Filename: 123.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.76648902893 seconds
Hash: 254f34406b294d84e28f4392dc497f1a
Uploaded: 1555587417

Logfiles


suricata-4.0.0-etopen-all-alert-2019-04-18-T-11-37-07-04182019.1136-123.pcap.txt - (14700 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
08/17/2018-17:19:06.023202  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49231 -> 172.16.8.5:445
08/17/2018-17:19:24.653201  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:24.654631  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:24.866387  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:29.871895  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:29.877705  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:34.879392  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49286 -> 172.16.8.5:445
08/17/2018-17:19:34.888538  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49541 -> 172.16.8.5:445
08/17/2018-17:19:34.889065  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49541 -> 172.16.8.5:445
08/17/2018-17:19:35.103816  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49541 -> 172.16.8.5:445
08/17/2018-17:19:40.108206  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49541 -> 172.16.8.5:445
08/17/2018-17:19:40.117720  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49542 -> 172.16.8.5:445
08/17/2018-17:19:40.118464  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49542 -> 172.16.8.5:445
08/17/2018-17:19:40.333538  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49543 -> 172.16.8.5:445
08/17/2018-17:19:40.336362  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49544 -> 172.16.8.5:445
08/17/2018-17:19:40.336988  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49544 -> 172.16.8.5:445
08/17/2018-17:19:40.552880  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49545 -> 172.16.8.5:445
08/17/2018-17:19:40.553600  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49545 -> 172.16.8.5:445
08/17/2018-17:19:40.768839  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49546 -> 172.16.8.5:445
08/17/2018-17:19:40.769425  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49546 -> 172.16.8.5:445
08/17/2018-17:19:40.984306  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49546 -> 172.16.8.5:445
08/17/2018-17:19:45.989312  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49546 -> 172.16.8.5:445
08/17/2018-17:19:45.997394  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49548 -> 172.16.8.5:445
08/17/2018-17:19:45.999838  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:46.000326  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:46.213671  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:51.215763  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:51.221459  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:56.220178  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49549 -> 172.16.8.5:445
08/17/2018-17:19:56.228214  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:19:56.228876  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:19:56.441905  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:01.445956  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:01.452257  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:06.452995  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:06.460243  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:11.460620  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49550 -> 172.16.8.5:445
08/17/2018-17:20:11.468977  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:11.469930  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:11.681646  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:16.685598  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:16.690199  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:21.693791  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49551 -> 172.16.8.5:445
08/17/2018-17:20:21.702712  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49552 -> 172.16.8.5:445
08/17/2018-17:20:21.705130  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:21.705704  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:21.916275  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:26.920225  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:26.926637  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:31.928906  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:31.933919  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:36.938548  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:36.945272  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:41.945059  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:41.951420  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:46.954422  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49553 -> 172.16.8.5:445
08/17/2018-17:20:46.958750  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:46.959663  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:47.175699  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:52.181072  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:52.186932  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:57.184540  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:20:57.190902  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:02.193476  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:02.199747  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:07.200307  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:07.206545  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:12.207381  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49554 -> 172.16.8.5:445
08/17/2018-17:21:12.211723  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:12.212547  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:12.430437  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:17.434803  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:17.441187  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:22.460121  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49555 -> 172.16.8.5:445
08/17/2018-17:21:22.466399  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.8.205:49556 -> 172.16.8.5:445


packet_stats.log - (7477 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          2844          9430233      596405882     387682013       1102.6b   99.29
 IPv4      17            46          4106590      597563604     170450679          7.8b    0.71
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          2844            82658       22158314        253367        720.6m   93.84
TMM_FLOWWORKER              IPv4      17            46           166019         429508        201834          9.3m    1.21
TMM_RECEIVEPCAPFILE         IPv4       6          2844             2531         180466          3679         10.5m    1.36
TMM_RECEIVEPCAPFILE         IPv4      17            46             2586          11420          3283        151.1k    0.02
TMM_DECODEPCAPFILE          IPv4       6          2844             2645        9644755          7945         22.6m    2.94
TMM_DECODEPCAPFILE          IPv4      17            46             2663        4610792        104196          4.8m    0.62

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          2844             2807          51552          3348          9.5m  1.46  
flow                    IPv4      17            46             2825          32769          5267        242.3k  0.04  
stream                  IPv4       6          2844             2542        6370372          5119         14.6m  2.23  
app-layer               IPv4      17            46             2524          29500          4147        190.8k  0.03  
detect                  IPv4       6          2844            61525       18178305        213702        607.8m  93.25 
detect                  IPv4      17            46           149539         357328        181051          8.3m  1.28  
tcp-prune               IPv4       6          2844             2506        2864563          3922         11.2m  1.71  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4      17             5             2929          21775          8827         44.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            75            13261         215483         59659          4.5m  12.79 
LOGGER_UNIFIED2             IPv4       6            75            18202         183076         44617          3.3m  9.57  
LOGGER_JSON_ALERT           IPv4       6            75            33946       21405197        362147         27.2m  77.64 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2844             3159       14178727         15003        42.7m  53.06 
payload                           IPv4      17            46             5019          50270         11098       510.5k  0.63  
stream                            IPv4       6          2844             2986        1719248         13094        37.2m  46.31 
Total                             IPv4                  5734                                         14024        80.4m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            38            18613         122876         33727          1.3m  0.19  
PROF_DETECT_IPONLY          IPv4      17             5            18749          47731         34812        174.1k  0.03  
PROF_DETECT_RULES           IPv4       6          2844             2532       18102671        118254        336.3m  49.45 
PROF_DETECT_RULES           IPv4      17            46            89857         170901        102869          4.7m  0.70  
PROF_DETECT_STATEFUL_CONT    IPv4       6          2844             2503         112151          3059          8.7m  1.28  
PROF_DETECT_STATEFUL_CONT    IPv4      17            46             2518          79129          4445        204.5k  0.03  
PROF_DETECT_PREFILTER       IPv4       6          2844            24744       14230497         57154        162.5m  23.90 
PROF_DETECT_PREFILTER       IPv4      17            46            26022          73407         34808          1.6m  0.24  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2844            14088       14209114         36568        104.0m  15.29 
PROF_DETECT_PF_PAYLOAD      IPv4      17            46            10191          55641         16411        754.9k  0.11  
PROF_DETECT_PF_SORT1        IPv4       6          2650             2518         106213          4284         11.4m  1.67  
PROF_DETECT_PF_SORT1        IPv4      17            46             2855           5570          3438        158.2k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6          2844             2516        4818110          4688         13.3m  1.96  
PROF_DETECT_PF_SORT2        IPv4      17            46             2567           3888          2752        126.6k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6          2844             2510         421628          3165          9.0m  1.32  
PROF_DETECT_NONMPMLIST      IPv4      17            46             2527           3805          2889        132.9k  0.02  
PROF_DETECT_ALERT           IPv4       6          2844             2514         101641          2926          8.3m  1.22  
PROF_DETECT_ALERT           IPv4      17            46             2526          17616          3150        144.9k  0.02  
PROF_DETECT_CLEANUP         IPv4       6          2844             2510          78612          2847          8.1m  1.19  
PROF_DETECT_CLEANUP         IPv4      17            46             2522           6290          2876        132.3k  0.02  
PROF_DETECT_GETSGH          IPv4       6          2844             2514          66041          3108          8.8m  1.30  
PROF_DETECT_GETSGH          IPv4      17            46             2522          18485          3963        182.3k  0.03  


suricata-4.0.0-etopen-all-perf.txt-2019-04-18-T-11-37-07-04182019.1136-123.pcap.txt - (27734 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/18/2019 -- 11:37:07. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2103035      1        9        22430141     10.16  1446     0        18028084    15511.85    0.00        15511.85   
  2        2103020      1        5        9265802      4.20   345      0        8291138     26857.40    0.00        26857.40   
  3        2100533      1        17       1853441      0.84   75       0        1629903     24712.55    0.00        24712.55   
  4        2103054      1        5        10388229     4.70   732      0        471085      14191.57    0.00        14191.57   
  5        2102190      1        5        4387605      1.99   1406     0        393388      3120.63     0.00        3120.63    
  6        2015986      1        5        819739       0.37   143      0        388887      5732.44     0.00        5732.44    
  7        2102401      1        5        458711       0.21   35       0        355363      13106.03    0.00        13106.03   
  8        2102954      1        4        1971791      0.89   75       0        184759      26290.55    0.00        26290.55   
  9        2102383      1        21       2359139      1.07   35       0        164381      67403.97    0.00        67403.97   
  10       2102402      1        6        741776       0.34   35       0        137164      21193.60    0.00        21193.60   
  11       2103159      1        4        1025628      0.46   278      0        135756      3689.31     0.00        3689.31    
  12       2102471      1        12       3161953      1.43   75       0        130486      42159.37    0.00        42159.37   
  13       2103048      1        5        8102520      3.67   732      0        111313      11069.02    0.00        11069.02   
  14       2103038      1        5        9179959      4.16   345      0        88092       26608.58    0.00        26608.58   
  15       2102465      1        9        4051007      1.83   75       75       87261       54013.43    54013.43    0.00       
  16       2103040      1        5        7187750      3.25   345      0        86871       20834.06    0.00        20834.06   
  17       2103032      1        5        7136507      3.23   345      0        85301       20685.53    0.00        20685.53   
  18       2021151      1        1        127864       0.06   19       0        78800       6729.68     0.00        6729.68    
  19       2103022      1        4        11405171     5.16   345      0        72663       33058.47    0.00        33058.47   
  20       2103030      1        5        9129034      4.13   345      0        70115       26460.97    0.00        26460.97   
  21       2021977      1        6        357733       0.16   107      0        69565       3343.30     0.00        3343.30    
  22       2103024      1        3        7036172      3.19   345      0        65636       20394.70    0.00        20394.70   
  23       2102468      1        9        2601495      1.18   75       0        63803       34686.60    0.00        34686.60   
  24       2103003      1        7        827177       0.37   35       0        63361       23633.63    0.00        23633.63   
  25       2103056      1        5        8129211      3.68   732      0        60977       11105.48    0.00        11105.48   
  26       2017886      1        2        554205       0.25   183      0        59727       3028.44     0.00        3028.44    
  27       2102511      1        10       4309607      1.95   1446     0        56953       2980.36     0.00        2980.36    
  28       2103046      1        5        9893041      4.48   732      0        55468       13515.08    0.00        13515.08   
  29       2103184      1        4        52135        0.02   1        0        52135       52135.00    0.00        52135.00   
  30       2017935      1        3        4144433      1.88   1447     0        50768       2864.16     0.00        2864.16    
  31       2020790      1        2        48731        0.02   1        0        48731       48731.00    0.00        48731.00   
  32       2103002      1        5        4001725      1.81   1446     0        46000       2767.44     0.00        2767.44    
  33       2008117      1        3        165327       0.07   46       0        44729       3594.07     0.00        3594.07    
  34       2017944      1        5        1210399      0.55   69       0        44493       17542.01    0.00        17542.01   
  35       2012084      1        2        494978       0.22   19       0        43323       26051.47    0.00        26051.47   
  36       2100537      1        17       280720       0.13   75       0        42183       3742.93     0.00        3742.93    
  37       2103044      1        6        2084708      0.94   732      0        42001       2847.96     0.00        2847.96    
  38       2022132      1        1        1269224      0.57   139      0        41166       9131.11     0.00        9131.11    
  39       2103027      1        6        4007241      1.81   1446     0        40516       2771.26     0.00        2771.26    
  40       2018558      1        5        2393019      1.08   841      0        39030       2845.44     0.00        2845.44    
  41       2025018      1        2        2214163      1.00   800      0        38813       2767.70     0.00        2767.70    
  42       2102938      1        6        37828        0.02   1        0        37828       37828.00    0.00        37828.00   
  43       2014957      1        1        881538       0.40   88       0        37578       10017.48    0.00        10017.48   
  44       2103029      1        6        3945955      1.79   1446     0        37134       2728.88     0.00        2728.88    
  45       2103036      1        5        1045654      0.47   345      0        34582       3030.88     0.00        3030.88    
  46       2021976      1        2        352899       0.16   112      0        33660       3150.88     0.00        3150.88    
  47       2103001      1        5        3928090      1.78   1446     0        33470       2716.52     0.00        2716.52    
  48       2103028      1        5        1012649      0.46   345      0        33016       2935.21     0.00        2935.21    
  49       2103158      1        6        838079       0.38   278      0        32885       3014.67     0.00        3014.67    
  50       2009387      1        4        3240321      1.47   1100     0        32450       2945.75     0.00        2945.75    
  51       2103019      1        5        3958607      1.79   1446     0        30435       2737.63     0.00        2737.63    
  52       2014130      1        2        149148       0.07   45       0        30313       3314.40     0.00        3314.40    
  53       2103434      1        4        29061        0.01   1        0        29061       29061.00    0.00        29061.00   
  54       2103018      1        5        950365       0.43   345      0        28794       2754.68     0.00        2754.68    
  55       2103418      1        4        28537        0.01   1        0        28537       28537.00    0.00        28537.00   
  56       2103433      1        4        28421        0.01   1        0        28421       28421.00    0.00        28421.00   
  57       2014958      1        1        253135       0.11   23       0        28341       11005.87    0.00        11005.87   
  58       2103034      1        5        972607       0.44   345      0        28150       2819.15     0.00        2819.15    
  59       2103226      1        4        28030        0.01   1        0        28030       28030.00    0.00        28030.00   
  60       2103265      1        5        28006        0.01   1        0        28006       28006.00    0.00        28006.00   
  61       2102948      1        7        27858        0.01   1        0        27858       27858.00    0.00        27858.00   
  62       2019633      1        1        206526       0.09   64       0        27761       3226.97     0.00        3226.97    
  63       2102483      1        9        27749        0.01   1        0        27749       27749.00    0.00        27749.00   
  64       2103227      1        4        27658        0.01   1        0        27658       27658.00    0.00        27658.00   
  65       2103264      1        5        27565        0.01   1        0        27565       27565.00    0.00        27565.00   
  66       2103417      1        4        27357        0.01   1        0        27357       27357.00    0.00        27357.00   
  67       2102968      1        5        27332        0.01   1        0        27332       27332.00    0.00        27332.00   
  68       2103122      1        4        27271        0.01   1        0        27271       27271.00    0.00        27271.00   
  69       2102482      1        10       27136        0.01   1        0        27136       27136.00    0.00        27136.00   
  70       2103185      1        4        27109        0.01   1        0        27109       27109.00    0.00        27109.00   
  71       2103123      1        4        27046        0.01   1        0        27046       27046.00    0.00        27046.00   
  72       2020773      1        2        26847        0.01   1        0        26847       26847.00    0.00        26847.00   
  73       2024435      1        1        2804938      1.27   1017     0        26293       2758.05     0.00        2758.05    
  74       2103188      1        4        24956        0.01   1        0        24956       24956.00    0.00        24956.00   
  75       2102997      1        6        24739        0.01   1        0        24739       24739.00    0.00        24739.00   
  76       2020781      1        5        24569        0.01   1        0        24569       24569.00    0.00        24569.00   
  77       2020692      1        1        24101        0.01   1        0        24101       24101.00    0.00        24101.00   
  78       2103238      1        4        2500094      1.13   892      0        23777       2802.80     0.00        2802.80    
  79       2103269      1        5        23690        0.01   1        0        23690       23690.00    0.00        23690.00   
  80       2014956      1        1        246734       0.11   23       0        23685       10727.57    0.00        10727.57   
  81       2103438      1        4        23547        0.01   1        0        23547       23547.00    0.00        23547.00   
  82       2102969      1        5        23381        0.01   1        0        23381       23381.00    0.00        23381.00   
  83       2021978      1        6        316789       0.14   112      0        22871       2828.47     0.00        2828.47    
  84       2103421      1        4        22841        0.01   1        0        22841       22841.00    0.00        22841.00   
  85       2103126      1        4        22717        0.01   1        0        22717       22717.00    0.00        22717.00   
  86       2103422      1        4        22679        0.01   1        0        22679       22679.00    0.00        22679.00   
  87       2103437      1        4        22634        0.01   1        0        22634       22634.00    0.00        22634.00   
  88       2103231      1        4        22540        0.01   1        0        22540       22540.00    0.00        22540.00   
  89       2103230      1        4        22456        0.01   1        0        22456       22456.00    0.00        22456.00   
  90       2103189      1        4        22336        0.01   1        0        22336       22336.00    0.00        22336.00   
  91       2103268      1        5        22322        0.01   1        0        22322       22322.00    0.00        22322.00   
  92       2103042      1        5        2026588      0.92   732      0        22302       2768.56     0.00        2768.56    
  93       2103127      1        4        22061        0.01   1        0        22061       22061.00    0.00        22061.00   
  94       2102996      1        6        22031        0.01   1        0        22031       22031.00    0.00        22031.00   
  95       2018281      1        4        564208       0.26   190      0        21664       2969.52     0.00        2969.52    
  96       2103050      1        5        2008052      0.91   732      0        21396       2743.24     0.00        2743.24    
  97       2019017      1        3        141695       0.06   46       0        21178       3080.33     0.00        3080.33    
  98       2022547      1        1        1434472      0.65   490      0        21003       2927.49     0.00        2927.49    
  99       2008301      1        3        340570       0.15   100      0        20906       3405.70     0.00        3405.70    
  100      2001804      1        5        73490        0.03   16       0        19927       4593.12     0.00        4593.12    
  101      2019235      1        1        297231       0.13   100      0        19693       2972.31     0.00        2972.31    
  102      2023497      1        3        478621       0.22   32       0        19684       14956.91    0.00        14956.91   
  103      2103052      1        5        2025335      0.92   732      0        19408       2766.85     0.00        2766.85    
  104      2103239      1        4        468800       0.21   142      0        19404       3301.41     0.00        3301.41    
  105      2018054      1        1        19369        0.01   1        0        19369       19369.00    0.00        19369.00   
  106      2100327      1        10       178279       0.08   48       0        18796       3714.15     0.00        3714.15    
  107      2100536      1        13       254257       0.12   75       0        18541       3390.09     0.00        3390.09    
  108      2001330      1        8        1426125      0.65   516      0        18307       2763.81     0.00        2763.81    
  109      2020613      1        3        18166        0.01   1        0        18166       18166.00    0.00        18166.00   
  110      2020789      1        2        17953        0.01   1        0        17953       17953.00    0.00        17953.00   
  111      2012308      1        2        325372       0.15   118      0        17914       2757.39     0.00        2757.39    
  112      2017915      1        2        17745        0.01   1        0        17745       17745.00    0.00        17745.00   
  113      2020799      1        2        17557        0.01   1        0        17557       17557.00    0.00        17557.00   
  114      2103026      1        5        962880       0.44   345      0        17540       2790.96     0.00        2790.96    
  115      2022546      1        1        51664        0.02   11       0        17498       4696.73     0.00        4696.73    
  116      2018153      1        4        17304        0.01   1        0        17304       17304.00    0.00        17304.00   
  117      2020791      1        3        17161        0.01   1        0        17161       17161.00    0.00        17161.00   
  118      2018013      1        3        17115        0.01   1        0        17115       17115.00    0.00        17115.00   
  119      2018069      1        1        17076        0.01   1        0        17076       17076.00    0.00        17076.00   
  120      2017548      1        6        30841        0.01   2        0        16973       15420.50    0.00        15420.50   
  121      2008305      1        3        338937       0.15   115      0        16927       2947.28     0.00        2947.28    
  122      2025472      1        1        227792       0.10   68       0        16848       3349.88     0.00        3349.88    
  123      2018639      1        2        16776        0.01   1        0        16776       16776.00    0.00        16776.00   
  124      2020020      1        1        1064401      0.48   390      0        16691       2729.23     0.00        2729.23    
  125      2020767      1        2        1

This file has been truncated. Go here to download in full.


stats.log - (2471 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 4/18/2019 -- 11:37:07 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2890
decoder.bytes                              | Total                     | 858013
decoder.ipv4                               | Total                     | 2890
decoder.ethernet                           | Total                     | 2890
decoder.tcp                                | Total                     | 2844
decoder.udp                                | Total                     | 46
decoder.avg_pkt_size                       | Total                     | 296
decoder.max_pkt_size                       | Total                     | 8366
flow.tcp                                   | Total                     | 19
flow.udp                                   | Total                     | 5
detect.alert                               | Total                     | 75
detect.mpm_list                            | Total                     | 20
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 11
app_layer.flow.failed_udp                  | Total                     | 5
flow_mgr.new_pruned                        | Total                     | 20
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 22
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 18
flow_mgr.flows_removed                     | Total                     | 18
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65514
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7080640


eve.json - (28646 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{"timestamp":"2018-08-17T17:19:06.023202+0000","flow_id":1554520522511989,"pcap_cnt":35,"event_type":"alert","src_ip":"172.16.8.205","src_port":49231,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:24.653201+0000","flow_id":2160282711157362,"pcap_cnt":75,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:24.654631+0000","flow_id":2160282711157362,"pcap_cnt":79,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:24.866387+0000","flow_id":2160282711157362,"pcap_cnt":120,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:29.871895+0000","flow_id":2160282711157362,"pcap_cnt":173,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:29.877705+0000","flow_id":2160282711157362,"pcap_cnt":212,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:34.879392+0000","flow_id":2160282711157362,"pcap_cnt":264,"event_type":"alert","src_ip":"172.16.8.205","src_port":49286,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:34.888538+0000","flow_id":40104318372315,"pcap_cnt":320,"event_type":"alert","src_ip":"172.16.8.205","src_port":49541,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:34.889065+0000","flow_id":40104318372315,"pcap_cnt":324,"event_type":"alert","src_ip":"172.16.8.205","src_port":49541,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:35.103816+0000","flow_id":40104318372315,"pcap_cnt":369,"event_type":"alert","src_ip":"172.16.8.205","src_port":49541,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.108206+0000","flow_id":40104318372315,"pcap_cnt":418,"event_type":"alert","src_ip":"172.16.8.205","src_port":49541,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.117720+0000","flow_id":1908488106985097,"pcap_cnt":470,"event_type":"alert","src_ip":"172.16.8.205","src_port":49542,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.118464+0000","flow_id":1908488106985097,"pcap_cnt":474,"event_type":"alert","src_ip":"172.16.8.205","src_port":49542,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.333538+0000","flow_id":610510335381760,"pcap_cnt":534,"event_type":"alert","src_ip":"172.16.8.205","src_port":49543,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.336362+0000","flow_id":786213152497046,"pcap_cnt":548,"event_type":"alert","src_ip":"172.16.8.205","src_port":49544,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.336988+0000","flow_id":786213152497046,"pcap_cnt":552,"event_type":"alert","src_ip":"172.16.8.205","src_port":49544,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.552880+0000","flow_id":1305835475855989,"pcap_cnt":611,"event_type":"alert","src_ip":"172.16.8.205","src_port":49545,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.553600+0000","flow_id":1305835475855989,"pcap_cnt":615,"event_type":"alert","src_ip":"172.16.8.205","src_port":49545,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.768839+0000","flow_id":391151323231657,"pcap_cnt":670,"event_type":"alert","src_ip":"172.16.8.205","src_port":49546,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.769425+0000","flow_id":391151323231657,"pcap_cnt":674,"event_type":"alert","src_ip":"172.16.8.205","src_port":49546,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:40.984306+0000","flow_id":391151323231657,"pcap_cnt":721,"event_type":"alert","src_ip":"172.16.8.205","src_port":49546,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:45.989312+0000","flow_id":391151323231657,"pcap_cnt":770,"event_type":"alert","src_ip":"172.16.8.205","src_port":49546,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:45.997394+0000","flow_id":1045362889536060,"pcap_cnt":826,"event_type":"alert","src_ip":"172.16.8.205","src_port":49548,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:45.999838+0000","flow_id":1625780474953203,"pcap_cnt":840,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:46.000326+0000","flow_id":1625780474953203,"pcap_cnt":844,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:46.213671+0000","flow_id":1625780474953203,"pcap_cnt":893,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:51.215763+0000","flow_id":1625780474953203,"pcap_cnt":942,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:51.221459+0000","flow_id":1625780474953203,"pcap_cnt":982,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:56.220178+0000","flow_id":1625780474953203,"pcap_cnt":1033,"event_type":"alert","src_ip":"172.16.8.205","src_port":49549,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:56.228214+0000","flow_id":839631809312216,"pcap_cnt":1089,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:56.228876+0000","flow_id":839631809312216,"pcap_cnt":1093,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:19:56.441905+0000","flow_id":839631809312216,"pcap_cnt":1140,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:01.445956+0000","flow_id":839631809312216,"pcap_cnt":1187,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:01.452257+0000","flow_id":839631809312216,"pcap_cnt":1233,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:06.452995+0000","flow_id":839631809312216,"pcap_cnt":1278,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:06.460243+0000","flow_id":839631809312216,"pcap_cnt":1322,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:11.460620+0000","flow_id":839631809312216,"pcap_cnt":1369,"event_type":"alert","src_ip":"172.16.8.205","src_port":49550,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:11.468977+0000","flow_id":55568350519790,"pcap_cnt":1424,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:11.469930+0000","flow_id":55568350519790,"pcap_cnt":1428,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:11.681646+0000","flow_id":55568350519790,"pcap_cnt":1472,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:16.685598+0000","flow_id":55568350519790,"pcap_cnt":1522,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:16.690199+0000","flow_id":55568350519790,"pcap_cnt":1565,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3}}
{"timestamp":"2018-08-17T17:20:21.693791+0000","flow_id":55568350519790,"pcap_cnt":1614,"event_type":"alert","src_ip":"172.16.8.205","src_port":49551,"dest_ip":"172.16.8.5","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Deco

This file has been truncated. Go here to download in full.


unified2.alert.1555587424 - (16650 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
4[wŠZ¢ Á	¬ͬÀO½š[wŠ[wŠZ¢~r>nG®Ep	á@€‡´¬ͬÀO½ó	Û֒ŠPÿàîDÿSMBuHÿÿÐ
ÿ\\172.16.8.5\IPC$?????4[wœ	÷‘ Á	¬ͬÀ†½š[wœ[wœ	÷‘~r>nG®EpI@€L¬ͬÀ†½%wÕE¯ÈÆPýõiDÿSMBuHußþ©Àià”ÿÿ`ÿ\\172.16.8.5\IPC$?????4[wœ	ý' Á	¬ͬÀ†½š[wœ[wœ	ý'~r>nG®EpN@€G¬ͬÀ†½%wÕé¯ÈÆÃPüárDÿSMBuHáZ\€Åkëÿÿ`ÿ\\172.16.8.5\IPC$?????4[wœ
8S Á	¬ͬÀ†½š[wœ[wœ
8S~r>nG®Ep@€|¬ͬÀ†½%xí¯ÈîPþ[uDÿSMBuHÞd³x¾à‚ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¡
M× Á	¬ͬÀ†½š[w¡[w¡
M×~r>nG®Ep§@€~î¬ͬÀ†½%xm¯ÈòÊPÿ’,DÿSMBuH6{âëÞ5:ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¡
d‰ Á	¬ͬÀ†½š[w¡[w¡
d‰~r>nG®EpÄ@€~ѬͬÀ†½%x1í¯É´PþtQDÿSMBuHñC2¦.Y¦ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¦
k  Á	¬ͬÀ†½š[w¦[w¦
k ~r>nG®Epç@€~®¬ͬÀ†½%xJm¯ÉQPÿ£±DÿSMBuHqŇ´ú¸Oÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¦
ŽÚ Á	¬ͬÁ…½š[w¦[w¦
ŽÚ~r>nG®Ep@€~„¬ͬÁ…½Á»DWBù¶Pýj“DÿSMBuH-ögj‰Îÿÿ`ÿ\\172.16.8.5\IPC$?????4	[w¦
é Á	¬ͬÁ…½š	[w¦[w¦
é~r>nG®Ep@€~‚¬ͬÁ…½Á»êWBúsPüžVDÿSMBuH¦ó›&X),„ÿÿ`ÿ\\172.16.8.5\IPC$?????4
[w§•ˆ Á	¬ͬÁ…½š
[w§[w§•ˆ~r>nG®Ep6@€~_¬ͬÁ…½ÁæðWC"RPý.DÿSMBuHk7>xÅ¢·ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬¦® Á	¬ͬÁ…½š[w¬[w¬¦®~r>nG®EpX@€~=¬ͬÁ…½ÁÿrWC&zPÿïDÿSMBuHb[Aû­]sÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬ËØ Á	¬ͬÁ†½š[w¬[w¬ËØ~r>nG®Ep€@€~¬ͬÁ†½]N*íV~dPý('DÿSMBuHNÏuà¬Jÿÿ`ÿ\\172.16.8.5\IPC$?????4
[w¬ÎÀ Á	¬ͬÁ†½š
[w¬[w¬ÎÀ~r>nG®Ep‚@€~¬ͬÁ†½]N+•V~dÜPü4±DÿSMBuHBøra0Võÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬â Á	¬ͬÁ‡½š[w¬[w¬â~r>nG®Ep²@€}ã¬ͬÁ‡½àŒ«Ï°Ø˜Pý9÷DÿSMBuH®uVTÝà"ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬!ê Á	¬ͬÁˆ½š[w¬[w¬!ê~r>nG®Ep¼@€}Ù¬ͬÁˆ½6è79£OV¯PýÇàDÿSMBuH©š[3§{ž1ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬$\ Á	¬ͬÁˆ½š[w¬[w¬$\~r>nG®Ep¾@€}׬ͬÁˆ½6è7Ý£OWlPüÈÑDÿSMBuHØü¶'?;8ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬o° Á	¬ͬÁ‰½š[w¬[w¬o°~r>nG®Epï@€}¦¬ͬÁ‰½rÎØñsô²PýDÿSMBuHo¿xíj„´iÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬r€ Á	¬ͬÁ‰½š[w¬[w¬r€~r>nG®Epñ@€}¤¬ͬÁ‰½rÎ~ñsõoPüuDÿSMBuHKúô«^»Uuÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬»G Á	¬ͬÁŠ½š[w¬[w¬»G~r>nG®Ep@€}v¬ͬÁŠ½êðˆÞÄýPýôûDÿSMBuH{tÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬½‘ Á	¬ͬÁŠ½š[w¬[w¬½‘~r>nG®Ep!@€}t¬ͬÁŠ½êð‰†źPüƒÃDÿSMBuH]‡ítc]ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¬ò Á	¬ͬÁŠ½š[w¬[w¬ò~r>nG®EpF@€}O¬ͬÁŠ½êð´ŽîPý=DÿSMBuH˜,=MŽ6<ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w±€ Á	¬ͬÁŠ½š[w±[w±€~r>nG®Ep7@€|^¬ͬÁŠ½êðÍñÁPÿÄeDÿSMBuH|R6·
ªÿÿ`ÿ\\172.16.8.5\IPC$?????4[w±8 Á	¬ͬÁŒ½š[w±[w±8~r>nG®Epa@€|4¬ͬÁŒ½å‹sÀ]•PýUŸDÿSMBuHØ­Í®"›ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w±Až Á	¬ͬÁ½š[w±[w±Až~r>nG®Epk@€|*¬ͬÁ½²A:[{ŸIPýÀYDÿSMBuHŠ«à¸{rÿÿ`ÿ\\172.16.8.5\IPC$?????4[w²F Á	¬ͬÁ½š[w²[w²F~r>nG®Epm@€|(¬ͬÁ½²AÞ[{ Pü¢÷DÿSMBuHï"]GO|qøÿÿ`ÿ\\172.16.8.5\IPC$?????4[w²B§ Á	¬ͬÁ½š[w²[w²B§~r>nG®Ep”@€|¬ͬÁ½²AEâ[{ÈZPýz)DÿSMBuH jöœ·Ñ”zÿÿ`ÿ\\172.16.8.5\IPC$?????4·JÓ Á	¬ͬÁ½š·[w·JÓ~r>nG®Ep·@€{Þ¬ͬÁ½²A^b[{Ì
PÿäDÿSMBuH*ù–V‘p
lÿÿ`ÿ\\172.16.8.5\IPC$?????4[w·a Á	¬ͬÁ½š[w·[w·a~r>nG®EpÔ@€{Á¬ͬÁ½²Avâ[{áEPýnDÿSMBuH•ûi*™ëdÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¼\ Á	¬ͬÁ½š[w¼[w¼\~r>nG®Epù@€{œ¬ͬÁ½²Ab[{å”PÿÙDÿSMBuH¤©¹7T‡²ÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¼{v Á	¬ͬÁŽ½š[w¼[w¼{v~r>nG®Ep@€{v¬ͬÁŽ½	|ݓČijPýÉîDÿSMBuH]J™Õ›É¬Mÿÿ`ÿ\\172.16.8.5\IPC$?????4[w¼~ Á	¬ͬÁŽ½š[w¼[w¼~~r>nG®Ep!@€{t¬ͬÁŽ½	|Þ9ČÅpPüӇDÿSMBuH‡
ÑþqÕiZÿÿ`ÿ\\172.16.8.5\IPC$?????4 [w¼¾1 Á	¬ͬÁŽ½š [w¼[w¼¾1~r>nG®EpE@€{P¬ͬÁŽ½	}	?ČíÄPý$mDÿSMBuHTýÍd ËÌÍÿÿ`ÿ\\172.16.8.5\IPC$?????4![wÁÎ Á	¬ͬÁŽ½š![wÁ[wÁÎ~r>nG®Epf@€{/¬ͬÁŽ½	}!ÁČñwPÿ¾ÙDÿSMBuH´—«ƒ§¬Pÿÿ`ÿ\\172.16.8.5\IPC$?????4"[wÁæ¡ Á	¬ͬÁŽ½š"[wÁ[wÁæ¡~r>nG®Ep…@€{¬ͬÁŽ½	}:Cč™Pý3˜DÿSMBuHBnIqÛ8ÿÿ`ÿ\\172.16.8.5\IPC$?????4#[wÆéƒ Á	¬ͬÁŽ½š#[wÆ[wÆéƒ~r>nG®Ep¨@€zí¬ͬÁŽ½	}RÅč
þPÿGODÿSMBuH®ÿ0ùwE¯ÿÿ`ÿ\\172.16.8.5\IPC$?????4$[wÆÓ Á	¬ͬÁŽ½š$[wÆ[wÆÓ~r>nG®EpÇ@€zάͬÁŽ½	}kGč «Pý	ÖDÿSMBuHJÑëäÿÿ`ÿ\\172.16.8.5\IPC$?????4%[wËL Á	¬ͬÁŽ½š%[wË[wËL~r>nG®Epë@€zª¬ͬÁŽ½	}ƒÉč$…Pÿ«1DÿSMBuHÿSV^«£Ïÿÿ`ÿ\\172.16.8.5\IPC$?????4&[wË'ñ Á	¬ͬÁ½š&[wË[wË'ñ~r>nG®Ep@€z‚¬ͬÁ½a«àĔÉÅÍPý©êDÿSMBuHù΋…üR°Ûÿÿ`ÿ\\172.16.8.5\IPC$?????4'[wË+ª Á	¬ͬÁ½š'[wË[wË+ª~r>nG®Ep@€z€¬ͬÁ½a«ál”ÉƊPü¤öDÿSMBuHçŒ*Ø£KÉÿÿ`ÿ\\172.16.8.5\IPC$?????4([wË
f® Á	¬ͬÁ½š([wË[wË
f®~r>nG®Ep8@€z]¬ͬÁ½a¬t”ÉîPýDÿSMBuHPÝŽÔp؆ÿÿ`ÿ\\172.16.8.5\IPC$?????4)[wÐ
v Á	¬ͬÁ½š)[wÐ[wÐ
v~r>nG®EpZ@€z;¬ͬÁ½a¬$ø”Éò‘Pÿô“DÿSMBuH”N¥>sbÉïÿÿ`ÿ\\172.16.8.5\IPC$?????4*[wÐ
ˆ Á	¬ͬÁ½š*[wÐ[wÐ
ˆ~r>nG®Epw@€z¬ͬÁ½a¬=|”ÊPýŽ@DÿSMBuHԃchÞ=™ÿÿ`ÿ\\172.16.8.5\IPC$?????4+[wÕ
– Á	¬ͬÁ½š+[wÕ[wÕ
–~r>nG®Ep•@€z¬ͬÁ½a¬V”ÊPÿ(XDÿSMBuHl)ìæÇMÿÿ`ÿ\\172.16.8.5\IPC$?????4,[wÕ
¸ø Á	¬ͬÁ½š,[wÕ[wÕ
¸ø~r>nG®Ep½@€yجͬÁ½»ð´þZCöÚPý
ÚDÿSMBuH\¥åñPÝÿÿ`ÿ\\172.16.8.5\IPC$?????4-[wÕ
Âj Á	¬ͬÁ‘½š-[wÕ[wÕ
Âj~r>nG®EpÇ@€yάͬÁ‘½ø?’½¹»l?PýÒDÿSMBuHöȽp¦¾›kÿÿ`ÿ\\172.16.8.5\IPC$?????4.[wÕ
Ĩ Á	¬ͬÁ‘½š.[wÕ[wÕ
Ĩ~r>nG®EpÉ@€y̬ͬÁ‘½ø?“a¹»lüPü–DÿSMBuHûR¹ 6äÚ,ÿÿ`ÿ\\172.16.8.5\IPC$?????4/[wÕ
û3 Á	¬ͬÁ‘½š/[wÕ[wÕ
û3~r>nG®Epî@€y§¬ͬÁ‘½ø?¾e¹»•PPý]°DÿSMBuHUüÆÍ)Ð8ÿÿ`ÿ\\172.16.8.5\IPC$?????40[wÚ
¡ Á	¬ͬÁ‘½š0[wÚ[wÚ
¡~r>nG®Ep@€yƒ¬ͬÁ‘½ø?Öå¹»™Pÿä{DÿSMBuH#T!ǜ¹‘;ÿÿ`ÿ\\172.16.8.5\IPC$?????41[wÚ#­ Á	¬ͬÁ‘½š1[wÚ[wÚ#­~r>nG®Ep2@€yc¬ͬÁ‘½ø?ïe¹»®þPý:‘DÿSMBuH#Šõ‚–ÀÞÿÿ`ÿ\\172.16.8.5\IPC$?????42[wß,Š Á	¬ͬÁ‘½š2[wß[wß,Š~r>nG®EpR@€yC¬ͬÁ‘½ø@å¹»²ŠPÿ+3DÿSMBuHdß³žƒ,F'ÿÿ`ÿ\\172.16.8.5\IPC$?????43[wß@ Á	¬ͬÁ‘½š3[wß[wß@~r>nG®Epo@€y&¬ͬÁ‘½ø@ e¹»ÇÂPýØùDÿSMBuHa™NeDñ^ÿÿ`ÿ\\172.16.8.5\IPC$?????44[wäR4 Á	¬ͬÁ‘½š4[wä[wäR4~r>nG®Ep‘@€y¬ͬÁ‘½ø@8å¹»ÌPÿ¼ÒDÿSMBuH;$GÕ4­Áÿÿ`ÿ\\172.16.8.5\IPC$?????45[wälx Á	¬ͬÁ‘½š5[wä[wälx~r>nG®Ep°@€xå¬ͬÁ‘½ø@Qe¹»áåPýˆéDÿSMBuHô–|µkÄ.1ÿÿ`ÿ\\172.16.8.5\IPC$?????46[wék£ Á	¬ͬÁ‘½š6[wé[wék£~r>nG®EpÏ@€xƬͬÁ‘½ø@iå¹»å˜Pÿ`ŒDÿSMBuH¯ ’Â_<vJÿÿ`ÿ\\172.16.8.5\IPC$?????47[wé„| Á	¬ͬÁ‘½š7[wé[wé„|~r>nG®Epî@€x§¬ͬÁ‘½ø@‚e¹»ûlPý1>DÿSMBuHXÖO«Xrrÿÿ`ÿ\\172.16.8.5\IPC$?????48[wî6 Á	¬ͬÁ‘½š8[wî[wî6~r>nG®Ep@€x…¬ͬÁ‘½ø@šå¹»ÿPÿXŽDÿSMBuH‘¬Žå-Òÿÿ`ÿ\\172.16.8.5\IPC$?????49[wî¡ Á	¬ͬÁ’½š9[wî[wî¡~r>nG®Ep@€x|¬ͬÁ’½²ù‹ùQÜ¿"PýðÔDÿSMBuH<©·Øtzfÿÿ`ÿ\\172.16.8.5\IPC$?????4:[w Á	¬ͬÁ’½š:[wî[w~r>nG®Ep@€xz¬ͬÁ’½²ùŒŸQÜ¿ßPü•ˆDÿSMBuH"nšD|’YPÿÿ`ÿ\\172.16.8.5\IPC$?????4;[wï®S Á	¬ͬÁ’½š;[wï[wï®S~r>nG®EpA@€xT¬ͬÁ’½²ù·¥QÜè3Pý{DÿSMBuHð ÈÖIÿÿ`ÿ\\172.16.8.5\IPC$?????4<[wôÃP Á	¬ͬÁ’½š<[wô[wôÃP~r>nG®Epe@€x0¬ͬÁ’½²ùÐ'QÜëæPÿxDÿSMBuHFyëhÓv^ÿÿ`ÿ\\172.16.8.5\IPC$?????4=[wôÚ4 Á	¬ͬÁ’½š=[wô[wôÚ4~r>nG®Epƒ@€x¬ͬÁ’½²ùè©QÝ÷Pý…eDÿSMBuH¿
^ªÎÐÿÿ`ÿ\\172.16.8.5\IPC$?????4>[wùÐÜ Á	¬ͬÁ’½š>[wù[wùÐÜ~r>nG®Ep¥@€wð¬ͬÁ’½²ú+QÝmPÿ—=DÿSMBuH‘-Ío·ïÀ5ÿÿ`ÿ\\172.16.8.5\IPC$?????4?[wùé¶ Á	¬ͬÁ’½š?[wù[wùé¶~r>nG®EpÄ@€wѬͬÁ’½²ú­QÝAPý˜DÿSMBuH„£Þò<‘{ÿÿ`ÿ\\172.16.8.5\IPC$?????4@[wþóÄ Á	¬ͬÁ’½š@[wþ[wþóÄ~r>nG®Epä@€w±¬ͬÁ’½²ú2/QÝôPÿB6DÿSMBuHH$ÒWZ¡l!ÿÿ`ÿ\\172.16.8.5\IPC$?????4A[wþC Á	¬ͬÁ’½šA[wþ[wþC~r>nG®Ep@€w’¬ͬÁ’½²úJ±QÝ4ïPý1èDÿSMBuHz›YŸfއøÿÿ`ÿ\\172.16.8.5\IPC$?????4B[ws Á	¬ͬÁ’½šB[w[ws~r>nG®Ep(@€wm¬ͬÁ’½²úc3QÝ8{Pÿ¤GDÿSMBuHÚCu4ãÿÿ`ÿ\\172.16.8.5\IPC$?????4C[w&Ñ Á	¬ͬÁ’½šC[w[w&Ñ~r>nG®EpF@€wO¬ͬÁ’½²ú{µQÝNPý§6DÿSMBuHÓ´–xÚv¿ÿÿ`ÿ\\172.16.8.5\IPC$?????4D[w* Á	¬ͬÁ’½šD[w[w*~r>nG®Eph@€w-¬ͬÁ’½²ú”7QÝRPÿËZDÿSMBuH´¾±p²Çªÿÿ`ÿ\\172.16.8.5\IPC$?????4E[w; Á	¬ͬÁ“½šE[w[w;~r>nG®Epq@€w$¬ͬÁ“½›Ÿõ¢ÁPýˆ{DÿSMBuHHte·
•ÓËÿÿ`ÿ\\172.16.8.5\IPC$?????4F[w>C Á	¬ͬÁ“½šF[w[w>C~r>nG®Eps@€w"¬ͬÁ“½› £~Pü“ÈDÿSMBuHñšïº§‚úÿÿ`ÿ\\172.16.8.5\IPC$?????4G[w‘e Á	¬ͬÁ“½šG[w[w‘e~r>nG®Epš@€vû¬ͬÁ“½›Ë¥ËÒPý[óDÿSMBuHYˆ Lÿ9èÿÿ`ÿ\\172.16.8.5\IPC$?????4H[w
¢s Á	¬ͬÁ“½šH[w
[w
¢s~r>nG®Ep»@€vÚ¬ͬÁ“½›ä)υPÿ}DÿSMBuHÇxý{H”ÿÿ`ÿ\\172.16.8.5\IPC$?????4I[w
»c Á	¬ͬÁ“½šI[w
[w
»c~r>nG®EpÙ@€v¼¬ͬÁ“½›ü­åYPýÜDÿSMBuHN"´¡ƒÀÿÿ`ÿ\\172.16.8.5\IPC$?????4J[wY Á	¬ͬÁ“½šJ[w[wY~r>nG®Ep÷@€vž¬ͬÁ“½œ1éPÿµDÿSMBuHBC˵1Áž

This file has been truncated. Go here to download in full.


keyword_perf.log - (4456 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/18/2019 -- 11:37:07
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             475134          110             110             42290           4319.00         4319.00         0.00           
  content          31309824        10148           8012            441824          3085.00         3077.00         3115.00        
  pcre             1961173         436             334             160036          4498.00         3753.00         6937.00        
  byte_test        11688816        3952            2036            67244           2957.00         2985.00         2928.00        
  byte_jump        728856          243             225             5623            2999.00         2962.00         3458.00        
  flowbits         420271          75              75              43942           5603.00         5603.00         0.00           
  byte_extract     327571          69              69              31696           4747.00         4747.00         0.00           
  asn1             880783          35              0               121518          25165.00        0.00            25165.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             475134          110             110             42290           4319.00         4319.00         0.00           
  asn1             880783          35              0               121518          25165.00        0.00            25165.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31309824        10148           8012            441824          3085.00         3077.00         3115.00        
  pcre             1961173         436             334             160036          4498.00         3753.00         6937.00        
  byte_test        11688816        3952            2036            67244           2957.00         2985.00         2928.00        
  byte_jump        728856          243             225             5623            2999.00         2962.00         3458.00        
  byte_extract     327571          69              69              31696           4747.00         4747.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         420271          75              75              43942           5603.00         5603.00         0.00           


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-04-18 11:36:57,555 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-18 11:36:58,286 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-18 11:36:58,287 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-04-18 11:36:58,287 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-18 11:36:58,287 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-18 11:36:58,288 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/254f34406b294d84e28f4392dc497f1ad2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04182019.1136-123.pcap -vvv -k none
2019-04-18 11:37:07,122 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-18 11:37:07,122 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.57527589798


suricata-report-2019-04-18-T-11-37-07-04182019.1136-123.pcap.txt - (18061 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/254f34406b294d84e28f4392dc497f1ad2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04182019.1136-123.pcap -vvv -k none
elapsedtime:8.832594
stderr:
stdout:
18/4/2019 -- 11:36:58 - <Info> - Configuration node 'rule-files' redefined.
18/4/2019 -- 11:36:58 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/4/2019 -- 11:36:58 - <Info> - CPUs/cores online: 1
18/4/2019 -- 11:36:58 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31713 and 'request-body-inspect-window' set to 16637 after randomization.
18/4/2019 -- 11:36:58 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33342 and 'response-body-inspect-window' set to 16689 after randomization.
18/4/2019 -- 11:36:58 - <Config> - DNS request flood protection level: 500
18/4/2019 -- 11:36:58 - <Config> - DNS per flow memcap (state-memcap): 524288
18/4/2019 -- 11:36:58 - <Config> - DNS global memcap: 16777216
18/4/2019 -- 11:36:58 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/4/2019 -- 11:36:58 - <Config> - preallocated 1000 hosts of size 136
18/4/2019 -- 11:36:58 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/4/2019 -- 11:36:58 - <Config> - using magic-file /usr/share/file/magic
18/4/2019 -- 11:36:58 - <Config> - Core dump size is unlimited.
18/4/2019 -- 11:36:58 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/4/2019 -- 11:36:58 - <Config> - preallocated 1000 defrag trackers of size 168
18/4/2019 -- 11:36:58 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/4/2019 -- 11:36:58 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/4/2019 -- 11:36:58 - <Config> - stream "memcap": 33554432
18/4/2019 -- 11:36:58 - <Config> - stream "midstream" session pickups: disabled
18/4/2019 -- 11:36:58 - <Config> - stream "async-oneside": disabled
18/4/2019 -- 11:36:58 - <Config> - stream "checksum-validation": disabled
18/4/2019 -- 11:36:58 - <Config> - stream."inline": disabled
18/4/2019 -- 11:36:58 - <Config> - stream "bypass": disabled
18/4/2019 -- 11:36:58 - <Config> - stream "max-synack-queued": 5
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly "memcap": 134217728
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly "depth": 0
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly "toserver-chunk-size": 2584
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly "toclient-chunk-size": 2448
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly.raw: enabled
18/4/2019 -- 11:36:58 - <Config> - stream.reassembly "segment-prealloc": 2048
18/4/2019 -- 11:36:58 - <Config> - Delayed detect disabled
18/4/2019 -- 11:36:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/4/2019 -- 11:36:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/4/2019 -- 11:36:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/4/2019 -- 11:36:58 - <Config> - prefilter engines: MPM
18/4/2019 -- 11:36:58 - <Config> - IP reputation disabled
18/4/2019 -- 11:36:58 - <Perf> - Registered 148 keyword profiling counters.
18/4/2019 -- 11:36:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
18/4/2019 -- 11:36:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
18/4/2019 -- 11:36:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
18/4/2019 -- 11:36:59 - <Config> - No rules loaded from ET-emerging-icmp.rules.
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
18/4/2019 -- 11:36:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
18/4/2019 -- 11:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
18/4/2019 -- 11:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
18/4/2019 -- 11:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
18/4/2019 -- 11:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
18/4/2019 -- 11:37:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
18/4/2019 -- 11:37:02 - <Config> - No rules loaded from local.rules.
18/4/2019 -- 11:37:02 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
18/4/2019 -- 11:37:03 - <Info> - Threshold config parsed: 0 rule(s) found
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tcp-packet
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tcp-stream
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for udp-packet
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for other-ip
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_uri
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_request_line
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_client_body
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_response_line
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_header
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_header
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_header_names
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_header_names
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_accept
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_accept_enc
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_accept_lang
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_referer
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_connection
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_content_len
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_content_len
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_content_type
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_content_type
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_protocol
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_protocol
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_start
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_start
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_raw_header
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_raw_header
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_method
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_cookie
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_cookie
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_raw_uri
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_user_agent
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_host
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_raw_host
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_stat_msg
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_stat_code
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for dns_query
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tls_sni
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for dce_stub_data
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for dce_stub_data
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for ssh_protocol
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for ssh_protocol
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for ssh_software
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for ssh_software
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for file_data
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for file_data
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_request_line
18/4/2019 -- 11:37:03 - <Perf> - using shared mpm ctx' for http_response_line
18/4/2019 -- 11:37:03 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
18/4/2019 -- 11:37:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/4/2019 -- 11:37:03 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
18/4/2019 -- 11:37:03 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
18/4/2019 -- 11:37:03 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
18/4/2019 -- 11:37:03 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
18/4/2019 -- 11:37:03 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
18/4/2019 -- 11:37:03 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/4/2019 -- 11:37:04 - <Perf> - Unique rule groups: 111
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toserver TCP packet": 31
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toclient TCP packet": 20
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toserver TCP stream": 31
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toclient TCP stream": 21
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toserver UDP packet": 33
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "toclient UDP packet": 15
18/4/2019 -- 11:37:04 - <Perf> - Builtin MPM "other IP packet": 2
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_uri": 8
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_header": 6
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_header": 3
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_header_names": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_start": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_method": 3
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver http_host": 2
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver tls_sni": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toserver file_data": 1
18/4/2019 -- 11:37:04 - <Perf> - AppLayer MPM "toclient file_data": 5
18/4/2019 -- 11:37:04 - <Perf> - Registered 18241 rule profiling counters.
18/4/2019 -- 11:37:04 - <Info> - fast output device (regular) initialized: alert
18/4/2019 -- 11:37:04 - <Info> - eve-log output device (regular) initialized: eve.json
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'alert'
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'http'
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'dns'
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'tls'
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'files'
18/4/2019 -- 11:37:04 - <Config> - enabling 'eve-log' module 'ssh'
18/4/2019 -- 11:37:04 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/4/2019 -- 11:37:04 - <Info> - stats outp

This file has been truncated. Go here to download in full.