Filename: 2018-11-13-traffic-analysis-exercise.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 10.3633310795 seconds
Hash: 221168dc0865c145fe977b2c373022f3
Uploaded: 1542482594

Logfiles


suricata-report-2018-11-17-T-19-23-25-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (18343 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/221168dc0865c145fe977b2c373022f3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11172018.1923-2018-11-13-traffic-analysis-exercise.pcap -vvv -k none
elapsedtime:9.391174
stderr:
stdout:
17/11/2018 -- 19:23:15 - <Info> - Configuration node 'rule-files' redefined.
17/11/2018 -- 19:23:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/11/2018 -- 19:23:15 - <Info> - CPUs/cores online: 1
17/11/2018 -- 19:23:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32513 and 'request-body-inspect-window' set to 15949 after randomization.
17/11/2018 -- 19:23:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32365 and 'response-body-inspect-window' set to 17197 after randomization.
17/11/2018 -- 19:23:15 - <Config> - DNS request flood protection level: 500
17/11/2018 -- 19:23:15 - <Config> - DNS per flow memcap (state-memcap): 524288
17/11/2018 -- 19:23:15 - <Config> - DNS global memcap: 16777216
17/11/2018 -- 19:23:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/11/2018 -- 19:23:15 - <Config> - preallocated 1000 hosts of size 136
17/11/2018 -- 19:23:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:23:15 - <Config> - using magic-file /usr/share/file/magic
17/11/2018 -- 19:23:15 - <Config> - Core dump size is unlimited.
17/11/2018 -- 19:23:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/11/2018 -- 19:23:15 - <Config> - preallocated 1000 defrag trackers of size 168
17/11/2018 -- 19:23:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/11/2018 -- 19:23:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/11/2018 -- 19:23:15 - <Config> - stream "memcap": 33554432
17/11/2018 -- 19:23:15 - <Config> - stream "midstream" session pickups: disabled
17/11/2018 -- 19:23:15 - <Config> - stream "async-oneside": disabled
17/11/2018 -- 19:23:15 - <Config> - stream "checksum-validation": disabled
17/11/2018 -- 19:23:15 - <Config> - stream."inline": disabled
17/11/2018 -- 19:23:15 - <Config> - stream "bypass": disabled
17/11/2018 -- 19:23:15 - <Config> - stream "max-synack-queued": 5
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly "memcap": 134217728
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly "depth": 0
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly "toserver-chunk-size": 2516
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly "toclient-chunk-size": 2612
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly.raw: enabled
17/11/2018 -- 19:23:15 - <Config> - stream.reassembly "segment-prealloc": 2048
17/11/2018 -- 19:23:15 - <Config> - Delayed detect disabled
17/11/2018 -- 19:23:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/11/2018 -- 19:23:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/11/2018 -- 19:23:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/11/2018 -- 19:23:15 - <Config> - prefilter engines: MPM
17/11/2018 -- 19:23:15 - <Config> - IP reputation disabled
17/11/2018 -- 19:23:15 - <Perf> - Registered 148 keyword profiling counters.
17/11/2018 -- 19:23:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
17/11/2018 -- 19:23:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
17/11/2018 -- 19:23:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
17/11/2018 -- 19:23:17 - <Config> - No rules loaded from ET-emerging-icmp.rules.
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
17/11/2018 -- 19:23:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
17/11/2018 -- 19:23:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
17/11/2018 -- 19:23:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
17/11/2018 -- 19:23:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
17/11/2018 -- 19:23:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
17/11/2018 -- 19:23:20 - <Config> - No rules loaded from local.rules.
17/11/2018 -- 19:23:20 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
17/11/2018 -- 19:23:20 - <Info> - Threshold config parsed: 0 rule(s) found
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tcp-packet
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tcp-stream
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for udp-packet
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for other-ip
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_uri
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_client_body
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_accept
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_accept_enc
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_accept_lang
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_referer
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_connection
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_method
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_raw_uri
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_user_agent
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_host
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_raw_host
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_stat_msg
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_stat_code
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for dns_query
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tls_sni
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:23:20 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:23:20 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
17/11/2018 -- 19:23:20 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/11/2018 -- 19:23:20 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
17/11/2018 -- 19:23:20 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
17/11/2018 -- 19:23:20 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
17/11/2018 -- 19:23:20 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
17/11/2018 -- 19:23:20 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
17/11/2018 -- 19:23:20 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/11/2018 -- 19:23:21 - <Perf> - Unique rule groups: 111
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toserver TCP packet": 31
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toclient TCP packet": 20
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toserver TCP stream": 31
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toclient TCP stream": 21
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toserver UDP packet": 33
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "toclient UDP packet": 15
17/11/2018 -- 19:23:21 - <Perf> - Builtin MPM "other IP packet": 2
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_uri": 8
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_header": 6
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_header": 3
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_header_names": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_start": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_method": 3
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver http_host": 2
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver tls_sni": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toserver file_data": 1
17/11/2018 -- 19:23:21 - <Perf> - AppLayer MPM "toclient file_data": 5
17/11/2018 -- 19:23:22 - <Perf> - Registered 18241 rule profiling counters.
17/11/2018 -- 19:23:22 - <Info> - fast output device (regular) initialized: alert
17/11/2018 -- 19:23:22 - <Info> - eve-log output device (regular) initialized: eve.json
17/11/2018 -- 19:23:22 - <Config> - enabling 'eve-log' module 'alert'
17/11/2018 -- 19:23:22 - <Config> - enabling 'eve-log' module 'http'
17/11/2018 -- 19:23:22 - <Config> - enabling 'eve-log' module 'dns'
17/11/2018 -- 19:23:22 - <Config> - enabling 'eve-log' module 'tls'
17/11/2018 -- 19:23:22 - <Config> - enabling 'eve-log' 

This file has been truncated. Go here to download in full.


packet_stats.log - (15562 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            11        173931334     1867708531     936566569         10.3b    0.08
 IPv4       6         10035           690854     1923213136    1243591077      12479.4b   98.16
 IPv4      17           278         12918053     1911414190     802627092        223.1b    1.76
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            11            72381         228267        106147          1.2m    0.04
TMM_FLOWWORKER              IPv4       6         10035            66311       19020593        247123          2.5b   90.90
TMM_FLOWWORKER              IPv4      17           278           114381        7216852        401763        111.7m    4.09
TMM_RECEIVEPCAPFILE         IPv4       2            11             2558           3734          2835         31.2k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          9942             2534       11419269          4667         46.4m    1.70
TMM_RECEIVEPCAPFILE         IPv4      17           278             2543           9688          2784        774.1k    0.03
TMM_DECODEPCAPFILE          IPv4       2            11             2712           7811          3694         40.6k    0.00
TMM_DECODEPCAPFILE          IPv4       6          9942             2653       40005891          8788         87.4m    3.20
TMM_DECODEPCAPFILE          IPv4      17           278             2667          17826          3087        858.4k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          9942             2813         120647          3506         34.9m  1.47  
flow                    IPv4      17           278             2831          21639          4249          1.2m  0.05  
stream                  IPv4       6         10035             2612        2012847         18157        182.2m  7.69  
app-layer               IPv4      17           278             2524        6554601         36101         10.0m  0.42  
detect                  IPv4       2            11            66765         184174         96231          1.1m  0.04  
detect                  IPv4       6         10035            44502       18978139        201908          2.0b  85.51 
detect                  IPv4      17           278            98287        3037377        273492         76.0m  3.21  
tcp-prune               IPv4       6         10035             2538        6486391          3773         37.9m  1.60  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            17             3427          66549         26678        453.5k  20.37 
tls                     IPv4       6           137             2597          60291          4227        579.2k  26.01 
tls                     IPv4      17             3             2633           2802          2726          8.2k  0.37  
smb                     IPv4       6             2             2995           5421          4208          8.4k  0.38  
smb2                    IPv4       6             2             2543           2544          2543          5.1k  0.23  
dcerpc                  IPv4       6            18             2743           4273          3326         59.9k  2.69  
dns                     IPv4      17           194             3319          16139          5734          1.1m  49.96 
Proto detect            IPv4       6             6             2691           6301          4492         27.0k
Proto detect            IPv4      17           181             2853          36179          6115          1.1m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            73635          97296         85465        170.9k  0.34  
LOGGER_ALERT_FAST           IPv4      17             3            17914          65820         38132        114.4k  0.23  
LOGGER_UNIFIED2             IPv4       6             2           162818         174304        168561        337.1k  0.66  
LOGGER_UNIFIED2             IPv4      17             3            20972         176840         82914        248.7k  0.49  
LOGGER_JSON_ALERT           IPv4       6             2            84521         130081        107301        214.6k  0.42  
LOGGER_JSON_ALERT           IPv4      17             3            51078          62827         57994        174.0k  0.34  
LOGGER_JSON_DNS             IPv4      17           172            25372        6385654        114043         19.6m  38.67 
LOGGER_JSON_HTTP            IPv4       6           131            40914         203693         90985         11.9m  23.50 
LOGGER_JSON_TLS             IPv4       6            79            25913         499846         73310          5.8m  11.42 
LOGGER_JSON_FILE            IPv4       6           109            59832         292119        111335         12.1m  23.93 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          4773             2530       18898687         29053       138.7m  21.32 
payload                           IPv4      17           278             3388         143918         23497         6.5m  1.00  
stream                            IPv4       6          4773             2538        7167433         34174       163.1m  25.08 
http_uri                          IPv4       6           131             6607         162125         31058         4.1m  0.63  
http_request_line                 IPv4       6           131             3488          69474          6390       837.2k  0.13  
http_client_body                  IPv4       6           131             2689         297442          7204       943.7k  0.15  
http_header (request)             IPv4       6           131            14039         260268         60000         7.9m  1.21  
http_header (request trailer)     IPv4       6           131             2586          28814          3322       435.2k  0.07  
http_header_names (request)       IPv4       6           131             4973          36041         13073         1.7m  0.26  
http_accept (request)             IPv4       6           131             3089          34058          5376       704.3k  0.11  
http_referer (request)            IPv4       6           131             2969          24020          5035       659.7k  0.10  
http_content_len (request)        IPv4       6           131             3000          30283          4371       572.7k  0.09  
http_content_type (request)       IPv4       6           131             2899          69507          4509       590.8k  0.09  
http_start (request)              IPv4       6           131             6795          26517         11388         1.5m  0.23  
http_raw_header (request)         IPv4       6           131             8979         105107         16323         2.1m  0.33  
http_method                       IPv4       6           131             2809          38801          4167       545.9k  0.08  
http_cookie (request)             IPv4       6           131             3016          46569          8718         1.1m  0.18  
http_raw_uri                      IPv4       6           131             3308          24528          5666       742.3k  0.11  
http_user_agent                   IPv4       6           131             3111          72508         18500         2.4m  0.37  
http_host                         IPv4       6           131             3306          37086          7548       988.9k  0.15  
dns_query                         IPv4      17            86             2818          55386         12327         1.1m  0.16  
tls_sni                           IPv4       6           119             2805          25035          6069       722.3k  0.11  
http_response_line                IPv4       6           131             3035          21926          6241       817.7k  0.13  
http_header (response)            IPv4       6           131             8720         193940         35128         4.6m  0.71  
http_header (response trailer)    IPv4       6           131             2573          82255          4101       537.3k  0.08  
http_content_type (response)      IPv4       6           131             2932          95393          5746       752.8k  0.12  
http_raw_header (response)        IPv4       6          3073             4168          83800          5920        18.2m  2.80  
http_cookie (response)            IPv4       6           131             2851          13706          3676       481.6k  0.07  
http_stat_code                    IPv4       6           131             2667          25895          4096       536.6k  0.08  
tls_cert_issuer                   IPv4       6            79             2588          27487          6478       511.8k  0.08  
tls_cert_subject                  IPv4       6            79             2565          48140          7690       607.6k  0.09  
tls_cert_serial                   IPv4       6            79             2567          65111          6243       493.2k  0.08  
file_data (http response)         IPv4       6          3073             2569       13725659         92732       285.0m  43.81 
Total                             IPv4                 19425                                         33485       650.5m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            11            19069          73891         36837        405.2k  0.01  
PROF_DETECT_IPONLY          IPv4       6           286             3133          99420         23238          6.6m  0.24  
PROF_DETECT_IPONLY          IPv4      17           212             4192         107581         26149          5.5m  0.20  
PROF_DETECT_RULES           IPv4       2            11             2535           3389          2669         29.4k  0.00  
PROF_DETECT_RULES           IPv4       6         10035             2525       17391803         54793        549.9m  19.99 
PROF_DETECT_RULES           IPv4      17           278            39054        2974293        147330         41.0m  1.49  
PROF_DETECT_STATEFUL_START    IPv4       6          2461             5110        2830915         47747        117.5m  4.27  
PROF_DETECT_STATEFUL_START    IPv4      17             4            10395          49388         22010         88.0k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            11             2527          75331          9345        102.8k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         10035             2516        6008304          8141         81.7m  2.97  
PROF_DETECT_STATEFUL_CONT    IPv4      17           278             2511          92816          4681          1.3m  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          9120             2549          83815          2964         27.0m  0.98  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           172             2571          19067          3020        519.6k  0.02  
PROF_DETECT_PREFILTER       IPv4       2            11             7953          10770          8616         94.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         10035             7777       18925516         94893        952.3m  34.62 
PROF_DETECT_PREFILTER       IPv4      17           278            24313         196288         54873         15.3m  0.55  
PROF_DETECT_PF_PAYLOAD      IPv4       6          4773            13025       18911280         73128        349.0m  12.69 
PROF_DETECT_PF_PAYLOAD      IPv4      17           278             8436         150180         29043          8.1m  0.29  
PROF_DETECT_PF_TX           IPv4       6          9120             2551       13741389         45093        411.3m  14.95 
PROF_DETECT_PF_TX           IPv4      17            86             8062          63127         18330          1.6m  0.06  
PROF_DETECT_PF_SORT1        IPv4       6          3336             2523          40770          3274         10.9m  0.40  
PROF_DETECT_PF_SORT1        IPv4      17           278             2698          19703          3702          1.0m  0.04  
PROF_DETECT_PF_SORT2        IPv4       2            11             2522           3359          2730         30.0k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         10035             2517        9659765          3976         39.9m  1.45  
PROF_DETECT_PF_SORT2        IPv4      17           278             2553          37914          3377        938.8k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       2            11             2564           3354          2870         31.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         10035             2517         109714          3095         31.1m  1.13  
PROF_DETECT_NONMPMLIST      IPv4      17           278             2525          16168          3119        867.2k  0.03  
PROF_DETECT_ALERT           IPv4       2            11             2540           3697          2762         30.4k  0.00  
PROF_DETECT_ALERT           IPv4       6         10035             2518          91796          2897         29.1m  1.06  
PROF_DETECT_ALERT           IPv4      17           278             2527          17811          2902        806.9k  0.03  
PROF_DETECT_CLEANUP         IPv4       2            11             2529           3724          2752         30.3k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         10035             2547         384606          3102         31.1m  1.13  
PROF_DETECT_CLEANUP         IPv4      17           278             2525           5734          3197        888.9k  0.03  
PROF_DETECT_GETSGH          IPv4       2            11             2767           3157          2844         31.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6         10035             2514         152018          3238         32.5m  1.18  
PROF_DETECT_GETSGH          IPv4      17           278             2529          54911          6535          1.8m  0.07  


stats.log - (3700 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
------------------------------------------------------------------------------------
Date: 11/17/2018 -- 19:23:25 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 10231
decoder.bytes                              | Total                     | 7573642
decoder.ipv4                               | Total                     | 10231
decoder.ethernet                           | Total                     | 10231
decoder.tcp                                | Total                     | 9942
decoder.udp                                | Total                     | 278
decoder.avg_pkt_size                       | Total                     | 740
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 143
flow.udp                                   | Total                     | 117
tcp.sessions                               | Total                     | 143
tcp.syn                                    | Total                     | 145
tcp.synack                                 | Total                     | 142
tcp.rst                                    | Total                     | 74
tcp.overlap                                | Total                     | 103
detect.alert                               | Total                     | 7
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 14
app_layer.tx.http                          | Total                     | 131
app_layer.flow.tls                         | Total                     | 79
app_layer.flow.smb                         | Total                     | 3
app_layer.flow.dcerpc_tcp                  | Total                     | 6
app_layer.flow.failed_tcp                  | Total                     | 32
app_layer.flow.dns_udp                     | Total                     | 86
app_layer.tx.dns_udp                       | Total                     | 86
app_layer.flow.failed_udp                  | Total                     | 31
flow_mgr.closed_pruned                     | Total                     | 91
flow_mgr.new_pruned                        | Total                     | 23
flow_mgr.est_pruned                        | Total                     | 95
flow.spare                                 | Total                     | 10104
flow_mgr.flows_checked                     | Total                     | 153
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 152
flow_mgr.flows_timeout_inuse               | Total                     | 48
flow_mgr.flows_removed                     | Total                     | 104
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65383
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7118656


eve.json - (281947 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{"timestamp":"2018-11-07T20:40:47.090073+0000","flow_id":2153785670459353,"pcap_cnt":3,"event_type":"dns","src_ip":"10.22.15.119","src_port":56504,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54106,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.090323+0000","flow_id":2153785670459353,"pcap_cnt":4,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56504,"proto":"UDP","dns":{"type":"answer","id":54106,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.091000+0000","flow_id":2074303005680504,"pcap_cnt":5,"event_type":"dns","src_ip":"10.22.15.119","src_port":60638,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49958,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.091195+0000","flow_id":2074303005680504,"pcap_cnt":6,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":60638,"proto":"UDP","dns":{"type":"answer","id":49958,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.095753+0000","flow_id":145785380369929,"pcap_cnt":7,"event_type":"dns","src_ip":"10.22.15.119","src_port":55055,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39713,"rrname":"geeographic-dc.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.096007+0000","flow_id":145785380369929,"pcap_cnt":8,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":55055,"proto":"UDP","dns":{"type":"answer","id":39713,"rcode":"NOERROR","rrname":"geeographic-dc.geeographic.com","rrtype":"A","ttl":3600,"rdata":"10.22.15.2"}}
{"timestamp":"2018-11-07T20:40:47.429709+0000","flow_id":1335469846531725,"pcap_cnt":171,"event_type":"dns","src_ip":"10.22.15.119","src_port":51356,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5953,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.429977+0000","flow_id":1335469846531725,"pcap_cnt":172,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":51356,"proto":"UDP","dns":{"type":"answer","id":5953,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.460580+0000","flow_id":855131441530660,"pcap_cnt":175,"event_type":"dns","src_ip":"10.22.15.119","src_port":50261,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33951,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.460829+0000","flow_id":855131441530660,"pcap_cnt":176,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":50261,"proto":"UDP","dns":{"type":"answer","id":33951,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.541064+0000","flow_id":1385035916591496,"pcap_cnt":187,"event_type":"dns","src_ip":"10.22.15.119","src_port":65381,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40035,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.541306+0000","flow_id":1385035916591496,"pcap_cnt":188,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":65381,"proto":"UDP","dns":{"type":"answer","id":40035,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:48.494873+0000","flow_id":1696865574751513,"pcap_cnt":277,"event_type":"dns","src_ip":"10.22.15.119","src_port":56639,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64206,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:48.495193+0000","flow_id":1696865574751513,"pcap_cnt":278,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56639,"proto":"UDP","dns":{"type":"answer","id":64206,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:48.495193+0000","flow_id":1696865574751513,"pcap_cnt":278,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56639,"proto":"UDP","dns":{"type":"answer","id":64206,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:48.496201+0000","flow_id":877531843564105,"pcap_cnt":279,"event_type":"dns","src_ip":"10.22.15.119","src_port":57115,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48510,"rrname":"_ldap._tcp.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:48.496435+0000","flow_id":877531843564105,"pcap_cnt":280,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":57115,"proto":"UDP","dns":{"type":"answer","id":48510,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:48.496435+0000","flow_id":877531843564105,"pcap_cnt":280,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":57115,"proto":"UDP","dns":{"type":"answer","id":48510,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:49.980468+0000","flow_id":363907442144756,"pcap_cnt":406,"event_type":"dns","src_ip":"10.22.15.119","src_port":64719,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12011,"rrname":"wpad.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:49.980801+0000","flow_id":363907442144756,"pcap_cnt":407,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":64719,"proto":"UDP","dns":{"type":"answer","id":12011,"rcode":"NXDOMAIN","rrname":"wpad.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:49.980801+0000","flow_id":363907442144756,"pcap_cnt":407,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":64719,"proto":"UDP","dns":{"type":"answer","id":12011,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:50.618469+0000","flow_id":959658060836837,"pcap_cnt":413,"event_type":"dns","src_ip":"10.22.15.119","src_port":56888,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11931,"rrname":"Geeographic-DC.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.618757+0000","flow_id":959658060836837,"pcap_cnt":414,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56888,"proto":"UDP","dns":{"type":"answer","id":11931,"rcode":"NOERROR","rrname":"Geeographic-DC.geeographic.com","rrtype":"A","ttl":3600,"rdata":"10.22.15.2"}}
{"timestamp":"2018-11-07T20:40:50.627375+0000","flow_id":176249583604399,"pcap_cnt":415,"event_type":"dns","src_ip":"10.22.15.119","src_port":53253,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23665,"rrname":"isatap.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.627639+0000","flow_id":176249583604399,"pcap_cnt":416,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":53253,"proto":"UDP","dns":{"type":"answer","id":23665,"rcode":"NXDOMAIN","rrname":"isatap.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:50.627639+0000","flow_id":176249583604399,"pcap_cnt":416,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":53253,"proto":"UDP","dns":{"type":"answer","id":23665,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:50.774107+0000","flow_id":874280553467867,"pcap_cnt":417,"event_type":"dns","src_ip":"10.22.15.119","src_port":49247,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43220,"rrname":"isatap.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.791929+0000","flow_id":874280553467867,"pcap_cnt":418,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":49247,"proto":"UDP","dns":{"type":"answer","id":43220,"rcode":"NXDOMAIN","rrname":"isatap.localdomain"}}
{"timestamp":"2018-11-07T20:40:50.791929+0000","flow_id":874280553467867,"pcap_cnt":418,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":49247,"proto":"UDP","dns":{"type":"answer","id":43220,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":900}}
{"timestamp":"2018-11-07T20:40:52.570392+0000","flow_id":1381846903731224,"pcap_cnt":423,"event_type":"dns","src_ip":"10.22.15.119","src_port":63725,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58948,"rrname":"www.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1381846903731224,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"www.msftncsi.com","rrtype":"CNAME","ttl":1615,"rdata":"www.msftncsi.com.edgesuite.net"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1381846903731224,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"www.msftncsi.com.edgesuite.net","rrtype":"CNAME","ttl":140,"rdata":"a1961.g2.akamai.net"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1381846903731224,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"72.246.64.187"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1381846903731224,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"72.246.64.227"}}
{"timestamp":"2018-11-07T20:40:52.684671+0000","flow_id":401471226306013,"pcap_cnt":433,"event_type":"http","src_ip":"10.22.15.119","src_port":49183,"dest_ip":"72.246.64.187","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2018-11-07T20:40:52.684671+0000","flow_id":401471226306013,"pcap_cnt":433,"event_type":"fileinfo","src_ip":"72.246.64.187","src_port":80,"dest_ip":"10.22.15.119","dest_port":49183,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.972102+0000","flow_id":531557195896134,"pcap_cnt":435,"event_type":"dns","src_ip":"10.22.15.119","src_port":56174,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50057,"rrname":"Danger-Win-PC.geeographic.com","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.972506+0000","flow_id":531557195896134,"pcap_cnt":436,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56174,"proto":"UDP","dns":{"type":"answer","id":50057,"rcode":"NOERROR","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:54.974894+0000","flow_id":626117343371310,"pcap_cnt":437,"event_type":"alert","src_ip":"10.22.15.119","src_port":62513,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-11-07T20:40:54.974894+0000","flow_id":626117343371310,"pcap_cnt":437,"event_type":"dns","src_ip":"10.22.15.119","src_port":62513,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12153,"rrname":"geeographic.com","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":626117343371310,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"CNAME","ttl":0,"rdata":"Danger-Win-PC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":626117343371310,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"AAAA","ttl":0,"rdata":""}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":626117343371310,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"A","ttl":0,"rdata":""}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":626117343371310,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"A","ttl":1200,"rdata":"10.22.15.119"}}
{"timestamp":"2018-11-07T20:41:31.227579+0000","flow_id":574311450245371,"pcap_cnt":592,"event_type":"dns","src_ip":"10.22.15.119","src_port":59195,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32540,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:41:31.227870+0000","flow_id":574311450245371,"pcap_cnt":593,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59195,"proto":"UDP","dns":{"type":"answer","id":32540,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:41:31.227870+0000","flow_id":574311450245371,"pcap_cnt":593,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59195,"proto":"UDP","dns":{"type":"answer","id":32540,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:41:31.228317+0000","flow_id":648713168714717,"pcap_cnt":594,"event_type":"dns","src_ip":"10.22.15.119","src_port":59482,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51759,"rrname":"_ldap._tcp.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:41:31.228499+0000","flow_id":648713168714717,"pcap_cnt":595,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59482,"proto":"UDP","dns":{"type":"answer","id":51759,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:41:31.228499+0000","flow_id":648713168714717,"pcap_cnt":595,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59482,"proto":"UDP","dns":{"type":"answer","id":51759,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:41:31.773708+0000","flow_id":897911466217036,"pcap_cnt":680,"event_type":"dns","src_ip":"10.22.15.119","src_port":65142,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58289,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0}}
{"tim

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2018-11-17-T-19-23-25-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (76119 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:23:25. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2025064      1        5        20954711     4.59   128      0        16776090    163708.68   0.00        163708.68  
  2        2001263      1        5        6410367      1.40   14       0        6220457     457883.36   0.00        457883.36  
  3        2023626      1        3        3574128      0.78   227      0        2908264     15745.06    0.00        15745.06   
  4        2012970      1        2        66083723     14.47  325      0        1333498     203334.53   0.00        203334.53  
  5        2020865      1        3        10606548     2.32   63       0        971613      168357.90   0.00        168357.90  
  6        2009387      1        4        2098035      0.46   445      0        672848      4714.69     0.00        4714.69    
  7        2021749      1        6        8975258      1.96   59       0        622496      152123.02   0.00        152123.02  
  8        2023476      1        5        2529257      0.55   20       0        544352      126462.85   0.00        126462.85  
  9        2018299      1        3        7495241      1.64   32       0        508662      234226.28   0.00        234226.28  
  10       2017502      1        2        3913924      0.86   20       0        394761      195696.20   0.00        195696.20  
  11       2017501      1        2        3835213      0.84   20       0        378029      191760.65   0.00        191760.65  
  12       2017500      1        2        3980072      0.87   20       0        375524      199003.60   0.00        199003.60  
  13       2017499      1        2        3406237      0.75   20       0        351685      170311.85   0.00        170311.85  
  14       2017373      1        6        929250       0.20   4        0        325860      232312.50   0.00        232312.50  
  15       2020397      1        2        532309       0.12   2        0        289622      266154.50   0.00        266154.50  
  16       2017073      1        3        548251       0.12   2        0        283402      274125.50   0.00        274125.50  
  17       2022797      1        2        265825       0.06   1        0        265825      265825.00   0.00        265825.00  
  18       2016393      1        3        601382       0.13   4        0        254219      150345.50   0.00        150345.50  
  19       2020842      1        2        1019907      0.22   7        0        251162      145701.00   0.00        145701.00  
  20       2021736      1        3        462537       0.10   2        0        242264      231268.50   0.00        231268.50  
  21       2017072      1        3        2761952      0.60   23       0        231509      120084.87   0.00        120084.87  
  22       2019181      1        7        416508       0.09   2        0        226654      208254.00   0.00        208254.00  
  23       2016855      1        2        221843       0.05   1        0        221843      221843.00   0.00        221843.00  
  24       2018342      1        2        10681994     2.34   86       0        221257      124209.23   0.00        124209.23  
  25       2021735      1        4        428497       0.09   2        0        218625      214248.50   0.00        214248.50  
  26       2021993      1        2        217219       0.05   1        0        217219      217219.00   0.00        217219.00  
  27       2021743      1        4        414633       0.09   2        0        216918      207316.50   0.00        207316.50  
  28       2016537      1        2        24176006     5.29   1563     1        205017      15467.69    73073.00    15430.81   
  29       2025185      1        3        18650897     4.08   203      0        197774      91876.34    0.00        91876.34   
  30       2016854      1        3        197401       0.04   1        0        197401      197401.00   0.00        197401.00  
  31       2021948      1        2        183883       0.04   1        0        183883      183883.00   0.00        183883.00  
  32       2016587      1        6        508311       0.11   4        0        179870      127077.75   0.00        127077.75  
  33       2015978      1        7        483064       0.11   4        0        166995      120766.00   0.00        120766.00  
  34       2022524      1        4        1014664      0.22   9        0        165643      112740.44   0.00        112740.44  
  35       2020979      1        3        314417       0.07   3        0        165208      104805.67   0.00        104805.67  
  36       2022868      1        4        163047       0.04   1        0        163047      163047.00   0.00        163047.00  
  37       2021621      1        6        309677       0.07   2        0        158025      154838.50   0.00        154838.50  
  38       2015739      1        6        456602       0.10   4        0        157645      114150.50   0.00        114150.50  
  39       2016242      1        6        473556       0.10   4        0        151888      118389.00   0.00        118389.00  
  40       2015823      1        6        409704       0.09   4        0        144706      102426.00   0.00        102426.00  
  41       2018005      1        6        5253360      1.15   72       0        144668      72963.33    0.00        72963.33   
  42       2016734      1        2        413484       0.09   4        0        139173      103371.00   0.00        103371.00  
  43       2024771      1        1        18078571     3.96   2659     0        137108      6799.01     0.00        6799.01    
  44       2017824      1        3        1005407      0.22   13       0        124207      77339.00    0.00        77339.00   
  45       2024228      1        3        124144       0.03   1        0        124144      124144.00   0.00        124144.00  
  46       2022480      1        2        1223436      0.27   19       0        122602      64391.37    0.00        64391.37   
  47       2015556      1        21       122307       0.03   1        0        122307      122307.00   0.00        122307.00  
  48       2022410      1        2        669961       0.15   9        0        121058      74440.11    0.00        74440.11   
  49       2022234      1        3        826399       0.18   14       0        115156      59028.50    0.00        59028.50   
  50       2022989      1        2        324026       0.07   5        0        114832      64805.20    0.00        64805.20   
  51       2022535      1        11       1105575      0.24   20       0        113458      55278.75    0.00        55278.75   
  52       2016540      1        3        1960861      0.43   112      0        113169      17507.69    0.00        17507.69   
  53       2024829      1        2        3275398      0.72   141      0        110401      23229.77    0.00        23229.77   
  54       2018375      1        3        1930324      0.42   125      0        108614      15442.59    0.00        15442.59   
  55       2024031      1        2        210085       0.05   2        0        106676      105042.50   0.00        105042.50  
  56       2001330      1        8        9306527      2.04   2951     0        106576      3153.69     0.00        3153.69    
  57       2018260      1        4        405382       0.09   7        0        103594      57911.71    0.00        57911.71   
  58       2023083      1        2        3588445      0.79   123      0        102923      29174.35    0.00        29174.35   
  59       2022031      1        4        101573       0.02   1        0        101573      101573.00   0.00        101573.00  
  60       2022627      1        12       1148306      0.25   20       0        100851      57415.30    0.00        57415.30   
  61       2023916      1        2        137338       0.03   2        0        99732       68669.00    0.00        68669.00   
  62       2016549      1        4        276671       0.06   4        0        98500       69167.75    0.00        69167.75   
  63       2018358      1        7        169919       0.04   2        0        95155       84959.50    0.00        84959.50   
  64       2022552      1        2        7339971      1.61   337      0        89073       21780.33    0.00        21780.33   
  65       2022147      1        2        488161       0.11   12       0        88919       40680.08    0.00        40680.08   
  66       2015711      1        6        227419       0.05   3        0        87730       75806.33    0.00        75806.33   
  67       2018485      1        3        96594        0.02   2        0        87077       48297.00    0.00        48297.00   
  68       2019091      1        3        1290142      0.28   23       0        84992       56093.13    0.00        56093.13   
  69       2020747      1        8        4388192      0.96   122      0        84963       35968.79    0.00        35968.79   
  70       2016143      1        3        1631837      0.36   97       0        84377       16823.06    0.00        16823.06   
  71       2016538      1        3        123500       0.03   15       1        84209       8233.33     84209.00    2806.50    
  72       2023818      1        2        83721        0.02   1        1        83721       83721.00    83721.00    0.00       
  73       2016400      1        3        1130615      0.25   69       0        83513       16385.72    0.00        16385.72   
  74       2020569      1        1        234083       0.05   5        0        82562       46816.60    0.00        46816.60   
  75       2022770      1        2        1073424      0.23   32       0        82119       33544.50    0.00        33544.50   
  76       2022050      1        3        215169       0.05   5        0        81809       43033.80    0.00        43033.80   
  77       2018982      1        2        234442       0.05   5        0        81581       46888.40    0.00        46888.40   
  78       2016502      1        2        1284678      0.28   78       0        80980       16470.23    0.00        16470.23   
  79       2020308      1        3        2926841      0.64   122      0        78575       23990.50    0.00        23990.50   
  80       2022054      1        3        78508        0.02   1        0        78508       78508.00    0.00        78508.00   
  81       2008575      1        5        2545938      0.56   293      0        77899       8689.21     0.00        8689.21    
  82       2025333      1        1        3745961      0.82   117      117      77821       32016.76    32016.76    0.00       
  83       2016112      1        3        1921968      0.42   111      0        76882       17315.03    0.00        17315.03   
  84       2010067      1        10       1400252      0.31   31       0        76807       45169.42    0.00        45169.42   
  85       2018233      1        2        1741564      0.38   112      0        76643       15549.68    0.00        15549.68   
  86       2012236      1        2        2514887      0.55   782      0        75682       3215.97     0.00        3215.97    
  87       2012707      1        5        2582945      0.57   103      0        75303       25077.14    0.00        25077.14   
  88       2020661      1        3        1158850      0.25   193      0        74694       6004.40     0.00        6004.40    
  89       2020963      1        2        74526        0.02   1        0        74526       74526.00    0.00        74526.00   
  90       2102190      1        5        1772668      0.39   495      0        73611       3581.15     0.00        3581.15    
  91       2024650      1        1        6821653      1.49   509      0        72984       13402.07    0.00        13402.07   
  92       2024136      1        2        597604       0.13   24       0        72786       24900.17    0.00        24900.17   
  93       2014703      1        9        1693864      0.37   181      0        72665       9358.36     0.00        9358.36    
  94       2018046      1        3        106177       0.02   2        0        71994       53088.50    0.00        53088.50   
  95       2022653      1        2        275242       0.06   15       0        71533       18349.47    0.00        18349.47   
  96       2016379      1        5        1337956      0.29   83       0        71101       16119.95    0.00        16119.95   
  97       2017552      1        6        25746817     5.64   1693     0        70924       15207.81    0.00        15207.81   
  98       2019230      1        2        1871394      0.41   145      0        69800       12906.17    0.00        12906.17   
  99       2015707      1        2        221890       0.05   4        0        69607       55472.50    0.00        55472.50   
  100      2008073      1        15       2831165      0.62   122      0        69281       23206.27    0.00        23206.27   
  101      2018234      1        2        1641392      0.36   112      0        68625       14655.29    0.00        14655.29   
  102      2018741      1        2        626739       0.14   14       0        67804       44767.07    0.00        44767.07   
  103      2023711      1        2        105020       0.02   15       0        67679       7001.33     0.00        7001.33    
  104      2020773      1        2        194379       0.04   6        0        67172       32396.50    0.00        32396.50   
  105      2020698      1        2        193562       0.04   6        0        67006       32260.33    0.00        32260.33   
  106      2015889      1        9        1185698      0.26   32       0        66689       37053.06    0.00        37053.06   
  107      2017935      1        3        1141891      0.25   341      0        66518       3348.65     0.00        3348.65    
  108      2018457      1        1        2226476      0.49   66       0        65424       33734.48    0.00        33734.48   
  109      2021381      1        7        1259716      0.28   31       0        65052       40636.00    0.00        40636.00   
  110      2009549      1        6        164420       0.04   4        0        64732       41105.00    0.00        41105.00   
  111      2016073      1        7        975542       0.21   32       0        64381       30485.69    0.00        30485.69   
  112      2015744      1        4        73661        0.02   4        1        64238       18415.25    64238.00    3141.00    
  113      2024901      1        3        398430       0.09   12       0        63879       33202.50    0.00        33202.50   
  114      2024777      1        2        1626663      0.36   511      0        63273       3183.29     0.00        3183.29    
  115      2018153      1        4        99631        0.02   2        0        62464       49815.50    0.00        49815.50   
  116      2014702      1        9        1677472      0.37   181      0        62311       9267.80     0.00        9267.80    
  117      2018959      1        3        101323       0.02   15       1        62160       6754.87     62160.00    2797.36    
  118      2014519      1        7        2762263      0.60   134      0        61628       20613.90    0.00        20613.90   
  119      2016948      1        2        8027617      1.76   588      0        61530       13652.41    0.00        13652.41   
  120      2018407      1        9        193638       0.04   4        0        61287       48409.50    0.00        48409.50   
  121      2018958      1        18       103916       0.02   2        0        61263       51958.00    0.00        51958.00   
  122      2018316      1        4        922578       0.20   29       0        60552       31813.03    0.00        31813.03   
  123      2009702      1        5        2183810      0.48   181      1        60355       12065.25    31028.00    11959.90   
  124      2019344      1        5        112157       0.02   2        0        60011       56078.50    0.00        56078.50   
  125      2024305      1        2        

This file has been truncated. Go here to download in full.


keyword_perf.log - (17629 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:23:25
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            27857           8               8               4140            3482.00         3482.00         0.00           
  flow             29621938        9070            9070            101954          3265.00         3265.00         0.00           
  threshold        75545           8               0               30222           9443.00         0.00            9443.00        
  content          107251191       18929           3450            411308          5665.00         8473.00         5040.00        
  pcre             9186452         1962            231             65685           4682.00         4581.00         4695.00        
  byte_test        3905292         1202            715             55382           3248.00         3203.00         3315.00        
  byte_jump        576729          178             32              5182            3240.00         3151.00         3259.00        
  isdataat         217868          77              1               3557            2829.00         2684.00         2831.00        
  flowbits         9367984         3030            294             62591           3091.00         3473.00         3050.00        
  urilen           768523          214             106             36635           3591.00         3425.00         3754.00        
  byte_extract     11587           3               3               4299            3862.00         3862.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            27857           8               8               4140            3482.00         3482.00         0.00           
  flow             29621938        9070            9070            101954          3265.00         3265.00         0.00           
  flowbits         8875211         2910            174             62591           3049.00         3036.00         3050.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          46107021        14055           1985            411308          3280.00         4845.00         3023.00        
  pcre             2977042         695             116             44657           4283.00         3805.00         4379.00        
  byte_test        3891475         1198            713             55382           3248.00         3201.00         3317.00        
  byte_jump        555107          171             25              5182            3246.00         3168.00         3259.00        
  isdataat         217868          77              1               3557            2829.00         2684.00         2831.00        
  byte_extract     11587           3               3               4299            3862.00         3862.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         492773          120             120             27591           4106.00         4106.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        75545           8               0               30222           9443.00         0.00            9443.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2621324         603             267             47683           4347.00         4329.00         4361.00        
  pcre             1103825         190             62              33972           5809.00         6299.00         5572.00        
  urilen           768523          214             106             36635           3591.00         3425.00         3754.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20918           5               1               5770            4183.00         5770.00         3787.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          471228          103             0               56373           4575.00         0.00            4575.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51838620        2664            493             336381          19458.00        31405.00        16746.00       
  pcre             4107444         939             46              65685           4374.00         3341.00         4427.00        
  byte_test        13817           4               2               3912            3454.00         3904.00         3004.00        
  byte_jump        21622           7               7               3566            3088.00         3088.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3496494         855             364             56733           4089.00         4045.00         4122.00        
  pcre             947119          136             7               28875           6964.00         10378.00        6778.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          616612          148             21              39120           4166.00         3774.00         4231.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4245            1               1               4245            4245.00         4245.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3271            1               1               3271            3271.00         3271.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3135            1               1               3135            3135.00         3135.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4305            1               0               4305            4305.00         0.00            4305.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          132484          42              3               4056            3154.00         3141.00         3155.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1188001         276             142             34018           4304.00         4717.00         3866.00        
  pcre             51022           2               0               46329           25511.00        0.00            25511.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          542391          117             117             40360           4635.00         4635.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3496            1               0               3496            3496.00         0.00            3496.00        
  ---------------------------------------------------------------------------------------------------------------------

This file has been truncated. Go here to download in full.


unified2.alert.1542482602 - (54666 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
4[ãMÖà.ªf!
w
ô15¸[ãMÖ[ãMÖà.œ‹÷ j/ÑnREŽø€z
w
ô15z5Þ/y(geeographiccom
Danger-Win-PCgeeographiccomþÀ!ÿÀ!ÿÀ!°
w4[ãOP
ßÑΏ!. „
wPÀ8[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pèìýÿ„Ò0‹ÿÿÿ8udë¥ÿPÿÿ‹E€ jPM¼ÛÿŒ^‹u€-jcjž è‹%è¥Mǵ‹éP¼Ç3Eut00I€ËE0ÿ»:ÿ àh®Ù‹lWÿ‹W—­4§h£‚±]ÀxW3w
‡¯Ð
ÀB5Dh̋áË1
c_ =•äK~)
³Ì̧T¥#$‹à8(CYpÊôÌèÐBÄj¦4'ÌWÌhWÿÊ8€+,`ë&ùô§‹ÿ̧ÿh\áQ¸uh‹	ßõbRى‹Z¢‚ ¿ÉM¨pÌN3W§è¶Z‰²²Ìƒh•Hhh&%hÄ|OÅvz3	q+!)X{ÿ‹§W"IÁœ5¬‹žB(Y3WÌèjXúÝ‹£ÿ‹WWhÌÿĖg­‡H	Úè苋.`ßtLÌ觼ˆ
}êq
—L‚A§‹@ârÁ^À*hh€=ô‡•R.	ñʧ6º€RÒhhA˜‹èhh†<}jÓÊÙcèhhÌÿW§à®àWÿȩ̧̘̀£?¤e(‹K‹(é8£ñöÿL§hèh/uÁÎ$»—šwŠ„Õ8& WÿgÅU>ʒWWxTÕJH hW\t(
èh÷ž;+à@Ê&x-ȓ§‹èÿ©µŠ]Ý;ˆ      ÄÂ×rŸ"ø§SRȦ|â‚ã    ƒö]Mðؐÿëð‹àèÓüÿgô•ýçùlj‹ÀÀ‰ŸY0sð¿0PEW yXÍ °4ÇËè ÿú
  7Û". áщ2$™о;p2¬¯Lÿ{ˆƒD†ÿ7* ‘¡º[2κ 8G†ûM RÂv‹ÿF苅P‰pg%f^9ÇE‰ÿ׎0EìÏfþ b0ÿþWMQÿQi‰‰ä
ÿ‹ü\ÿÒtȋUƒ¼ü‰ÌhMF
‹ûî\VèäüèÈÿ‹Q÷ÿç0é à胉…ñþ×{ž,öu.‹ ÿé1Bÿ¸ÒEèÇÿ0EÃÛÀ>xkHÿü]ސ„\‹7íZõV…ÿVüìÉ(ÿVÿÜÍtY‹Àséèè@DÿE‰¿0èun‹òøëüÿ3eðë‹NèÿúlØÿP‹ÙN‹Ö0ÿ9WøERP¸ÿý͙ÿh…ÿHhPö…ÿEX݋ËBQÿÿ{©udðÿo‰óù‹ÿ‹rKsàÀEjÝûMuèÿéLÍr÷uíVèÿü‰ÿéAÈt$÷àü¶V¶èoSPÿPÿþ……ÿJ@]3ëÛ‹ð]„è0DœË„ÒÐè ä¾ŠS‹ÿÀ}ÿÿÿC….shÝÿÈèü1–ƒÀ[j÷üÿ·üi ‹ž„ÿu)ltäpÀìÿÆ_ÀtEÿPèó@è]ÿ䋄
ÿÿ]0"•‹ðïý*ÿh‹xRUøÿïPÀ`ë
0ÿ0F)ü¬ÿÁ
Ge$è… SÀë|uƒV€ec‹3€…sü0ÿP‹…ÿ0aÐ ^óâÿF„ƒY¡ýèøNèSÿ…Ëp‹)÷%ÉC¼Fonuÿ
ÿÖ$½ƒÿ*üP3EÜÿi]é0u0¸èAn‹VuRÌsp
0ü[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P–¥+gÿªÿsWÄþIEÃ6Mÿt_‹JÿAqÿ.‘…Ùÿ ÿY_¸7ÿÇ&\V÷‹‹ðèë¬ÚÑlÿéÿhL‹ÿðÿB¨ …Fi€X%…‡,ÿé4P
ýi.ÿÿÿÎ!+f0èÿ¬d‹èp8ÿ܄hÿï‹ÿ‰3ÿTPeøÂéƒ%SUÃCYÿÿ3P‹MÿÂuüÿÿBÿ…PÿÉÿuÿþ4ewÿð…0tMQ³t%Æ΋H;0ìÿhÿŽsV~èþohE¥‹žþ¡…&þð$ä‹êèYÿu%5…*åÿƒ…‹cÿäÿèy9… ö8üè•fÆxñ… oÿÃo]huQ0Pƒÿ‰7þ½¯]ì»u胡:ŽA€ÿÓÃè,ÿ0PVÿÖ3_ÿƒ·0LǍÿ59lõýMÐ0ÿƒÿèè‹ÿ¸‹u‹uut…‹¿…‰Gɍc‹‰V^Éÿè0µÿrÿQ¨J è¸Rpÿƒÿÿ1Ãð2ECˆ‹…Ø‹eVÿ…TDrÿÿØpuÿ‹J‹0ÌÃèÿ{ÿMø‹ÈJ«}öu›En‹‹Äze…ªÿüü÷Sè„þÔMìèÙ0GÿH ÿeéHÿ¥‹0‹Ypuü0‹tó8‰‹×‹_iPÿüË0P E‰t0›…ƒðþ“荍ø=²ü´…þS/èéëw€eÌð0N ‹P‹òiöuÏ
tÿDÿ¤Äì¸èéy‹ÿ5;i.ȅéShé3ÔÿÉ@j ÿÿeè‰h pÿMÿÿŒó‹è‹‹‹Hÿr‹èn¤à0v,‰]èÿý•%X胚00…GMìUÿu…ÿóíE_#…õÌEÿƒ‹ÿuiièèè\‹;N0‹îuuÿƒu…ÆÈðè=ÿ…N܉JÿUa·BEFÿÿÿ…ü‹g4ÿâ¶ÿÀ¼¸ÌÿEsÿöWüyƒuìhW®1ÿée„”pojPÿWN*ÿ…sèy~sÿ‰‹‹éÿ3t0iԋ‹ÀÿŒPèÿ‹Yéÿ)nP(ÿþ‹ÿPH3‹(‹®‹ðÿÿSO‰L¡‰iøð‰rHéÒC^4ÿ3ðð‹$Vÿþè®3PH‹ð¥P$Øÿ0u;B7Srsÿ0 ö¹Dguµüeé0½P…ì…Éw]ÿSÿ‹WüTjÿKÆðHÿÿü¡ÿ!ÿSÆoLuEŒ0e]Ãfª0èøÀoéað‹ÿÌ蜏nÊEˆ‹hCVÿÇÌuÿcÈ!¬%þP^déÉ7Ûe˜,éëèE0li‹ûÿ@In‹ÿ³T£\A]›àðhÏÿFÿÖ0ü‰‹þçÿi]U0Uv`ÿuà]PÿM$•­Üððar…~0l“å0‰ÿë+fÿV‹3ìV‹.µì‚0MÃè‰èQÿ*@ì$0ÿa|h@Uÿ„ÿFþYÿÿaÿÆè^BÀ!I3Äÿ¸èýru†GÿƒP~ÿ¤t‹YWj;DvûUÿ8ÿð…ÀVDÏh…è[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PèèPB£PEÿÀ(0ы‹Œƒÿÿé	ÿ_èM‹Eó‹ÿÿUìÎÛöÿ^tjƒÃûýÿoð‰ÚteV„^Mst¹&
¸iÐdà‰ÿ‰¸~¾Âôÿ‹èi¸0;ËP~xÿöØEÀ‹AV ÿþPÿuUEÄыäüÿ½(‰¥$©lÿ‰PY¥ýÅå…è`‹‹ÿ
ÃÿÛÈ„µè$ÿlsuÿG‹r­Tÿéÿètþ þÿeÿü0ûɉÿE?j…„gü€‡èWÿöˆJÿÆý»ÿhÿè…;öutƒÿB[:1ÿKXÃ
d¾Jt‰fè]oêƒbì†é%‹o‹ÿÿˆ)9d0ÿ èu…Â%*tj%ÿ‰‹ò¶ 0Úü =ÈÿnÀ0Q¢Pt€‹ûþë}Ïÿ0‰0‹V‹à@½è‹]ƒ3ƌÀ‹sÿ¡P~ÿt©veÿ0g€äƒÿ3hÿýHü¡u/ÿEoür]ˆ÷‹fÂÿé0E‹“n‰P‰èA|ÿð‰W…"ÂEÿ>$MVεÄÿÀlÐt[ÆüƒëÍ4ÿ‹0Ès¸ÿë‹
þäoüÀÿ‹ÿ0É| ‹ƒÏƋu¡%tþ‹éò0‹ÿëaÂÇ0‰Èô‰ÿÚülÉü‹…ÿ;Àœ‹ÿN¾Ãÿ%•âeéH‰ÿ[^MV*éLnÿŠè3lÿ0‹f¸èÿÿë9ÿÌì]éð‹$„n[èEtè0üEÁŸÿÿ(|ô‰„‹ÿlEQ‹u½xr©|àÿ0 ‹ÝW]SYìtè ÿÿÿœ£0A0‹ÜV>ìÿ‰VPÿDuéþÿc‰P‰d‹áÀs&Aü€­ÇNVÿ¬PÆd¬üMMÛþY$2bto6Mslÿ¹P…Ut;‰P‰%Døp‹€ÇxÀûÿFÿ"¬Ü‹ˆoMh‹ƒ.uÅ]L1‹ýÿé*¹Q„‹‰ÿnWúèÌÿ‹ìÒ̬ÂýÿÄVÈb¹(‹‹"Îω…ÅèY½<ÿ‹ÿ}ée…ÿVÈMÄh‹ƒY·cùcü"å"ÿÿ0©&Eÿÿ¾èèEƒy·iŒ}¬}Dÿguÿ‹¸ƒ‹Øh ÿÎÄÿÿô‚l0ûä0è^…÷3ðsk…L˜ÿÿ}ɾêua¥Âÿ.Óx_ni9éèð0E‹øWp0‹ñðh¨…ô…•M‰Kñ
üEj艙Ш\À‹ÿSÅüÀÒVQ
…û=Aÿ0ǐ‹tÈj/µr냭…éýVü‡‹ü‹æ…üÿ0"ëW-ÿ‰ÿ0}Ý>è‰ÿÆýj”èSE=˜Tà¹iwÿhèP30T<…jt2ÿ؄h¾Y10§0Ê8j©Ìÿaì¨ÿƒðƒÿuhcÿ‹…èÿ0ÿ„Àƒ‰‰‹ÀŽ3£ah@ÿ‹4i¸þèÿɘ‹PUüÀ‹ÿ… …èÿëÿï‹EMèŸÌÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PÑ9‰ ‰QüjöItiEêÄíèè¸ÆÌÿn…_ŒTxpþÿñuHÆUìÿ}„S‰<3u>@Pþ㍓¸0]ènÏÿÿ]P0jˆèÀõ…øWÿ0+‹2«ÿ‰%ÿÖPE3…füÙn…ÿÿjPÿãtà…è 3o0AU¶o0‰PxìÿýSþ‹o‹e…ßÿWÿ%ÿ0j0e¸nÿ1E„‹ø‹jtuÿàƒ@3ÿ°0…<‰â‹ièü0t‹Øª8Rå0±jù)cË0PDÿ¦ÿ‹ÿ;à0tƒe!uÿ>0$VÿSÈR4¸ÿhv€$Y,‹½PÿfWMue\0N0Hs0€pøþJ÷SÈ
_	QØòƒe‹ÿüÿ‹ÿ`ŽÀ?hÿøèQû‹f‹lØÿVýÿPØxô¡ ąjE‹‹tfVdPVÿù0é0‹oÿ,ÿ“OPm‹jÿiYÀÿÿÿEÈèÁ#…ÿÌ~jÀÿDPtÿÿƒP"èøÿó(ÿëh‹ÿ¬VP…PSPBëNƳþHfÿ‰ƒeÈÿvƒÏÿÿéÿÀ¾…ÿÿÜ]€Êýàÿ;^Pùʀcx‰$¿hu9u‹û°^‰0ôUoWÿEÀrg¨„õìÿóÿ‹ÿÐ ucÏâÊüÿuE"tœ0þÀCðèeìš]Àÿxý…štõWøÇh]‹F%SüElü¸ÿǍfAÿÿ÷‹viPt0ÿèÿ‹ü‹‹‹ÿÿt‹uÿìÄÿ s0þ0	ÿýÿ)•ƒþþ0é‹ÿ‰ì ü…cPtÿèPtuNCuÿÂaüÿÛ!‹Dÿ0ßPèðÿ…üAlS$…Æ0ÿÿoýÿV…uƒü_‹0ìtƃèéDÿœ¡$Mô‹$¡ŽþY‹wý ‹Èÿ€ÿÖû‹8‹ˆýÇøuWüþèå.‡Qûÿ…ÿÎú0
0ƒÆï6þÉøÄtÿ0ˆÿ]t9QEs¸WÂ0RþøSÿE$°vEGu`‰þöÿ@ðØQ5ëW‰rеr0M+þ0HQÿý;ÿè
ÿÿ02ÿüüþ^0Yô-dƒÿÿEë00nu…èø„ÿèþÿEƒÿè‹è’ÿFðû‹J…NPuËÿÿ‰¿
‹þ
…P‹EDzhé+FÿÿhèÿþÿÆì0cƒ3$ðìÒe*fG‹ùƒéŠ‡PüP…uFA…b‹h‹¼ˆÿÁ
ÿ‹ÿs‹*•…ÿÅþÔü0þèÿQÉ‹ÿEþÙÂÂ^jQÿǹ‹‹BŠ‹ñÄ|0sñV荰ÆNÿÿê3o‰@ÿè}Ç  ¿0èþdð0Eÿô[ÿE…	‹”ÿx‹…‹*…èÂBW0Æÿÿ	3
m‹jÿ…Q
Çq‹”ÿ‰ttÀtˆQˆÿ0öM0¦^…ÿuiþü‹…ÿýyPóuùe]ÀQéMÏ$$ÿf‰
”cƒ‹è9d3„(0ÿè[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pˆxèÿÿ0–½t*ðMs%=„öÁÿjMVWPèÿƒn›t30u*Doxf¸üEDÿŠ
%i¼ÿÿƒÿM	pè9‰shèMàì•ÿuj1… ²ðuû‹iÿëà{èèÿ0ƒud…üWûýÿEÿÜÿÀÿÿ Tÿd¹N¸‹éTuðÒN3ÿèVöý°ÌsiG}FÀ0èD_€YVLë3M‰_Tq\š9•Y3Eÿàël8EQ@CUTéÿ$¶‰P"C³Å\$”‹jþfudÿ‹%0fV4õÿhiÿ‹%ÈE‰{Crg‹èÿÕèÿ,nÿ u7‹tÿnÿEmèuNWlÿEøM‹hréuÿ;+@ìÄiBøèÕP‹ÿWýGxÍé¬öt‰èƒèÖàÿÿÀÿBÿè.‰”ïÿ#x…Ý1EðyEV±[éÿ͍è*tˆüýEB‹tÿS‹;Fÿ3ÿÿÀP3&08Ô9ÿÿ荐W~Pÿÿÿ‹]}Âï¸ÊEµ–.ô=ƒEðj‰0uýÂÚЋé3Nppˆ3þi1ö¹Yÿèe}AÅd‹ÑÿTÿÿi¸ƒ À
 pÿà)Aÿsþ'„uè0%ÿòtTàè‰]͐ÿ•DmÿWÿBüÿð]×Vuÿ†lÄnt²fþqµ¡gèfV7Ç1ÿ‰å+ÿÿEü m¬¹6ÿv‹oSsét}F QƒÄÁ ÿlƒ„ÿM0jèZƒ…‹Ä0‹è½‹Q­otPÿe^¸ÀÐC‹NÿjÀÿ0eèC$ÿ¶P·ÛÿH}ÿ…6ÿ0ëŠèZ¾0T%è…eOÿô#fÛÿÏG[ÍÿDé„ÿ_QYÖM¬éƒuLÚþtj‹^AÿhÇP!ÿp#ýtÿ°‹ÀҍEE'^i½Æÿèì=V<;PpÿP½uøÿÿúM¾_ [eÊY…À‹Q‰þ»žxÿ½ðöt©B‰‹‹ÿtàÿäTM0ÿÖÔ=DètÿÿEuhYÿ@ë‹
ÿ¸@E‹¨Tÿ”ÿƒ…ÿµ"éYè¾[þì‹KMY$Eÿ‹MStwfÿxJƅÿEƒ‹eˆý
ˆ0fAðþиÀù!ÿ¸+f$ÿIÜtëeÿ‹t6éȃPÿvhօÿvEÿY‹èE…‹VÿEÎ0å…ÿë‹öüU}ÿ…Áÿÿ ˆ@ÎàtMè´uÂÿ“àMäEÿoÿñÿ»…EtÉIƒEÿuÿYPJ¸ÿVû0uÃuùyj‹Ç3tÂËÇìOOÿ"EøðT5ü±ÏèV„.M…éöÿC3ÿÀÿ0ÀQÉÊÿ·raÿÿì…èTÿ/"dÀȋþÔÇBÿþÿMèü‹$Áübfg¸‹ÿÿìÿ3é tU=aÿÿEŽÿ½t0ÒÖ¸„Wÿu ×ø&M€¸µÿ=;P0Wÿü{jÿ<¼ûÊ£{ÿW‹8ÆÿSsÿÌÿø·çQBÿ·ÀþMÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P¹t0j3AÛ¿ÿþëÿtŸÀs¼ÿ‹À‹x‹$˃»ÿÿu_tÿÿ{ iˆFVu7çél*Ÿ5MVòþÿÐMÍÿt°PörÿaÿSKb†u'BDù¨P"Fÿä÷ðÙÂP0ŽT‹"n‹Eéx·ÿxwÿÿÄiÙEèÛ7ÛWð0Üÿ6ýPRè3u¢òì[ÃÌÌÌÌáD°{Ú壳`»
íÄìq	=‘ØIJ`
¶ä;ŠCãg¿'j
·a[}}c
“ãpÁ|}hc¢œ†»²¶Å‹G`‡_í}½ú‡e ‰nå×ãmA‡a;º³naA¶ìÆoÚdh=ÁCdÔ¯k3`WæÔE/JÛ¬Þ<ÏDÕ­^[óóØÜk4@ÝÕBVÝS‹WÝOzfÝæ‹h½5þ$Ö}š
¿F]"­šºë#qò§ßî¸Ý^Û©ë[s
(·\Ýx|ÓuݽwV·ù'V»i.\a½¤šî3h#žÓ"qf2y{ÝI‚ê=+ûâe#kYÀ!r4rúòrIS!CyÊ钣¶#ËHP‰áÌmÖ™rƒL@Hï×&_j˜*A/ê|)ÈEi £Nò9Ûô¡1€pˆ)™‘#SÌÓ«¥Ï` IJquÙ»êÀüÿè‚ý£¤Áùx9ۛÑpP!g@ºˆÃò+ñq‰mX*Ž€rf‰ï$pÙ\+	ØÑsÀüÿè‚È¡5´Ž¡t6‚öó›ùì#¨àd’*"2d»á ö"
Iᔉzù(I[	ú€ËšYøí*	‚¸ê2gߢù~â‚ª"aIßáÐ*"Ay¢„™zVGX[c>ØÚcÈA¾ÀI‚ŠIm¢*zˆ(ÖD㬩ðmÝÃ?« #«^€lä²6ÔÃðLždY@a€SÀĶ}u;€øEÕö}Ú؂»Ö ›Ö.]ãi¡¤˜ùƒU¶6w£JydD‰r’ý%/Ù*Ify%þ‰…"­ØƒZLÂiU£d6‚I	ù&ËS®	ûf]“[¡¶6¶¬#ˆa,À^:Ý{Âd†
‚þŒ6Ê܎û¶óUƒB¯|ºAªVÌwyÂV‚ëǁšoE÷8xɸ£‡l)<)wä©ð€Z©£]šC`*ªtcÊ’©ÎQÁß~Ãæ.y[¹ÏxI’èÌ䢦™%ό¢*	i¬¡5´‚®Áf…÷Ύ1ÃĎ8Cª[@’9=œ-¼ƒ“Cä
¶±(yÛÃMÉÆ®9HàI˜ãªÉ!f,>¥¼‘ƒ{¢1‘ª‚ç.yˆ,I”ØĞ’¸ö]d £»«P£4¶¡E¦Œ§u›«ÃfŽÈΎ:Çû˜‚æ
Êî®ÃÞ*º6Ñ}“w)š£)¦¢%Ëv]ÕöÝö£©Íñ©Ìi_ÈgùuÿŒ@^xBdžzÃè2{wVT]K›Ö¡Ž‹äHß)hƒ`ªyß)HùR`Aèªr·ÅºË?¯â5…’¨Q
lmw"Iy¤+«êKÐÚx¶E¶p¢ivpÂR¾Á¢HôUKh2HÅ#íi.Ê؞£5‚©]a,©š)}EC£PE÷:ÂZ²¡|–«XUcs‹Ð‚C4eË늀ª]€wyuÿ8cç6š‹wY˜«‹£ Êk‚©‹'ã}ÿLªª^l‚š"H‘mt‚+ÂPˆ«¡}á”Í*J×®+ú<AÔuÙ`:	‚¨*Aª*ª
A‚ª"Hª	’*"A’Š(H’"
I’ˆ"I’¢(I(*I‚Š*I¢*	‚¨*Aª*ª
A‚ª"Hª	’*"²[ãOP[ãOP
ßÑ–EˆÍB. „
wPÀ8P<iA’Š(H’"
Izˆ"I’ù©¢æ<hI	*YR¢£ŠE¼hAPªƒò¾`Hì4€á6’››†`
;\YТ~#@¢Š§òŠ²h	}§ò{¾hD'¹×’è"ú«`%+"Ì)8
’ÝÝÊ)ò2’¢\A™«PYÀŠÁV›!íÀ¨A`UÕn“’Gö­H€ªâ`£¡;‚È(Ãé’	Ãɒ¢(ÌÛ\:-	Ÿ*I¢¡æ!'Aª*Ó©C}	ãrÁ
K’+ãÊ!M<
’Ì?®±ì:ª)£Òj*‹Ü{#PÊ*9‚¨{+U¹ßè
Ü#¡ó„è€UنÊ!M<
’¯±¦†Ê"`e£Ð¶ò£¹Ò–È*zâB	²¨*¾â¾@í9ÝUÀªxÁW#‹Ê†h"Ê؞£:‚!¹3‚Ê")aIÄP4§¨ØzïéÀ¨ÂÛlUՋֺò¾`HðU~ÂՑ‚†È( ÁÞõ¶ólA‘ì$J\,@	êŠIó@	};ýUÒª£‹­¾HAâU‘‹„èYm™…UЊ×ûè2HIz-Ù¶m!ìYs@*ɂŠ@IïéÀ¨ÕÒw¾h™)µUÀª«ËS¾J	©éUЊ«¨–§Ê=‰è¯Ž/fcCzÕ?†u™öà*áƒTÕ¾n:ir!‰Š–è"Ëp¨Éæ/©ža+ÃÔ*õ?ŠØÝú-¶jIú‚Ѷ}ë¡ÊÛ¶h	H(ÄPÞ2ƒ©‚#ØKƦš->`AÀÝÀ.hÝõÂ)76’¡Wu™oÀ!>)mY+…UÒª¡O:#‰ò–è"Ã#1K’¡\uu\\‘™pYЈ©Êq¶jI—è^M}½Õ™›±À¨¡?¨/Õ|©±;’è"ÃIK’¯â5–u·B©‰‚†Ê"l’£(I—×^I	å]R¢zc†W™î„è*÷¡Ð‚U±“„èŒR_Ê)ð8
’©¹æ†Ê"Hl/«†j*èŽBI¢*^};ñUÒª¯Èg¨ÇBm"Xª1þàñ©ÂèšjH¡½]Ј©ò%¶jI™£…]ÀŠ‰ìQ€‚1>#ØD–‡Ãzª"HŸBÄՑö†È(ÃÊÔ²mwB¶!}<יš–È*¶£>K‚W˜Áª*à@Qõ¾ã!¡ƒ„èŠr+§æ—×û96HIm;•]Т×û¶(*I}8ŠI¢ÂÂyWÕÊ#>J#øBԖ¯úhª	XG	ç\Ð"Z#wTEmŸ]P(ÕÚYžhIG)l+UÒª¡F+ËA’ª"Éqªøömy©?¶ÏH’"ŠÌmü%ò–¢(Iù-‘K‚Š*Ân†«î‚¨*aU^ÓIÈ]ñ¯Û_¾J	À}smó\Ð"UÊT m<1/“Ój*r!"*	è¨ÕòS¾hí9íUÀª©ûêºJ	ö‹A’Š£ž¡ÊE+@"I’)(rb0^M`}ÁT›)™À¨+°â6ƒ™Ð‚#jP!§Ð*«	²«2‚`
HU‹¡ú†à(-™=*I‚Š¡Ct+'	‚¨*ÊA>JøZhBƒð‹Sûœž+ƒè»ÙQ,7Ÿ'µïESPÜ8ï#‚!‹•ÔÙwI.Úª®ãuLÀPÓ/[Îô^õ몛„5}<ÁÕê”ânَ¢BŸú)œ€Ûþ¯«ðÄîVWgBL®ª7UÕ`a½.á|ÈhëÜÏ?'¨
eCT¥vÂæ؇\ô¼·AUwß#÷Ý$xB[ßÒ9Ž0ü8¶Ëikëä+á6åUkDõþ§«LÖéñ4å5,ð4[ãOP
ßÑÅ. „
wPÀ8[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pèìýÿ„Ò0‹ÿÿÿ8udë¥ÿPÿÿ‹E€ jPM¼ÛÿŒ^‹u€-jcjž è‹%è¥Mǵ‹éP¼Ç3Eut00I€ËE0ÿ»:ÿ àh®Ù‹lWÿ‹W—­4§h£‚±]ÀxW3w
‡¯Ð
ÀB5Dh̋áË1
c_ =•äK~)
³Ì̧T¥#$‹à8(CYpÊôÌèÐBÄj¦4'ÌWÌhWÿÊ8€+,`ë&ùô§‹ÿ̧ÿh\áQ¸uh‹	ßõbRى‹Z¢‚ ¿ÉM¨pÌN3W§è¶Z‰²²Ìƒh•Hhh&%hÄ|OÅvz3	q+!)X{ÿ‹§W"IÁœ5¬‹žB(Y3WÌèjXúÝ‹£ÿ‹WWhÌÿĖg­‡H	Úè苋.`ßtLÌ觼ˆ
}êq
—L‚A§‹@ârÁ^À*hh€=ô‡•R.	ñʧ6º€RÒhhA˜‹èhh†<}jÓÊÙcèhhÌÿW§à®àWÿȩ̧̘̀£?¤e(‹K‹(é8£ñöÿL§hèh/uÁÎ$»—šwŠ„Õ8& WÿgÅU>ʒWWxTÕJH hW\t(
èh÷ž;+à@Ê&x-ȓ§‹èÿ©µŠ]Ý;ˆ      ÄÂ×rŸ"ø§SRȦ|â‚ã    ƒö]Mðؐÿëð‹àèÓüÿgô•ýçùlj‹ÀÀ‰ŸY0sð¿0PEW yXÍ °4ÇËè ÿú
  7Û". áщ2$™о;p2¬¯Lÿ{ˆƒD†ÿ7* ‘¡º[2κ 8G†ûM RÂv‹ÿF苅P‰pg%f^9ÇE‰ÿ׎0EìÏfþ b0ÿþWMQÿQi‰‰ä
ÿ‹ü\ÿÒtȋUƒ¼ü‰ÌhMF
‹ûî\VèäüèÈÿ‹Q÷ÿç0é à胉…ñþ×{ž,öu.‹ ÿé1Bÿ¸ÒEèÇÿ0EÃÛÀ>xkHÿü]ސ„\‹7íZõV…ÿVüìÉ(ÿVÿÜÍtY‹Àséèè@DÿE‰¿0èun‹òøëüÿ3eðë‹NèÿúlØÿP‹ÙN‹Ö0ÿ9WøERP¸ÿý͙ÿh…ÿHhPö…ÿEX݋ËBQÿÿ{©udðÿo‰óù‹ÿ‹rKsàÀEjÝûMuèÿéLÍr÷uíVèÿü‰ÿéAÈt$÷àü¶V¶èoSPÿPÿþ……ÿJ@]3ëÛ‹ð]„è0DœË„ÒÐè ä¾ŠS‹ÿÀ}ÿÿÿC….shÝÿÈèü1–ƒÀ[j÷üÿ·üi ‹ž„ÿu)ltäpÀìÿÆ_ÀtEÿPèó@è]ÿ䋄
ÿÿ]0"•‹ðïý*ÿh‹xRUøÿïPÀ`ë
0ÿ0F)ü¬ÿÁ
Ge$è… SÀë|uƒV€ec‹3€…sü0ÿP‹…ÿ0aÐ ^óâÿF„ƒY¡ýèøNèSÿ…Ëp‹)÷%ÉC¼Fonuÿ
ÿÖ$½ƒÿ*üP3EÜÿi]é0u0¸èAn‹VuRÌsp
0ü[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P–¥+gÿªÿsWÄþIEÃ6Mÿt_‹JÿAqÿ.‘…Ùÿ ÿY_¸7ÿÇ&\V÷‹‹ðèë¬ÚÑlÿéÿhL‹ÿðÿB¨ …Fi€X%…‡,ÿé4P
ýi.ÿÿÿÎ!+f0èÿ¬d‹èp8ÿ܄hÿï‹ÿ‰3ÿTPeøÂéƒ%SUÃCYÿÿ3P‹MÿÂuüÿÿBÿ…PÿÉÿuÿþ4ewÿð…0tMQ³t%Æ΋H;0ìÿhÿŽsV~èþohE¥‹žþ¡…&þð$ä‹êèYÿu%5…*åÿƒ…‹cÿäÿèy9… ö8üè•fÆxñ… oÿÃo]huQ0Pƒÿ‰7þ½¯]ì»u胡:ŽA€ÿÓÃè,ÿ0PVÿÖ3_ÿƒ·0LǍÿ59lõýMÐ0ÿƒÿèè‹ÿ¸‹u‹uut…‹¿…‰Gɍc‹‰V^Éÿè0µÿrÿQ¨J è¸Rpÿƒÿÿ1Ãð2ECˆ‹…Ø‹eVÿ…TDrÿÿØpuÿ‹J‹0ÌÃèÿ{ÿMø‹ÈJ«}öu›En‹‹Äze…ªÿüü÷Sè„þÔMìèÙ0GÿH ÿeéHÿ¥‹0‹Ypuü0‹tó8‰‹×‹_iPÿüË0P E‰t0›…ƒðþ“荍ø=²ü´…þS/èéëw€eÌð0N ‹P‹òiöuÏ
tÿDÿ¤Äì¸èéy‹ÿ5;i.ȅéShé3ÔÿÉ@j ÿÿeè‰h pÿMÿÿŒó‹è‹‹‹Hÿr‹èn¤à0v,‰]èÿý•%X胚00…GMìUÿu…ÿóíE_#…õÌEÿƒ‹ÿuiièèè\‹;N0‹îuuÿƒu…ÆÈðè=ÿ…N܉JÿUa·BEFÿÿÿ…ü‹g4ÿâ¶ÿÀ¼¸ÌÿEsÿöWüyƒuìhW®1ÿée„”pojPÿWN*ÿ…sèy~sÿ‰‹‹éÿ3t0iԋ‹ÀÿŒPèÿ‹Yéÿ)nP(ÿþ‹ÿPH3‹(‹®‹ðÿÿSO‰L¡‰iøð‰rHéÒC^4ÿ3ðð‹$Vÿþè®3PH‹ð¥P$Øÿ0u;B7Srsÿ0 ö¹Dguµüeé0½P…ì…Éw]ÿSÿ‹WüTjÿKÆðHÿÿü¡ÿ!ÿSÆoLuEŒ0e]Ãfª0èøÀoéað‹ÿÌ蜏nÊEˆ‹hCVÿÇÌuÿcÈ!¬%þP^déÉ7Ûe˜,éëèE0li‹ûÿ@In‹ÿ³T£\A]›àðhÏÿFÿÖ0ü‰‹þçÿi]U0Uv`ÿuà]PÿM$•­Üððar…~0l“å0‰ÿë+fÿV‹3ìV‹.µì‚0MÃè‰èQÿ*@ì$0ÿa|h@Uÿ„ÿFþYÿÿaÿÆè^BÀ!I3Äÿ¸èýru†GÿƒP~ÿ¤t‹YWj;DvûUÿ8ÿð…ÀVDÏh…è[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PèèPB£PEÿÀ(0ы‹Œƒÿÿé	ÿ_èM‹Eó‹ÿÿUìÎÛöÿ^tjƒÃûýÿoð‰ÚteV„^Mst¹&
¸iÐdà‰ÿ‰¸~¾Âôÿ‹èi¸0;ËP~xÿöØEÀ‹AV ÿþPÿuUEÄыäüÿ½(‰¥$©lÿ‰PY¥ýÅå…è`‹‹ÿ
ÃÿÛÈ„µè$ÿlsuÿG‹r­Tÿéÿètþ þÿeÿü0ûɉÿE?j…„gü€‡èWÿöˆJÿÆý»ÿhÿè…;öutƒÿB[:1ÿKXÃ
d¾Jt‰fè]oêƒbì†é%‹o‹ÿÿˆ)9d0ÿ èu…Â%*tj%ÿ‰‹ò¶ 0Úü =ÈÿnÀ0Q¢Pt€‹ûþë}Ïÿ0‰0‹V‹à@½è‹]ƒ3ƌÀ‹sÿ¡P~ÿt©veÿ0g€äƒÿ3hÿýHü¡u/ÿEoür]ˆ÷‹fÂÿé0E‹“n‰P‰èA|ÿð‰W…"ÂEÿ>$MVεÄÿÀlÐt[ÆüƒëÍ4ÿ‹0Ès¸ÿë‹
þäoüÀÿ‹ÿ0É| ‹ƒÏƋu¡%tþ‹éò0‹ÿëaÂÇ0‰Èô‰ÿÚülÉü‹…ÿ;Àœ‹ÿN¾Ãÿ%•âeéH‰ÿ[^MV*éLnÿŠè3lÿ0‹f¸èÿÿë9ÿÌì]éð‹$„n[èEtè0üEÁŸÿÿ(|ô‰„‹ÿlEQ‹u½xr©|àÿ0 ‹ÝW]SYìtè ÿÿÿœ£0A0‹ÜV>ìÿ‰VPÿDuéþÿc‰P‰d‹áÀs&Aü€­ÇNVÿ¬PÆd¬üMMÛþY$2bto6Mslÿ¹P…Ut;‰P‰%Døp‹€ÇxÀûÿFÿ"¬Ü‹ˆoMh‹ƒ.uÅ]L1‹ýÿé*¹Q„‹‰ÿnWúèÌÿ‹ìÒ̬ÂýÿÄVÈb¹(‹‹"Îω…ÅèY½<ÿ‹ÿ}ée…ÿVÈMÄh‹ƒY·cùcü"å"ÿÿ0©&Eÿÿ¾èèEƒy·iŒ}¬}Dÿguÿ‹¸ƒ‹Øh ÿÎÄÿÿô‚l0ûä0è^…÷3ðsk…L˜ÿÿ}ɾêua¥Âÿ.Óx_ni9éèð0E‹øWp0‹ñðh¨…ô…•M‰Kñ
üEj艙Ш\À‹ÿSÅüÀÒVQ
…û=Aÿ0ǐ‹tÈj/µr냭…éýVü‡‹ü‹æ…üÿ0"ëW-ÿ‰ÿ0}Ý>è‰ÿÆýj”èSE=˜Tà¹iwÿhèP30T<…jt2ÿ؄h¾Y10§0Ê8j©Ìÿaì¨ÿƒðƒÿuhcÿ‹…èÿ0ÿ„Àƒ‰‰‹ÀŽ3£ah@ÿ‹4i¸þèÿɘ‹PUüÀ‹ÿ… …èÿëÿï‹EMèŸÌÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PÑ9‰ ‰QüjöItiEêÄíèè¸ÆÌÿn…_ŒTxpþÿñuHÆUìÿ}„S‰<3u>@Pþ㍓¸0]ènÏÿÿ]P0jˆèÀõ…øWÿ0+‹2«ÿ‰%ÿÖPE3…füÙn…ÿÿjPÿãtà…è 3o0AU¶o0‰PxìÿýSþ‹o‹e…ßÿWÿ%ÿ0j0e¸nÿ1E„‹ø‹jtuÿàƒ@3ÿ°0…<‰â‹ièü0t‹Øª8Rå0±jù)cË0PDÿ¦ÿ‹ÿ;à0tƒe!uÿ>0$VÿSÈR4¸ÿhv€$Y,‹½PÿfWMue\0N0Hs0€pøþJ÷SÈ
_	QØòƒe‹ÿüÿ‹ÿ`ŽÀ?hÿøèQû‹f‹lØÿVýÿPØxô¡ ąjE‹‹tfVdPVÿù0é0‹oÿ,ÿ“OPm‹jÿiYÀÿÿÿEÈèÁ#…ÿÌ~jÀÿDPtÿÿƒP"èøÿó(ÿëh‹ÿ¬

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2018-11-17-T-19-23-25-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (1523 bytes) - download
1
2
3
4
5
6
7
11/07/2018-20:40:54.974894  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:62513 -> 10.22.15.2:53
11/07/2018-20:47:12.712657  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:12.712657  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:12.712657  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:14.996292  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:49:57.408013  [**] [1:2023472:5] ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:64497 -> 208.67.222.222:53
11/07/2018-20:49:57.429411  [**] [1:2023472:5] ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:64498 -> 208.67.222.222:53


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2018-11-17 19:23:15,027 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-17 19:23:15,786 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-17 19:23:15,786 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-17 19:23:15,787 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-17 19:23:15,787 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-17 19:23:15,787 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/221168dc0865c145fe977b2c373022f3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11172018.1923-2018-11-13-traffic-analysis-exercise.pcap -vvv -k none
2018-11-17 19:23:25,180 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-17 19:23:25,181 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.1634190083