Filename: host-and-user-ID-pcap-06.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.1276819706 seconds
Hash: 1ef87100b94278bcdb59d184cf61ce83
Uploaded: 1560646688

Logfiles


suricata-report-2019-06-16-T-00-58-17-06162019.0058-host-and-user-ID-pcap-06.pcap.txt - (17993 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/1ef87100b94278bcdb59d184cf61ce83d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/06162019.0058-host-and-user-ID-pcap-06.pcap -vvv -k none
elapsedtime:8.046021
stderr:
stdout:
16/6/2019 -- 00:58:09 - <Info> - Configuration node 'rule-files' redefined.
16/6/2019 -- 00:58:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/6/2019 -- 00:58:09 - <Info> - CPUs/cores online: 1
16/6/2019 -- 00:58:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31301 and 'request-body-inspect-window' set to 16098 after randomization.
16/6/2019 -- 00:58:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33604 and 'response-body-inspect-window' set to 15755 after randomization.
16/6/2019 -- 00:58:09 - <Config> - DNS request flood protection level: 500
16/6/2019 -- 00:58:09 - <Config> - DNS per flow memcap (state-memcap): 524288
16/6/2019 -- 00:58:09 - <Config> - DNS global memcap: 16777216
16/6/2019 -- 00:58:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/6/2019 -- 00:58:09 - <Config> - preallocated 1000 hosts of size 136
16/6/2019 -- 00:58:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/6/2019 -- 00:58:09 - <Config> - using magic-file /usr/share/file/magic
16/6/2019 -- 00:58:09 - <Config> - Core dump size is unlimited.
16/6/2019 -- 00:58:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/6/2019 -- 00:58:09 - <Config> - preallocated 1000 defrag trackers of size 168
16/6/2019 -- 00:58:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/6/2019 -- 00:58:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/6/2019 -- 00:58:09 - <Config> - stream "memcap": 33554432
16/6/2019 -- 00:58:09 - <Config> - stream "midstream" session pickups: disabled
16/6/2019 -- 00:58:09 - <Config> - stream "async-oneside": disabled
16/6/2019 -- 00:58:09 - <Config> - stream "checksum-validation": disabled
16/6/2019 -- 00:58:09 - <Config> - stream."inline": disabled
16/6/2019 -- 00:58:09 - <Config> - stream "bypass": disabled
16/6/2019 -- 00:58:09 - <Config> - stream "max-synack-queued": 5
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly "memcap": 134217728
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly "depth": 0
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly "toserver-chunk-size": 2593
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly "toclient-chunk-size": 2590
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly.raw: enabled
16/6/2019 -- 00:58:09 - <Config> - stream.reassembly "segment-prealloc": 2048
16/6/2019 -- 00:58:09 - <Config> - Delayed detect disabled
16/6/2019 -- 00:58:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/6/2019 -- 00:58:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/6/2019 -- 00:58:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/6/2019 -- 00:58:09 - <Config> - prefilter engines: MPM
16/6/2019 -- 00:58:09 - <Config> - IP reputation disabled
16/6/2019 -- 00:58:09 - <Perf> - Registered 148 keyword profiling counters.
16/6/2019 -- 00:58:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
16/6/2019 -- 00:58:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
16/6/2019 -- 00:58:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
16/6/2019 -- 00:58:10 - <Config> - No rules loaded from ET-emerging-icmp.rules.
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
16/6/2019 -- 00:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
16/6/2019 -- 00:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
16/6/2019 -- 00:58:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
16/6/2019 -- 00:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
16/6/2019 -- 00:58:14 - <Config> - No rules loaded from local.rules.
16/6/2019 -- 00:58:14 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
16/6/2019 -- 00:58:14 - <Info> - Threshold config parsed: 0 rule(s) found
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tcp-packet
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tcp-stream
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for udp-packet
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for other-ip
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_uri
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_request_line
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_client_body
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_response_line
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_header
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_header
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_header_names
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_header_names
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_accept
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_accept_enc
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_accept_lang
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_referer
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_connection
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_content_len
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_content_len
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_content_type
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_content_type
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_protocol
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_protocol
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_start
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_start
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_raw_header
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_raw_header
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_method
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_cookie
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_cookie
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_raw_uri
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_user_agent
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_host
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_raw_host
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_stat_msg
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_stat_code
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for dns_query
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tls_sni
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for dce_stub_data
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for dce_stub_data
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for ssh_protocol
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for ssh_protocol
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for ssh_software
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for ssh_software
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for file_data
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for file_data
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_request_line
16/6/2019 -- 00:58:14 - <Perf> - using shared mpm ctx' for http_response_line
16/6/2019 -- 00:58:14 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
16/6/2019 -- 00:58:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/6/2019 -- 00:58:14 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
16/6/2019 -- 00:58:14 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
16/6/2019 -- 00:58:14 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
16/6/2019 -- 00:58:14 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
16/6/2019 -- 00:58:14 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
16/6/2019 -- 00:58:14 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/6/2019 -- 00:58:15 - <Perf> - Unique rule groups: 111
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toserver TCP packet": 31
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toclient TCP packet": 20
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toserver TCP stream": 31
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toclient TCP stream": 21
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toserver UDP packet": 33
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "toclient UDP packet": 15
16/6/2019 -- 00:58:15 - <Perf> - Builtin MPM "other IP packet": 2
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_uri": 8
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_header": 6
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_header": 3
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_header_names": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_start": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_method": 3
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver http_host": 2
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver tls_sni": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toserver file_data": 1
16/6/2019 -- 00:58:15 - <Perf> - AppLayer MPM "toclient file_data": 5
16/6/2019 -- 00:58:16 - <Perf> - Registered 18241 rule profiling counters.
16/6/2019 -- 00:58:16 - <Info> - fast output device (regular) initialized: alert
16/6/2019 -- 00:58:16 - <Info> - eve-log output device (regular) initialized: eve.json
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'alert'
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'http'
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'dns'
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'tls'
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'files'
16/6/2019 -- 00:58:16 - <Config> - enabling 'eve-log' module 'ssh'
16/6/2019 -- 00:58:16 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/6/2019 -- 00:58:16 

This file has been truncated. Go here to download in full.


packet_stats.log - (14203 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             4          7623985       97821819      73523210        294.1m    0.60
 IPv4       6           569          4580184      115374341      75494113         43.0b   88.05
 IPv4      17            70          7012436      111569981      79069026          5.5b   11.35
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             4            73786         112215         90831        363.3k    0.24
TMM_FLOWWORKER              IPv4       6           569            60981       12054477        208044        118.4m   78.37
TMM_FLOWWORKER              IPv4      17            70           134455        8945111        411638         28.8m   19.08
TMM_RECEIVEPCAPFILE         IPv4       2             4             2551           2836          2691         10.8k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6           493             2534          51369          2992          1.5m    0.98
TMM_RECEIVEPCAPFILE         IPv4      17            70             2538          10066          2945        206.2k    0.14
TMM_DECODEPCAPFILE          IPv4       2             4             2687           3363          3106         12.4k    0.01
TMM_DECODEPCAPFILE          IPv4       6           493             2643          51417          3171          1.6m    1.04
TMM_DECODEPCAPFILE          IPv4      17            70             2665          29686          3202        224.2k    0.15

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           493             2825          18758          3415          1.7m  1.33  
flow                    IPv4      17            70             2831          40866          4875        341.3k  0.27  
stream                  IPv4       6           569             2757         774492         12545          7.1m  5.63  
app-layer               IPv4      17            70             2519          44883          9433        660.3k  0.52  
detect                  IPv4       2             4            68105         106520         85145        340.6k  0.27  
detect                  IPv4       6           569            43852       12011424        171971         97.9m  77.14 
detect                  IPv4      17            70           117921         602691        232989         16.3m  12.86 
tcp-prune               IPv4       6           569             2538         751454          4430          2.5m  1.99  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1             6984           6984          6984          7.0k  2.81  
smb                     IPv4       6             2             3349           5238          4293          8.6k  3.46  
smb2                    IPv4       6             3             2565           3645          3022          9.1k  3.65  
dcerpc                  IPv4       6             9             2627           4041          3114         28.0k  11.30 
dcerpc                  IPv4      17             1             4465           4465          4465          4.5k  1.80  
dns                     IPv4      17            32             3842          20156          5969        191.0k  76.98 
Proto detect            IPv4      17            38             2888          32721          6199        235.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             1            89569          89569         89569         89.6k  0.84  
LOGGER_UNIFIED2             IPv4      17             1           191004         191004        191004        191.0k  1.78  
LOGGER_JSON_ALERT           IPv4      17             1            82722          82722         82722         82.7k  0.77  
LOGGER_JSON_DNS             IPv4      17            26            29116        8505580        391411         10.2m  94.95 
LOGGER_JSON_HTTP            IPv4       6             1           103402         103402        103402        103.4k  0.96  
LOGGER_JSON_FILE            IPv4       6             1            75061          75061         75061         75.1k  0.70  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           338             2519         151974         18364         6.2m  39.08 
payload                           IPv4      17            70             3569          90679         19406         1.4m  8.55  
stream                            IPv4       6           338             2514         314428         23492         7.9m  49.99 
http_uri                          IPv4       6             1             9432           9432          9432         9.4k  0.06  
http_request_line                 IPv4       6             1             7187           7187          7187         7.2k  0.05  
http_client_body                  IPv4       6             1             4087           4087          4087         4.1k  0.03  
http_header (request)             IPv4       6             1            35829          35829         35829        35.8k  0.23  
http_header (request trailer)     IPv4       6             1             2665           2665          2665         2.7k  0.02  
http_header_names (request)       IPv4       6             1            16417          16417         16417        16.4k  0.10  
http_accept (request)             IPv4       6             1             4117           4117          4117         4.1k  0.03  
http_referer (request)            IPv4       6             1             3411           3411          3411         3.4k  0.02  
http_content_len (request)        IPv4       6             1             3361           3361          3361         3.4k  0.02  
http_content_type (request)       IPv4       6             1             3466           3466          3466         3.5k  0.02  
http_start (request)              IPv4       6             1            10333          10333         10333        10.3k  0.07  
http_raw_header (request)         IPv4       6             1             9979           9979          9979        10.0k  0.06  
http_method                       IPv4       6             1             4634           4634          4634         4.6k  0.03  
http_cookie (request)             IPv4       6             1             3501           3501          3501         3.5k  0.02  
http_raw_uri                      IPv4       6             1             5400           5400          5400         5.4k  0.03  
http_user_agent                   IPv4       6             1             9915           9915          9915         9.9k  0.06  
http_host                         IPv4       6             1             7975           7975          7975         8.0k  0.05  
dns_query                         IPv4      17            13             3100          20200         10528       136.9k  0.86  
http_response_line                IPv4       6             1             8425           8425          8425         8.4k  0.05  
http_header (response)            IPv4       6             1            38523          38523         38523        38.5k  0.24  
http_header (response trailer)    IPv4       6             1             2610           2610          2610         2.6k  0.02  
http_content_type (response)      IPv4       6             1             3695           3695          3695         3.7k  0.02  
http_raw_header (response)        IPv4       6             1            23234          23234         23234        23.2k  0.15  
http_cookie (response)            IPv4       6             1             3055           3055          3055         3.1k  0.02  
http_stat_code                    IPv4       6             1             5056           5056          5056         5.1k  0.03  
file_data (http response)         IPv4       6             1            14603          14603         14603        14.6k  0.09  
Total                             IPv4                   784                                         20259        15.9m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             4            19144          36742         24586         98.3k  0.08  
PROF_DETECT_IPONLY          IPv4       6            78             8760          38291         21196          1.7m  1.40  
PROF_DETECT_IPONLY          IPv4      17            43            18622         403810         33709          1.4m  1.23  
PROF_DETECT_RULES           IPv4       2             4             2527           2562          2552         10.2k  0.01  
PROF_DETECT_RULES           IPv4       6           569             2527        7736665         49764         28.3m  24.01 
PROF_DETECT_RULES           IPv4      17            70            44019         387841        117425          8.2m  6.97  
PROF_DETECT_STATEFUL_START    IPv4       6             3             5484          83078         44164        132.5k  0.11  
PROF_DETECT_STATEFUL_CONT    IPv4       2             4             2557           2785          2616         10.5k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       6           569             2505          25727          3296          1.9m  1.59  
PROF_DETECT_STATEFUL_CONT    IPv4      17            70             2514          27696          3910        273.7k  0.23  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            99             2546          40202          3208        317.6k  0.27  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            26             2603           3970          2900         75.4k  0.06  
PROF_DETECT_PREFILTER       IPv4       2             4             8043          43496         16994         68.0k  0.06  
PROF_DETECT_PREFILTER       IPv4       6           569             7682       11964053         67383         38.3m  32.51 
PROF_DETECT_PREFILTER       IPv4      17            70            24591         116989         46653          3.3m  2.77  
PROF_DETECT_PF_PAYLOAD      IPv4       6           338            13464         344114         50790         17.2m  14.55 
PROF_DETECT_PF_PAYLOAD      IPv4      17            70             8719          96091         24696          1.7m  1.47  
PROF_DETECT_PF_TX           IPv4       6            99             2628         193181          6355        629.2k  0.53  
PROF_DETECT_PF_TX           IPv4      17            13             8337          45081         17702        230.1k  0.20  
PROF_DETECT_PF_SORT1        IPv4       6           257             2551          30097          3429        881.3k  0.75  
PROF_DETECT_PF_SORT1        IPv4      17            70             2798           4971          3501        245.1k  0.21  
PROF_DETECT_PF_SORT2        IPv4       2             4             2531          17567          6359         25.4k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           569             2508          16892          2858          1.6m  1.38  
PROF_DETECT_PF_SORT2        IPv4      17            70             2554           3969          2930        205.1k  0.17  
PROF_DETECT_NONMPMLIST      IPv4       2             4             2561           2776          2719         10.9k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6           569             2518          38533          3150          1.8m  1.52  
PROF_DETECT_NONMPMLIST      IPv4      17            70             2520          24079          3788        265.2k  0.22  
PROF_DETECT_ALERT           IPv4       2             4             2522           2571          2552         10.2k  0.01  
PROF_DETECT_ALERT           IPv4       6           569             2514        2228908          6769          3.9m  3.27  
PROF_DETECT_ALERT           IPv4      17            70             2520          16396          2943        206.1k  0.17  
PROF_DETECT_CLEANUP         IPv4       2             4             2509           2577          2551         10.2k  0.01  
PROF_DETECT_CLEANUP         IPv4       6           569             2547         385233          3560          2.0m  1.72  
PROF_DETECT_CLEANUP         IPv4      17            70             2527          36742          3549        248.4k  0.21  
PROF_DETECT_GETSGH          IPv4       2             4             2768           3170          2891         11.6k  0.01  
PROF_DETECT_GETSGH          IPv4       6           569             2521          52374          3915          2.2m  1.89  
PROF_DETECT_GETSGH          IPv4      17            70             2522          25602          6346        444.2k  0.38  


stats.log - (3067 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 6/16/2019 -- 00:58:17 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 567
decoder.bytes                              | Total                     | 161603
decoder.ipv4                               | Total                     | 567
decoder.ethernet                           | Total                     | 567
decoder.tcp                                | Total                     | 493
decoder.udp                                | Total                     | 70
decoder.avg_pkt_size                       | Total                     | 285
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 39
flow.udp                                   | Total                     | 25
tcp.sessions                               | Total                     | 39
tcp.syn                                    | Total                     | 39
tcp.synack                                 | Total                     | 39
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.smb                         | Total                     | 1
app_layer.flow.dcerpc_tcp                  | Total                     | 4
app_layer.flow.failed_tcp                  | Total                     | 31
app_layer.flow.dns_udp                     | Total                     | 13
app_layer.tx.dns_udp                       | Total                     | 13
app_layer.flow.failed_udp                  | Total                     | 12
flow.spare                                 | Total                     | 9997
flow_mgr.flows_checked                     | Total                     | 2
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65534
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079200


eve.json - (13205 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{"timestamp":"2019-02-05T03:38:49.674933+0000","flow_id":803575584869493,"pcap_cnt":6,"event_type":"dns","src_ip":"172.16.8.201","src_port":54361,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45016,"rrname":"_ldap._tcp.dc._msdcs.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:38:49.675150+0000","flow_id":803575584869493,"pcap_cnt":7,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":54361,"proto":"UDP","dns":{"type":"answer","id":45016,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2019-02-05T03:38:49.677595+0000","flow_id":1845994212382427,"pcap_cnt":8,"event_type":"dns","src_ip":"172.16.8.201","src_port":63411,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22944,"rrname":"happycraft-dc.happycraft.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-05T03:38:49.677595+0000","flow_id":1845994212382427,"pcap_cnt":9,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":63411,"proto":"UDP","dns":{"type":"answer","id":22944,"rcode":"NOERROR","rrname":"happycraft-dc.happycraft.org","rrtype":"A","ttl":3600,"rdata":"172.16.8.8"}}
{"timestamp":"2019-02-05T03:38:49.880193+0000","flow_id":1592148760292929,"pcap_cnt":64,"event_type":"dns","src_ip":"172.16.8.201","src_port":52060,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32746,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:38:49.880217+0000","flow_id":1592148760292929,"pcap_cnt":65,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":52060,"proto":"UDP","dns":{"type":"answer","id":32746,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2019-02-05T03:38:51.184129+0000","flow_id":1377458377707329,"pcap_cnt":168,"event_type":"dns","src_ip":"172.16.8.201","src_port":57683,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3902,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Happycraft-DC.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:38:51.184226+0000","flow_id":1377458377707329,"pcap_cnt":169,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":57683,"proto":"UDP","dns":{"type":"answer","id":3902,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Happycraft-DC.happycraft.org"}}
{"timestamp":"2019-02-05T03:38:51.184226+0000","flow_id":1377458377707329,"pcap_cnt":169,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":57683,"proto":"UDP","dns":{"type":"answer","id":3902,"rcode":"NXDOMAIN","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}
{"timestamp":"2019-02-05T03:38:51.186023+0000","flow_id":936446840788647,"pcap_cnt":170,"event_type":"dns","src_ip":"172.16.8.201","src_port":63855,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43001,"rrname":"_ldap._tcp.Happycraft-DC.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:38:51.186197+0000","flow_id":936446840788647,"pcap_cnt":171,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":63855,"proto":"UDP","dns":{"type":"answer","id":43001,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Happycraft-DC.happycraft.org"}}
{"timestamp":"2019-02-05T03:38:51.186197+0000","flow_id":936446840788647,"pcap_cnt":171,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":63855,"proto":"UDP","dns":{"type":"answer","id":43001,"rcode":"NXDOMAIN","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}
{"timestamp":"2019-02-05T03:38:52.656904+0000","flow_id":1516005432755720,"pcap_cnt":279,"event_type":"dns","src_ip":"172.16.8.201","src_port":53184,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37116,"rrname":"wpad.happycraft.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-05T03:38:52.657088+0000","flow_id":1516005432755720,"pcap_cnt":280,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":53184,"proto":"UDP","dns":{"type":"answer","id":37116,"rcode":"NXDOMAIN","rrname":"wpad.happycraft.org"}}
{"timestamp":"2019-02-05T03:38:52.657088+0000","flow_id":1516005432755720,"pcap_cnt":280,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":53184,"proto":"UDP","dns":{"type":"answer","id":37116,"rcode":"NXDOMAIN","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}
{"timestamp":"2019-02-05T03:38:52.657679+0000","flow_id":508249338808591,"pcap_cnt":281,"event_type":"dns","src_ip":"172.16.8.201","src_port":54366,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7175,"rrname":"wpad.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-05T03:38:52.657768+0000","flow_id":508249338808591,"pcap_cnt":282,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":54366,"proto":"UDP","dns":{"type":"answer","id":7175,"rcode":"NXDOMAIN","rrname":"wpad.localdomain"}}
{"timestamp":"2019-02-05T03:38:52.657768+0000","flow_id":508249338808591,"pcap_cnt":282,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":54366,"proto":"UDP","dns":{"type":"answer","id":7175,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":800}}
{"timestamp":"2019-02-05T03:38:57.297403+0000","flow_id":539001305008571,"pcap_cnt":302,"event_type":"dns","src_ip":"172.16.8.201","src_port":50807,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20642,"rrname":"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:38:57.297626+0000","flow_id":539001305008571,"pcap_cnt":303,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":50807,"proto":"UDP","dns":{"type":"answer","id":20642,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2019-02-05T03:38:57.655899+0000","flow_id":589787145765403,"pcap_cnt":307,"event_type":"dns","src_ip":"172.16.8.201","src_port":56214,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31267,"rrname":"Johnson-PC.happycraft.org","rrtype":"SOA","tx_id":0}}
{"timestamp":"2019-02-05T03:38:57.656142+0000","flow_id":589787145765403,"pcap_cnt":308,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":56214,"proto":"UDP","dns":{"type":"answer","id":31267,"rcode":"NOERROR","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}
{"timestamp":"2019-02-05T03:38:57.656846+0000","flow_id":869071689156046,"pcap_cnt":309,"event_type":"alert","src_ip":"172.16.8.201","src_port":62729,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2019-02-05T03:38:57.656846+0000","flow_id":869071689156046,"pcap_cnt":309,"event_type":"dns","src_ip":"172.16.8.201","src_port":62729,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2952,"rrname":"happycraft.org","rrtype":"SOA","tx_id":0}}
{"timestamp":"2019-02-05T03:38:57.657651+0000","flow_id":869071689156046,"pcap_cnt":310,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":62729,"proto":"UDP","dns":{"type":"answer","id":2952,"rcode":"NOERROR","rrname":"Johnson-PC.happycraft.org","rrtype":"CNAME","ttl":0,"rdata":"Johnson-PC.happycraft.org"}}
{"timestamp":"2019-02-05T03:38:57.657651+0000","flow_id":869071689156046,"pcap_cnt":310,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":62729,"proto":"UDP","dns":{"type":"answer","id":2952,"rcode":"NOERROR","rrname":"Johnson-PC.happycraft.org","rrtype":"AAAA","ttl":0,"rdata":""}}
{"timestamp":"2019-02-05T03:38:57.657651+0000","flow_id":869071689156046,"pcap_cnt":310,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":62729,"proto":"UDP","dns":{"type":"answer","id":2952,"rcode":"NOERROR","rrname":"Johnson-PC.happycraft.org","rrtype":"A","ttl":0,"rdata":""}}
{"timestamp":"2019-02-05T03:38:57.657651+0000","flow_id":869071689156046,"pcap_cnt":310,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":62729,"proto":"UDP","dns":{"type":"answer","id":2952,"rcode":"NOERROR","rrname":"Johnson-PC.happycraft.org","rrtype":"A","ttl":1200,"rdata":"172.16.8.201"}}
{"timestamp":"2019-02-05T03:38:59.861047+0000","flow_id":1107521831117687,"pcap_cnt":372,"event_type":"dns","src_ip":"172.16.8.201","src_port":64186,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29783,"rrname":"www.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-05T03:38:59.959818+0000","flow_id":1107521831117687,"pcap_cnt":373,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":64186,"proto":"UDP","dns":{"type":"answer","id":29783,"rcode":"NOERROR","rrname":"www.msftncsi.com","rrtype":"CNAME","ttl":987,"rdata":"www.msftncsi.com.edgesuite.net"}}
{"timestamp":"2019-02-05T03:38:59.959818+0000","flow_id":1107521831117687,"pcap_cnt":373,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":64186,"proto":"UDP","dns":{"type":"answer","id":29783,"rcode":"NOERROR","rrname":"www.msftncsi.com.edgesuite.net","rrtype":"CNAME","ttl":156,"rdata":"a1961.g2.akamai.net"}}
{"timestamp":"2019-02-05T03:38:59.959818+0000","flow_id":1107521831117687,"pcap_cnt":373,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":64186,"proto":"UDP","dns":{"type":"answer","id":29783,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"184.28.188.186"}}
{"timestamp":"2019-02-05T03:38:59.959818+0000","flow_id":1107521831117687,"pcap_cnt":373,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":64186,"proto":"UDP","dns":{"type":"answer","id":29783,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"184.28.188.184"}}
{"timestamp":"2019-02-05T03:39:00.075368+0000","flow_id":1555858434797558,"pcap_cnt":380,"event_type":"http","src_ip":"172.16.8.201","src_port":49184,"dest_ip":"184.28.188.186","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2019-02-05T03:39:00.075369+0000","flow_id":1555858434797558,"pcap_cnt":382,"event_type":"fileinfo","src_ip":"184.28.188.186","src_port":80,"dest_ip":"172.16.8.201","dest_port":49184,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2019-02-05T03:39:12.261287+0000","flow_id":701718289513639,"pcap_cnt":476,"event_type":"dns","src_ip":"172.16.8.201","src_port":63580,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24216,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Happycraft-DC.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:39:12.261287+0000","flow_id":701718289513639,"pcap_cnt":477,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":63580,"proto":"UDP","dns":{"type":"answer","id":24216,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Happycraft-DC.happycraft.org"}}
{"timestamp":"2019-02-05T03:39:12.261287+0000","flow_id":701718289513639,"pcap_cnt":477,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":63580,"proto":"UDP","dns":{"type":"answer","id":24216,"rcode":"NXDOMAIN","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}
{"timestamp":"2019-02-05T03:39:12.262448+0000","flow_id":1640258837938480,"pcap_cnt":478,"event_type":"dns","src_ip":"172.16.8.201","src_port":57070,"dest_ip":"172.16.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2066,"rrname":"_ldap._tcp.Happycraft-DC.happycraft.org","rrtype":"SRV","tx_id":0}}
{"timestamp":"2019-02-05T03:39:12.262591+0000","flow_id":1640258837938480,"pcap_cnt":479,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":57070,"proto":"UDP","dns":{"type":"answer","id":2066,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Happycraft-DC.happycraft.org"}}
{"timestamp":"2019-02-05T03:39:12.262591+0000","flow_id":1640258837938480,"pcap_cnt":479,"event_type":"dns","src_ip":"172.16.8.8","src_port":53,"dest_ip":"172.16.8.201","dest_port":57070,"proto":"UDP","dns":{"type":"answer","id":2066,"rcode":"NXDOMAIN","rrname":"happycraft.org","rrtype":"SOA","ttl":3600}}


keyword_perf.log - (8261 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/16/2019 -- 00:58:17
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            18628           4               4               7341            4657.00         4657.00         0.00           
  flow             73593           14              14              17522           5256.00         5256.00         0.00           
  threshold        55574           4               0               32688           13893.00        0.00            13893.00       
  content          2394034         389             183             764448          6154.00         5240.00         6966.00        
  pcre             137188          14              0               33862           9799.00         0.00            9799.00        
  byte_test        813640          249             142             18835           3267.00         3292.00         3235.00        
  byte_jump        202842          68              5               4373            2982.00         2854.00         2993.00        
  isdataat         21277           7               0               3885            3039.00         0.00            3039.00        
  byte_extract     12420           3               3               4724            4140.00         4140.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            18628           4               4               7341            4657.00         4657.00         0.00           
  flow             73593           14              14              17522           5256.00         5256.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2357438         379             179             764448          6220.00         5265.00         7074.00        
  pcre             116918          13              0               33862           8993.00         0.00            8993.00        
  byte_test        813640          249             142             18835           3267.00         3292.00         3235.00        
  byte_jump        202842          68              5               4373            2982.00         2854.00         2993.00        
  isdataat         21277           7               0               3885            3039.00         0.00            3039.00        
  byte_extract     12420           3               3               4724            4140.00         4140.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        55574           4               0               32688           13893.00        0.00            13893.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3229            1               0               3229            3229.00         0.00            3229.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3080            1               0               3080            3080.00         0.00            3080.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3319            1               0               3319            3319.00         0.00            3319.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23345           6               4               4262            3890.00         4094.00         3483.00        
  pcre             20270           1               0               20270           20270.00        0.00            20270.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3623            1               0               3623            3623.00         0.00            3623.00        


suricata-4.0.0-etopen-all-perf.txt-2019-06-16-T-00-58-17-06162019.0058-host-and-user-ID-pcap-06.pcap.txt - (27094 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/16/2019 -- 00:58:17. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2102523      1        8        7962475      33.49  74       0        7720791     107601.01   0.00        107601.01  
  2        2014957      1        1        964210       4.06   15       0        773333      64280.67    0.00        64280.67   
  3        2018013      1        3        411161       1.73   1        0        411161      411161.00   0.00        411161.00  
  4        2015986      1        5        440799       1.85   130      0        92142       3390.76     0.00        3390.76    
  5        2018316      1        4        317846       1.34   10       0        78763       31784.60    0.00        31784.60   
  6        2025200      1        1        154853       0.65   26       0        63858       5955.88     0.00        5955.88    
  7        2102523      1        8        263817       1.11   73       0        53539       3613.93     0.00        3613.93    
  8        2018666      1        4        277136       1.17   10       0        49007       27713.60    0.00        27713.60   
  9        2017707      1        4        47336        0.20   1        0        47336       47336.00    0.00        47336.00   
  10       2009387      1        4        296728       1.25   83       0        47149       3575.04     0.00        3575.04    
  11       2020742      1        1        262067       1.10   10       0        46281       26206.70    0.00        26206.70   
  12       2020302      1        6        44914        0.19   1        0        44914       44914.00    0.00        44914.00   
  13       2023832      1        3        498614       2.10   27       0        40230       18467.19    0.00        18467.19   
  14       2019230      1        2        58180        0.24   3        0        39709       19393.33    0.00        19393.33   
  15       2017935      1        3        327091       1.38   107      0        37672       3056.93     0.00        3056.93    
  16       2017552      1        6        50425        0.21   2        0        37506       25212.50    0.00        25212.50   
  17       2020741      1        1        277567       1.17   10       0        35803       27756.70    0.00        27756.70   
  18       2102190      1        5        521173       2.19   150      0        33663       3474.49     0.00        3474.49    
  19       2008297      1        5        178265       0.75   54       0        33619       3301.20     0.00        3301.20    
  20       2008299      1        4        119120       0.50   27       0        31560       4411.85     0.00        4411.85    
  21       2010140      1        7        222953       0.94   50       0        31255       4459.06     0.00        4459.06    
  22       2020768      1        2        50197        0.21   2        0        31185       25098.50    0.00        25098.50   
  23       2020770      1        2        31172        0.13   1        0        31172       31172.00    0.00        31172.00   
  24       2009702      1        5        341282       1.44   31       1        30755       11009.10    30755.00    10350.90   
  25       2020763      1        2        158592       0.67   6        0        30248       26432.00    0.00        26432.00   
  26       2018055      1        3        30069        0.13   1        0        30069       30069.00    0.00        30069.00   
  27       2020769      1        2        29756        0.13   1        0        29756       29756.00    0.00        29756.00   
  28       2018077      1        5        134519       0.57   5        0        29634       26903.80    0.00        26903.80   
  29       2024771      1        1        29138        0.12   1        0        29138       29138.00    0.00        29138.00   
  30       2019155      1        2        29081        0.12   1        0        29081       29081.00    0.00        29081.00   
  31       2020781      1        5        46372        0.20   2        0        28798       23186.00    0.00        23186.00   
  32       2020693      1        1        28163        0.12   1        0        28163       28163.00    0.00        28163.00   
  33       2018287      1        2        27827        0.12   1        0        27827       27827.00    0.00        27827.00   
  34       2001569      1        15       65385        0.27   3        3        27475       21795.00    21795.00    0.00       
  35       2020795      1        2        53711        0.23   2        0        27383       26855.50    0.00        26855.50   
  36       2020586      1        3        127064       0.53   5        0        26926       25412.80    0.00        25412.80   
  37       2014703      1        9        251780       1.06   31       0        26731       8121.94     0.00        8121.94    
  38       2020794      1        2        26648        0.11   1        0        26648       26648.00    0.00        26648.00   
  39       2018069      1        1        26293        0.11   1        0        26293       26293.00    0.00        26293.00   
  40       2020784      1        2        124333       0.52   5        0        26290       24866.60    0.00        24866.60   
  41       2022773      1        2        26166        0.11   1        0        26166       26166.00    0.00        26166.00   
  42       2018636      1        2        26119        0.11   1        0        26119       26119.00    0.00        26119.00   
  43       2017914      1        2        26116        0.11   1        0        26116       26116.00    0.00        26116.00   
  44       2020785      1        3        26008        0.11   1        0        26008       26008.00    0.00        26008.00   
  45       2020791      1        3        43081        0.18   2        0        25819       21540.50    0.00        21540.50   
  46       2012612      1        16       24918        0.10   1        0        24918       24918.00    0.00        24918.00   
  47       2023831      1        2        298106       1.25   27       0        24766       11040.96    0.00        11040.96   
  48       2018054      1        1        24388        0.10   1        0        24388       24388.00    0.00        24388.00   
  49       2014701      1        12       319215       1.34   31       0        24212       10297.26    0.00        10297.26   
  50       2017934      1        4        24182        0.10   1        0        24182       24182.00    0.00        24182.00   
  51       2020496      1        2        23315        0.10   1        0        23315       23315.00    0.00        23315.00   
  52       2012707      1        5        22723        0.10   1        0        22723       22723.00    0.00        22723.00   
  53       2102955      1        4        43943        0.18   2        0        22130       21971.50    0.00        21971.50   
  54       2014956      1        1        357998       1.51   33       0        22079       10848.42    0.00        10848.42   
  55       2025090      1        1        42624        0.18   2        0        21986       21312.00    0.00        21312.00   
  56       2102979      1        4        49332        0.21   4        0        21681       12333.00    0.00        12333.00   
  57       2102472      1        11       47943        0.20   4        0        21118       11985.75    0.00        11985.75   
  58       2102466      1        9        41926        0.18   2        0        21080       20963.00    0.00        20963.00   
  59       2018085      1        2        59999        0.25   3        0        20990       19999.67    0.00        19999.67   
  60       2103158      1        6        293799       1.24   93       0        20749       3159.13     0.00        3159.13    
  61       2017548      1        6        20535        0.09   1        0        20535       20535.00    0.00        20535.00   
  62       2001330      1        8        362085       1.52   122      0        20171       2967.91     0.00        2967.91    
  63       2020614      1        2        19905        0.08   1        0        19905       19905.00    0.00        19905.00   
  64       2020606      1        4        19283        0.08   1        0        19283       19283.00    0.00        19283.00   
  65       2017913      1        3        37950        0.16   2        0        19193       18975.00    0.00        18975.00   
  66       2020786      1        4        18994        0.08   1        0        18994       18994.00    0.00        18994.00   
  67       2017944      1        5        51116        0.21   3        0        18977       17038.67    0.00        17038.67   
  68       2021065      1        2        18958        0.08   1        0        18958       18958.00    0.00        18958.00   
  69       2020612      1        3        18744        0.08   1        0        18744       18744.00    0.00        18744.00   
  70       2021977      1        6        105266       0.44   34       0        18592       3096.06     0.00        3096.06    
  71       2019083      1        2        18498        0.08   1        0        18498       18498.00    0.00        18498.00   
  72       2022543      1        1        93279        0.39   6        0        18463       15546.50    0.00        15546.50   
  73       2001581      1        15       18180        0.08   1        1        18180       18180.00    18180.00    0.00       
  74       2018639      1        2        18096        0.08   1        0        18096       18096.00    0.00        18096.00   
  75       2020764      1        2        17397        0.07   1        0        17397       17397.00    0.00        17397.00   
  76       2018057      1        4        17244        0.07   1        0        17244       17244.00    0.00        17244.00   
  77       2010143      1        3        166555       0.70   50       0        16993       3331.10     0.00        3331.10    
  78       2020695      1        1        16796        0.07   1        0        16796       16796.00    0.00        16796.00   
  79       2018076      1        3        33091        0.14   2        0        16772       16545.50    0.00        16545.50   
  80       2008120      1        4        191091       0.80   63       0        16389       3033.19     0.00        3033.19    
  81       2013075      1        8        54849        0.23   15       0        16235       3656.60     0.00        3656.60    
  82       2022024      1        1        137186       0.58   45       0        16027       3048.58     0.00        3048.58    
  83       2014702      1        9        233512       0.98   31       0        15971       7532.65     0.00        7532.65    
  84       2024777      1        2        152300       0.64   51       0        15796       2986.27     0.00        2986.27    
  85       2024435      1        1        80660        0.34   26       0        15796       3102.31     0.00        3102.31    
  86       2018377      1        3        18572        0.08   2        0        15726       9286.00     0.00        9286.00    
  87       2018558      1        5        92012        0.39   28       0        15540       3286.14     0.00        3286.14    
  88       2008307      1        3        67383        0.28   19       0        15146       3546.47     0.00        3546.47    
  89       2014958      1        1        322417       1.36   33       0        14810       9770.21     0.00        9770.21    
  90       2016537      1        2        14772        0.06   1        0        14772       14772.00    0.00        14772.00   
  91       2018375      1        3        26153        0.11   2        0        14341       13076.50    0.00        13076.50   
  92       2018372      1        2        24441        0.10   2        0        13954       12220.50    0.00        12220.50   
  93       2018374      1        2        24356        0.10   2        0        13798       12178.00    0.00        12178.00   
  94       2001263      1        5        23024        0.10   2        0        13684       11512.00    0.00        11512.00   
  95       2018376      1        4        22688        0.10   2        0        13070       11344.00    0.00        11344.00   
  96       2018485      1        3        81442        0.34   8        0        12486       10180.25    0.00        10180.25   
  97       2022914      1        1        56518        0.24   6        0        10572       9419.67     0.00        9419.67    
  98       2018181      1        3        9955         0.04   1        0        9955        9955.00     0.00        9955.00    
  99       2018486      1        5        19424        0.08   2        0        9776        9712.00     0.00        9712.00    
  100      2021978      1        6        78018        0.33   27       0        6988        2889.56     0.00        2889.56    
  101      2023622      1        3        168922       0.71   63       0        4999        2681.30     0.00        2681.30    
  102      2022882      1        1        8238         0.03   2        0        4969        4119.00     0.00        4119.00    
  103      2100538      1        17       8381         0.04   2        0        4923        4190.50     0.00        4190.50    
  104      2018382      1        8        7697         0.03   2        0        4918        3848.50     0.00        3848.50    
  105      2023053      1        2        4825         0.02   1        0        4825        4825.00     0.00        4825.00    
  106      2018389      1        3        7889         0.03   2        0        4741        3944.50     0.00        3944.50    
  107      2100327      1        10       110363       0.46   36       0        4581        3065.64     0.00        3065.64    
  108      2102470      1        12       13226        0.06   4        0        4253        3306.50     0.00        3306.50    
  109      2008306      1        3        146797       0.62   53       0        4220        2769.75     0.00        2769.75    
  110      2018383      1        8        7371         0.03   2        0        4205        3685.50     0.00        3685.50    
  111      2008116      1        4        41314        0.17   13       0        4115        3178.00     0.00        3178.00    
  112      2100361      1        17       10900        0.05   3        0        4106        3633.33     0.00        3633.33    
  113      2016181      1        2        32330        0.14   11       0        4072        2939.09     0.00        2939.09    
  114      2013739      1        15       14687        0.06   5        0        4054        2937.40     0.00        2937.40    
  115      2022546      1        1        59271        0.25   19       0        4043        3119.53     0.00        3119.53    
  116      2018281      1        4        121107       0.51   43       0        4013        2816.44     0.00        2816.44    
  117      2001804      1        5        54858        0.23   18       0        4005        3047.67     0.00        3047.67    
  118      2103238      1        4        48559        0.20   18       0        4002        2697.72     0.00        2697.72    
  119      2023617      1        3        13129        0.06   4        0        3969        3282.25     0.00        3282.25    
  120      2025519      1        1        12932        0.05   4        0        3964        3233.00     0.00        3233.00    
  121      2000333      1        11       15225        0.06   5        0        3958        3045.00     0.00        3045.00    
  122      2103002      1        5        7712         0.03   2        0        3956        3856.00     0.00        3856.00    
  123      2023625      1        3        144853       0.61   54       0        3952        2682.46     0.00        2682.46    
  124      2023054      1        2        3947         0.02   1        0        3947        3947.00     0.00        3947.00    
  125      2023624      1        3        1

This file has been truncated. Go here to download in full.


unified2.alert.1560646696 - (247 bytes) - download
1
2
3
4
5
6
4\YQ
Ϊf!¬ɬõ	5³\YQ\YQ
Η¤rÂ	jG®E‰Ç€Ы¬ɬõ	5uш(
happycraftorg
Johnson-PC
happycraftorgþÀ ÿÀ ÿÀ °¬É


IDSDeathBlossom.py.log - (1167 bytes) - download
1
2
3
4
5
6
7
8
2019-06-16 00:58:08,313 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-16 00:58:09,095 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-16 00:58:09,095 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-06-16 00:58:09,095 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-16 00:58:09,096 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-16 00:58:09,096 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/1ef87100b94278bcdb59d184cf61ce83d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/06162019.0058-host-and-user-ID-pcap-06.pcap -vvv -k none
2019-06-16 00:58:17,144 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-16 00:58:17,145 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.84213685989


suricata-4.0.0-etopen-all-alert-2019-06-16-T-00-58-17-06162019.0058-host-and-user-ID-pcap-06.pcap.txt - (203 bytes) - download
1
02/05/2019-03:38:57.656846  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.8.201:62729 -> 172.16.8.8:53