:10,773 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-05 14:52:10,773 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-12-05 14:52:10,774 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-05 14:52:10,774 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-05 14:52:10,774 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1e52e308cf3e69808270fd5f9058d3a356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12052018.1452-0fad16e6-8982-42e7-a409-ce807b073c5b.pcap -vvv -k none
2018-12-05 14:52:33,309 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-05 14:52:33,309 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.3062999249