Filename: network (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.7758309841 seconds
Hash: 2625a08168de1ca08b7ddf93800b7524
Uploaded: 1545663151

Logfiles


packet_stats.log - (16251 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           161          3030219      190430262     106834328         17.2b   90.57
 IPv4      17            14          5067683      182001093      37696303        527.7m    2.78
 IPv6      17            15          4556118      181696182      35385642        530.8m    2.79
 IPv6      58             4        180435689      186115720     183295729        733.2m    3.86
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           161            66332       22515893       1115347        179.6m   94.43
TMM_FLOWWORKER              IPv4      17            14           145554         990036        340130          4.8m    2.50
TMM_RECEIVEPCAPFILE         IPv4       6           159             2636          32620          3665        582.9k    0.31
TMM_RECEIVEPCAPFILE         IPv4      17            14             2543           3493          2969         41.6k    0.02
TMM_DECODEPCAPFILE          IPv4       6           159             2748           7586          3495        555.9k    0.29
TMM_DECODEPCAPFILE          IPv4      17            14             2663           3669          2976         41.7k    0.02
TMM_FLOWWORKER              IPv6      17            15           135066         659431        266786          4.0m    2.10
TMM_FLOWWORKER              IPv6      58             4            86189         144872        112006        448.0k    0.24
TMM_RECEIVEPCAPFILE         IPv6      17            15             2546           8573          3380         50.7k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58             4             3220           3874          3568         14.3k    0.01
TMM_DECODEPCAPFILE          IPv6      17            15             2680          33933          5062         75.9k    0.04
TMM_DECODEPCAPFILE          IPv6      58             4             3555          14221          6260         25.0k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           159             2885          53203          4510        717.2k  0.40  
flow                    IPv4      17            14             3344          26560          7935        111.1k  0.06  
stream                  IPv4       6           161             2726         509980         33146          5.3m  2.98  
app-layer               IPv4      17            14             2789          12656          7886        110.4k  0.06  
detect                  IPv4       6           161            44859       20885433       1014360        163.3m  91.34 
detect                  IPv4      17            14           126480         954146        309998          4.3m  2.43  
tcp-prune               IPv4       6           161             2584          43990          4451        716.8k  0.40  
flow                    IPv6      17            15             3654          29857          9744        146.2k  0.08  
flow                    IPv6      58             4             5183           6947          6189         24.8k  0.01  
app-layer               IPv6      17            15             3080          43300         11050        165.8k  0.09  
detect                  IPv6      17            15           116155         614778        229562          3.4m  1.93  
detect                  IPv6      58             4            72440         126344         95213        380.9k  0.21  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             6154          24318         11480         45.9k  12.84 
http                    IPv4      17             3            28095          99699         51963        155.9k  43.58 
http                    IPv6      17             3            28095          99699         51963        155.9k  43.58 
Proto detect            IPv4      17             8             3594           5285          4162         33.3k
Proto detect            IPv6      17             9             4205          34752          8891         80.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           107725         107725        107725        107.7k  1.85  
LOGGER_UNIFIED2             IPv4       6             1           156483         156483        156483        156.5k  2.69  
LOGGER_JSON_ALERT           IPv4       6             1           123926         123926        123926        123.9k  2.13  
LOGGER_JSON_HTTP            IPv4       6            34            53465        1451246        146558          5.0m  85.77 
LOGGER_JSON_FILE            IPv4       6             3           107284         168166        146305        438.9k  7.55  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           141             2610         507504         25201         3.6m  13.79 
payload                           IPv4      17            14             3691          16967          6166        86.3k  0.33  
stream                            IPv4       6           141             2543         437509         29895         4.2m  16.35 
http_uri                          IPv4       6            34             4236          28450          7573       257.5k  1.00  
http_request_line                 IPv4       6            34             3553          31697          5938       201.9k  0.78  
http_client_body                  IPv4       6            36             2873         128781          6916       249.0k  0.97  
http_header (request)             IPv4       6            34            14494         465891         53271         1.8m  7.03  
http_header (request trailer)     IPv4       6            34             2636           3572          3078       104.7k  0.41  
http_header_names (request)       IPv4       6            34             6804        9764627        300650        10.2m  39.66 
http_accept (request)             IPv4       6            34             3098         178807          9177       312.0k  1.21  
http_referer (request)            IPv4       6            34             2903           4288          3624       123.2k  0.48  
http_content_len (request)        IPv4       6            34             2980          27413          4434       150.8k  0.58  
http_content_type (request)       IPv4       6            34             2959          24709          4473       152.1k  0.59  
http_protocol (request)           IPv4       6            34             3209           6718          4375       148.8k  0.58  
http_start (request)              IPv4       6            34             6904          19688         10441       355.0k  1.38  
http_raw_header (request)         IPv4       6            36            10982          37779         15109       543.9k  2.11  
http_method                       IPv4       6            34             3352          10075          5038       171.3k  0.66  
http_cookie (request)             IPv4       6            34             4608          13940          7359       250.2k  0.97  
http_raw_uri                      IPv4       6            34             3133           7388          4472       152.1k  0.59  
http_user_agent                   IPv4       6            34             8026          38002         17150       583.1k  2.26  
http_host                         IPv4       6            34             2969          29068          4908       166.9k  0.65  
http_response_line                IPv4       6            34             3674          11771          6281       213.6k  0.83  
http_header (response)            IPv4       6            34             7830          57975         18040       613.4k  2.38  
http_header (response trailer)    IPv4       6            34             2595          29745          3894       132.4k  0.51  
http_content_type (response)      IPv4       6            34             3979          13264          7121       242.1k  0.94  
http_raw_header (response)        IPv4       6            34             6883          12283          8492       288.7k  1.12  
http_cookie (response)            IPv4       6            34             2737           4286          3582       121.8k  0.47  
http_stat_code                    IPv4       6            34             3003           5061          3749       127.5k  0.49  
Total                             IPv4                  1150                                         22217        25.6m
payload                           IPv6      17            15             4300          39644         13555       203.3k  0.79  
payload                           IPv6      58             4             3423           8887          5720        22.9k  0.09  
Total                             IPv6                    19                                         11906       226.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             9            15111          97082         64450        580.1k  0.23  
PROF_DETECT_IPONLY          IPv4      17             8            54363         161142         90602        724.8k  0.29  
PROF_DETECT_RULES           IPv4       6           161             2552       10616995        726763        117.0m  46.91 
PROF_DETECT_RULES           IPv4      17            14            63924         443666        123604          1.7m  0.69  
PROF_DETECT_STATEFUL_START    IPv4       6           103             5221        3991445        496920         51.2m  20.52 
PROF_DETECT_STATEFUL_CONT    IPv4       6           161             2736          77634          8685          1.4m  0.56  
PROF_DETECT_STATEFUL_CONT    IPv4      17            14             2750           3615          3208         44.9k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           142             2559          27168          3446        489.5k  0.20  
PROF_DETECT_PREFILTER       IPv4       6           161             7806       10208438        222376         35.8m  14.35 
PROF_DETECT_PREFILTER       IPv4      17            14            24864         744948         85146          1.2m  0.48  
PROF_DETECT_PF_PAYLOAD      IPv4       6           141            19457         518344         64805          9.1m  3.66  
PROF_DETECT_PF_PAYLOAD      IPv4      17            14             9070          23732         12586        176.2k  0.07  
PROF_DETECT_PF_TX           IPv4       6           142             2691       10067798        150362         21.4m  8.56  
PROF_DETECT_PF_SORT1        IPv4       6           141             2777         401115          8454          1.2m  0.48  
PROF_DETECT_PF_SORT1        IPv4      17            14             2802           4676          3890         54.5k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           161             2516         412093          6596          1.1m  0.43  
PROF_DETECT_PF_SORT2        IPv4      17            14             2569           4393          3420         47.9k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           161             2588           4835          3321        534.8k  0.21  
PROF_DETECT_NONMPMLIST      IPv4      17            14             2783           4390          3436         48.1k  0.02  
PROF_DETECT_ALERT           IPv4       6           161             2527          21852          3488        561.6k  0.23  
PROF_DETECT_ALERT           IPv4      17            14             2618           3689          3289         46.0k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           161             2575          18165          3762        605.7k  0.24  
PROF_DETECT_CLEANUP         IPv4      17            14             2521           4367          3621         50.7k  0.02  
PROF_DETECT_GETSGH          IPv4       6           161             2564          47653          3959        637.4k  0.26  
PROF_DETECT_GETSGH          IPv4      17            14             2741          12643          6487         90.8k  0.04  
PROF_DETECT_IPONLY          IPv6      17             9             4601          62499         12681        114.1k  0.05  
PROF_DETECT_IPONLY          IPv6      58             4             3516          14031          8256         33.0k  0.01  
PROF_DETECT_RULES           IPv6      17            15            50620         174604         89423          1.3m  0.54  
PROF_DETECT_RULES           IPv6      58             4             2534           3554          3032         12.1k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv6      17            15             2742           3691          3267         49.0k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv6      58             4             2881           3837          3193         12.8k  0.01  
PROF_DETECT_PREFILTER       IPv6      17            15            30116         444886         70111          1.1m  0.42  
PROF_DETECT_PREFILTER       IPv6      58             4            21248          28960         25366        101.5k  0.04  
PROF_DETECT_PF_PAYLOAD      IPv6      17            15            10829          46418         20184        302.8k  0.12  
PROF_DETECT_PF_PAYLOAD      IPv6      58             4             9031          14503         11954         47.8k  0.02  
PROF_DETECT_PF_SORT1        IPv6      17            15             3437           6490          4369         65.5k  0.03  
PROF_DETECT_PF_SORT2        IPv6      17            15             2599          12175          4132         62.0k  0.02  
PROF_DETECT_PF_SORT2        IPv6      58             4             2930           3649          3262         13.0k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            15             2772           4520          3538         53.1k  0.02  
PROF_DETECT_NONMPMLIST      IPv6      58             4             3203          34781         11295         45.2k  0.02  
PROF_DETECT_ALERT           IPv6      17            15             2610          15024          4259         63.9k  0.03  
PROF_DETECT_ALERT           IPv6      58             4             2530           3252          2894         11.6k  0.00  
PROF_DETECT_CLEANUP         IPv6      17            15             2603           7271          4032         60.5k  0.02  
PROF_DETECT_CLEANUP         IPv6      58             4             2866           4620          3810         15.2k  0.01  
PROF_DETECT_GETSGH          IPv6      17            15             2764          75923         13238        198.6k  0.08  
PROF_DETECT_GETSGH          IPv6      58             4             5519           7124          6332         25.3k  0.01  


stats.log - (3291 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 12/24/2018 -- 14:52:56 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 202
decoder.bytes                              | Total                     | 35252
decoder.ipv4                               | Total                     | 173
decoder.ipv6                               | Total                     | 19
decoder.ethernet                           | Total                     | 202
decoder.tcp                                | Total                     | 159
decoder.udp                                | Total                     | 29
decoder.icmpv6                             | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 174
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 17
flow.icmpv6                                | Total                     | 4
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 4
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 17
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 18
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 34
app_layer.flow.failed_udp                  | Total                     | 17
flow_mgr.new_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 13
flow_mgr.flows_notimeout                   | Total                     | 11
flow_mgr.flows_timeout                     | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65523
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078048


eve.json - (16468 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{"timestamp":"2018-12-11T19:33:49.956751+0000","flow_id":634530165516095,"pcap_cnt":34,"event_type":"http","src_ip":"192.168.56.14","src_port":49175,"dest_ip":"23.212.109.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"crl.microsoft.com","url":"\/pki\/crl\/products\/tspca.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl"}}
{"timestamp":"2018-12-11T19:33:55.301621+0000","flow_id":2183681919875566,"pcap_cnt":49,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:00.277129+0000","flow_id":2183681919875566,"pcap_cnt":53,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:00.277370+0000","flow_id":2183681919875566,"pcap_cnt":54,"event_type":"fileinfo","src_ip":"37.139.6.18","src_port":80,"dest_ip":"192.168.56.14","dest_port":49176,"proto":"TCP","http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":48},"app_proto":"http","fileinfo":{"filename":"\/dpixel","gaps":false,"state":"CLOSED","stored":false,"size":48,"tx_id":1}}
{"timestamp":"2018-12-11T19:34:00.789489+0000","flow_id":2183681919875566,"pcap_cnt":60,"event_type":"alert","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2018-12-11T19:34:00.789489+0000","flow_id":2183681919875566,"pcap_cnt":60,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"37.139.6.18","url":"\/submit.php?id=60605","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-12-11T19:34:00.789489+0000","flow_id":2183681919875566,"pcap_cnt":60,"event_type":"fileinfo","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","http":{"hostname":"37.139.6.18","url":"\/submit.php?id=60605","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/submit.php","gaps":false,"state":"CLOSED","stored":false,"size":1556,"tx_id":2}}
{"timestamp":"2018-12-11T19:34:05.826799+0000","flow_id":2183681919875566,"pcap_cnt":65,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:10.633708+0000","flow_id":2183681919875566,"pcap_cnt":69,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:15.500845+0000","flow_id":2183681919875566,"pcap_cnt":73,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":5,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:20.608008+0000","flow_id":2183681919875566,"pcap_cnt":77,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":6,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:25.676075+0000","flow_id":2183681919875566,"pcap_cnt":81,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":7,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:30.612456+0000","flow_id":2183681919875566,"pcap_cnt":85,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":8,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:35.469525+0000","flow_id":2183681919875566,"pcap_cnt":89,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":9,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:40.756971+0000","flow_id":2183681919875566,"pcap_cnt":93,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":10,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:45.774250+0000","flow_id":2183681919875566,"pcap_cnt":97,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":11,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:50.801365+0000","flow_id":2183681919875566,"pcap_cnt":103,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":12,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:34:55.788595+0000","flow_id":2183681919875566,"pcap_cnt":107,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":13,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:00.745722+0000","flow_id":2183681919875566,"pcap_cnt":111,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":14,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:05.592653+0000","flow_id":2183681919875566,"pcap_cnt":115,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":15,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:10.740060+0000","flow_id":2183681919875566,"pcap_cnt":119,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":16,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:15.728024+0000","flow_id":2183681919875566,"pcap_cnt":123,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":17,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:20.956435+0000","flow_id":2183681919875566,"pcap_cnt":127,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":18,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:25.751623+0000","flow_id":2183681919875566,"pcap_cnt":131,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":19,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:30.528541+0000","flow_id":2183681919875566,"pcap_cnt":135,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":20,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:35.616148+0000","flow_id":2183681919875566,"pcap_cnt":139,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":21,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:40.522871+0000","flow_id":2183681919875566,"pcap_cnt":145,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":22,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:45.329861+0000","flow_id":2183681919875566,"pcap_cnt":149,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":23,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:50.417151+0000","flow_id":2183681919875566,"pcap_cnt":154,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":24,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:35:55.284122+0000","flow_id":2183681919875566,"pcap_cnt":158,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":25,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:00.491609+0000","flow_id":2183681919875566,"pcap_cnt":162,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":26,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:05.578943+0000","flow_id":2183681919875566,"pcap_cnt":167,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":27,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:10.455948+0000","flow_id":2183681919875566,"pcap_cnt":171,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":28,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:15.423049+0000","flow_id":2183681919875566,"pcap_cnt":175,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":29,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:20.240031+0000","flow_id":2183681919875566,"pcap_cnt":179,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":30,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:25.177118+0000","flow_id":2183681919875566,"pcap_cnt":191,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":31,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:30.034066+0000","flow_id":2183681919875566,"pcap_cnt":201,"event_type":"http","src_ip":"192.168.56.14","src_port":49176,"dest_ip":"37.139.6.18","dest_port":80,"proto":"TCP","tx_id":32,"http":{"hostname":"37.139.6.18","url":"\/dpixel","http_user_agent":"Mozilla\/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident\/7.0;  rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-11T19:36:31.259323+0000","flow_id":634530165516095,"event_type":"fileinfo","src_ip":"23.212.109.146","src_port":80,"dest_ip":"192.168.56.14","dest_port":49175,"proto":"TCP","http":{"hostname":"crl.microsoft.com","url":"\/pki\/crl\/products\/tspca.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":521},"app_proto":"http","fileinfo":{"filename":"\/pki\/crl\/produ

This file has been truncated. Go here to download in full.


suricata-report-2018-12-24-T-14-52-56-12242018.1452-network_1.pcap.txt - (17867 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/2625a08168de1ca08b7ddf93800b752456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12242018.1452-network_1.pcap -vvv -k none
elapsedtime:23.762139
stderr:
stdout:
24/12/2018 -- 14:52:32 - <Info> - Configuration node 'rule-files' redefined.
24/12/2018 -- 14:52:32 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/12/2018 -- 14:52:32 - <Info> - CPUs/cores online: 1
24/12/2018 -- 14:52:32 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33644 and 'request-body-inspect-window' set to 16931 after randomization.
24/12/2018 -- 14:52:32 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31225 and 'response-body-inspect-window' set to 16610 after randomization.
24/12/2018 -- 14:52:32 - <Config> - DNS request flood protection level: 500
24/12/2018 -- 14:52:32 - <Config> - DNS per flow memcap (state-memcap): 524288
24/12/2018 -- 14:52:32 - <Config> - DNS global memcap: 16777216
24/12/2018 -- 14:52:32 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/12/2018 -- 14:52:32 - <Config> - preallocated 1000 hosts of size 136
24/12/2018 -- 14:52:32 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/12/2018 -- 14:52:32 - <Config> - using magic-file /usr/share/file/magic
24/12/2018 -- 14:52:32 - <Config> - Core dump size is unlimited.
24/12/2018 -- 14:52:32 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/12/2018 -- 14:52:32 - <Config> - preallocated 1000 defrag trackers of size 168
24/12/2018 -- 14:52:32 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/12/2018 -- 14:52:32 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/12/2018 -- 14:52:32 - <Config> - stream "memcap": 33554432
24/12/2018 -- 14:52:32 - <Config> - stream "midstream" session pickups: disabled
24/12/2018 -- 14:52:32 - <Config> - stream "async-oneside": disabled
24/12/2018 -- 14:52:32 - <Config> - stream "checksum-validation": disabled
24/12/2018 -- 14:52:32 - <Config> - stream."inline": disabled
24/12/2018 -- 14:52:32 - <Config> - stream "bypass": disabled
24/12/2018 -- 14:52:32 - <Config> - stream "max-synack-queued": 5
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly "memcap": 134217728
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly "depth": 0
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly "toserver-chunk-size": 2578
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly "toclient-chunk-size": 2641
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly.raw: enabled
24/12/2018 -- 14:52:32 - <Config> - stream.reassembly "segment-prealloc": 2048
24/12/2018 -- 14:52:32 - <Config> - Delayed detect disabled
24/12/2018 -- 14:52:32 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/12/2018 -- 14:52:32 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/12/2018 -- 14:52:32 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/12/2018 -- 14:52:32 - <Config> - prefilter engines: MPM
24/12/2018 -- 14:52:32 - <Config> - IP reputation disabled
24/12/2018 -- 14:52:32 - <Perf> - Registered 148 keyword profiling counters.
24/12/2018 -- 14:52:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
24/12/2018 -- 14:52:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
24/12/2018 -- 14:52:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
24/12/2018 -- 14:52:38 - <Config> - No rules loaded from ET-icmp.rules.
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
24/12/2018 -- 14:52:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
24/12/2018 -- 14:52:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
24/12/2018 -- 14:52:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
24/12/2018 -- 14:52:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
24/12/2018 -- 14:52:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
24/12/2018 -- 14:52:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
24/12/2018 -- 14:52:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
24/12/2018 -- 14:52:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
24/12/2018 -- 14:52:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
24/12/2018 -- 14:52:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
24/12/2018 -- 14:52:46 - <Config> - No rules loaded from local.rules.
24/12/2018 -- 14:52:46 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
24/12/2018 -- 14:52:46 - <Info> - Threshold config parsed: 0 rule(s) found
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tcp-packet
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tcp-stream
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for udp-packet
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for other-ip
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_uri
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_request_line
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_client_body
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_response_line
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_header
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_header
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_header_names
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_header_names
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_accept
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_accept_enc
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_accept_lang
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_referer
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_connection
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_content_len
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_content_len
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_content_type
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_content_type
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_protocol
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_protocol
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_start
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_start
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_raw_header
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_raw_header
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_method
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_cookie
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_cookie
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_raw_uri
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_user_agent
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_host
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_raw_host
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_stat_msg
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_stat_code
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for dns_query
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tls_sni
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for dce_stub_data
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for dce_stub_data
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for ssh_protocol
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for ssh_protocol
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for ssh_software
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for ssh_software
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for file_data
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for file_data
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_request_line
24/12/2018 -- 14:52:46 - <Perf> - using shared mpm ctx' for http_response_line
24/12/2018 -- 14:52:46 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
24/12/2018 -- 14:52:46 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/12/2018 -- 14:52:47 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
24/12/2018 -- 14:52:47 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
24/12/2018 -- 14:52:47 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
24/12/2018 -- 14:52:47 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
24/12/2018 -- 14:52:47 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
24/12/2018 -- 14:52:47 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/12/2018 -- 14:52:52 - <Perf> - Unique rule groups: 104
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toserver TCP packet": 35
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toclient TCP packet": 17
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toserver TCP stream": 33
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toclient TCP stream": 19
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toserver UDP packet": 27
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "toclient UDP packet": 17
24/12/2018 -- 14:52:52 - <Perf> - Builtin MPM "other IP packet": 3
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_uri": 14
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_header": 10
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_header": 6
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_header_names": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_protocol": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_start": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_method": 5
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver http_host": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver tls_sni": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toserver file_data": 1
24/12/2018 -- 14:52:52 - <Perf> - AppLayer MPM "toclient file_data": 7
24/12/2018 -- 14:52:55 - <Perf> - Registered 39590 rule profiling counters.
24/12/2018 -- 14:52:55 - <Info> - fast output device (regular) initialized: alert
24/12/2018 -- 14:52:55 - <Info> - eve-log output device (regular) initialized: eve.json
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'alert'
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'http'
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'dns'
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'tls'
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'files'
24/12/2018 -- 14:52:55 - <Config> - enabling 'eve-log' module 'ssh'
24/12/2018 -- 14:52:55 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/12/2018 -- 14:52:55 - <Info> - stats output device (regular) initialized: stats.log
24/12/2018 -- 14:52:55 - <Config> - AutoFP mode using "Hash" flow 

This file has been truncated. Go here to download in full.


keyword_perf.log - (10745 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/24/2018 -- 14:52:56
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9821768         2602            2602            401804          3774.00         3774.00         0.00           
  content          18052176        3831            2345            416779          4712.00         4848.00         4496.00        
  pcre             4047327         601             271             426852          6734.00         7270.00         6294.00        
  byte_jump        25925           4               0               11965           6481.00         0.00            6481.00        
  flowbits         1056763         292             97              33552           3619.00         3528.00         3664.00        
  urilen           2235368         652             71              31516           3428.00         3287.00         3445.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9821768         2602            2602            401804          3774.00         3774.00         0.00           
  flowbits         918646          259             64              33552           3546.00         3189.00         3664.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          802781          172             53              82579           4667.00         6990.00         3632.00        
  pcre             54257           3               0               44163           18085.00        0.00            18085.00       
  byte_jump        25925           4               0               11965           6481.00         0.00            6481.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         138117          33              33              13127           4185.00         4185.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          738275          181             57              27099           4078.00         4670.00         3806.00        
  pcre             1425042         197             6               65330           7233.00         15672.00        6968.00        
  urilen           2235368         652             71              31516           3428.00         3287.00         3445.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12889           2               1               7706            6444.00         7706.00         5183.00        
  pcre             6504            1               0               6504            6504.00         0.00            6504.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          111985          34              0               4363            3293.00         0.00            3293.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13571873        2751            1788            416779          4933.00         4975.00         4854.00        
  pcre             2260544         334             199             426852          6768.00         7915.00         5076.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          299545          77              4               7477            3890.00         4313.00         3866.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14462           3               2               5575            4820.00         4443.00         5575.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          315172          80              44              26573           3939.00         3867.00         4027.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2178626         529             396             41535           4118.00         4124.00         4100.00        
  pcre             300980          66              66              20064           4560.00         4560.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6568            2               0               3328            3284.00         0.00            3284.00        


suricata-4.0.0-etpro-all-perf.txt-2018-12-24-T-14-52-56-12242018.1452-network_1.pcap.txt - (32471 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/24/2018 -- 14:52:56. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2007880      1        7        9706191      9.23   1        0        9706191     9706191.00  0.00        9706191.00 
  2        2816909      1        2        3072580      2.92   33       0        489454      93108.48    0.00        93108.48   
  3        2025064      1        5        1883320      1.79   33       0        486261      57070.30    0.00        57070.30   
  4        2022199      1        2        2586374      2.46   33       0        482637      78374.97    0.00        78374.97   
  5        2816929      1        4        1479108      1.41   33       0        447949      44821.45    0.00        44821.45   
  6        2821615      1        2        1456879      1.39   34       0        435494      42849.38    0.00        42849.38   
  7        2826256      1        2        1371782      1.30   34       0        425126      40346.53    0.00        40346.53   
  8        2816857      1        2        1303982      1.24   33       0        423701      39514.61    0.00        39514.61   
  9        2819887      1        2        1420975      1.35   32       0        422930      44405.47    0.00        44405.47   
  10       2018010      1        5        1307096      1.24   33       0        420827      39608.97    0.00        39608.97   
  11       2019343      1        3        1510442      1.44   33       0        412465      45770.97    0.00        45770.97   
  12       2816940      1        2        2409550      2.29   33       0        281126      73016.67    0.00        73016.67   
  13       2816910      1        2        2090123      1.99   33       0        141597      63337.06    0.00        63337.06   
  14       2018358      1        7        3123037      2.97   35       1        139241      89229.63    26792.00    91066.03   
  15       2828122      1        2        1543021      1.47   33       0        136710      46758.21    0.00        46758.21   
  16       2816327      1        4        1334038      1.27   33       0        134302      40425.39    0.00        40425.39   
  17       2815817      1        5        1144382      1.09   33       0        111458      34678.24    0.00        34678.24   
  18       2816328      1        5        1097275      1.04   33       0        110257      33250.76    0.00        33250.76   
  19       2816356      1        2        1449231      1.38   34       0        109824      42624.44    0.00        42624.44   
  20       2021069      1        2        1375764      1.31   33       33       108948      41689.82    41689.82    0.00       
  21       2815363      1        3        105385       0.10   1        0        105385      105385.00   0.00        105385.00  
  22       2020855      1        3        1576713      1.50   33       0        103975      47779.18    0.00        47779.18   
  23       2022502      1        4        894119       0.85   34       0        101387      26297.62    0.00        26297.62   
  24       2010140      1        7        380042       0.36   29       0        98539       13104.90    0.00        13104.90   
  25       2821561      1        2        1189590      1.13   33       0        96642       36048.18    0.00        36048.18   
  26       2024135      1        2        873374       0.83   32       0        94308       27292.94    0.00        27292.94   
  27       2816165      1        5        948354       0.90   34       0        93769       27892.76    0.00        27892.76   
  28       2024771      1        1        1168077      1.11   34       0        93496       34355.21    0.00        34355.21   
  29       2018983      1        7        1082701      1.03   33       0        88716       32809.12    0.00        32809.12   
  30       2021418      1        9        87538        0.08   1        0        87538       87538.00    0.00        87538.00   
  31       2017552      1        6        1514881      1.44   69       0        86263       21954.80    0.00        21954.80   
  32       2811905      1        3        104739       0.10   3        0        85977       34913.00    0.00        34913.00   
  33       2816931      1        3        1146648      1.09   33       0        81916       34746.91    0.00        34746.91   
  34       2816928      1        3        1068940      1.02   33       0        79465       32392.12    0.00        32392.12   
  35       2815868      1        2        76144        0.07   1        0        76144       76144.00    0.00        76144.00   
  36       2820851      1        5        1317064      1.25   33       0        75500       39911.03    0.00        39911.03   
  37       2021399      1        3        75405        0.07   1        0        75405       75405.00    0.00        75405.00   
  38       2024137      1        2        806073       0.77   32       0        73167       25189.78    0.00        25189.78   
  39       2019344      1        5        1375644      1.31   33       0        72345       41686.18    0.00        41686.18   
  40       2816925      1        3        1043009      0.99   33       0        70530       31606.33    0.00        31606.33   
  41       2019881      1        3        1138582      1.08   33       0        70266       34502.48    0.00        34502.48   
  42       2807793      1        4        69995        0.07   1        0        69995       69995.00    0.00        69995.00   
  43       2019074      1        4        69850        0.07   1        0        69850       69850.00    0.00        69850.00   
  44       2017613      1        9        1196431      1.14   33       0        68717       36255.48    0.00        36255.48   
  45       2827240      1        2        68505        0.07   1        0        68505       68505.00    0.00        68505.00   
  46       2816669      1        4        1269742      1.21   33       0        67544       38477.03    0.00        38477.03   
  47       2018789      1        3        116045       0.11   3        0        67406       38681.67    0.00        38681.67   
  48       2816922      1        5        1121897      1.07   33       0        67233       33996.88    0.00        33996.88   
  49       2017119      1        4        65588        0.06   1        0        65588       65588.00    0.00        65588.00   
  50       2827279      1        5        930856       0.89   34       0        65002       27378.12    0.00        27378.12   
  51       2816525      1        10       1295369      1.23   33       0        64940       39253.61    0.00        39253.61   
  52       2022609      1        2        64164        0.06   1        0        64164       64164.00    0.00        64164.00   
  53       2024140      1        2        804147       0.76   32       0        63956       25129.59    0.00        25129.59   
  54       2018958      1        18       1333005      1.27   33       0        63747       40394.09    0.00        40394.09   
  55       2809859      1        6        63392        0.06   1        0        63392       63392.00    0.00        63392.00   
  56       2020612      1        3        62820        0.06   1        0        62820       62820.00    0.00        62820.00   
  57       2816927      1        3        1012886      0.96   33       0        62790       30693.52    0.00        30693.52   
  58       2018981      1        4        1070373      1.02   33       0        62187       32435.55    0.00        32435.55   
  59       2823644      1        2        61985        0.06   1        0        61985       61985.00    0.00        61985.00   
  60       2021718      1        4        61235        0.06   1        0        61235       61235.00    0.00        61235.00   
  61       2816526      1        13       1123818      1.07   33       0        61083       34055.09    0.00        34055.09   
  62       2022901      1        2        60998        0.06   1        0        60998       60998.00    0.00        60998.00   
  63       2020706      1        2        60899        0.06   1        0        60899       60899.00    0.00        60899.00   
  64       2018452      1        15       1279034      1.22   33       0        60548       38758.61    0.00        38758.61   
  65       2819673      1        4        1092309      1.04   33       0        59874       33100.27    0.00        33100.27   
  66       2024136      1        2        775844       0.74   32       0        58914       24245.12    0.00        24245.12   
  67       2016858      1        10       1040338      0.99   33       0        58679       31525.39    0.00        31525.39   
  68       2807970      1        8        58327        0.06   1        0        58327       58327.00    0.00        58327.00   
  69       2828190      1        2        862502       0.82   33       0        57179       26136.42    0.00        26136.42   
  70       2812141      1        2        56792        0.05   1        0        56792       56792.00    0.00        56792.00   
  71       2811740      1        2        839226       0.80   33       0        55526       25431.09    0.00        25431.09   
  72       2024138      1        2        810320       0.77   32       0        55518       25322.50    0.00        25322.50   
  73       2100540      1        12       424206       0.40   73       0        53934       5811.04     0.00        5811.04    
  74       2008782      1        5        820861       0.78   34       0        53452       24142.97    0.00        24142.97   
  75       2020083      1        3        52622        0.05   1        0        52622       52622.00    0.00        52622.00   
  76       2816924      1        4        1013681      0.96   33       0        52522       30717.61    0.00        30717.61   
  77       2024134      1        2        757637       0.72   32       0        52306       23676.16    0.00        23676.16   
  78       2815660      1        4        620535       0.59   32       0        51919       19391.72    0.00        19391.72   
  79       2021552      1        2        51534        0.05   1        0        51534       51534.00    0.00        51534.00   
  80       2024239      1        3        51361        0.05   1        0        51361       51361.00    0.00        51361.00   
  81       2816930      1        4        1039627      0.99   33       0        51040       31503.85    0.00        31503.85   
  82       2816860      1        2        50838        0.05   1        0        50838       50838.00    0.00        50838.00   
  83       2828008      1        2        833256       0.79   34       0        50764       24507.53    0.00        24507.53   
  84       2024141      1        2        857995       0.82   32       0        50518       26812.34    0.00        26812.34   
  85       2017454      1        12       49598        0.05   1        0        49598       49598.00    0.00        49598.00   
  86       2024606      1        2        49559        0.05   1        0        49559       49559.00    0.00        49559.00   
  87       2816330      1        2        979818       0.93   32       0        49499       30619.31    0.00        30619.31   
  88       2017261      1        3        49191        0.05   1        0        49191       49191.00    0.00        49191.00   
  89       2016537      1        2        660022       0.63   35       0        48974       18857.77    0.00        18857.77   
  90       2003657      1        18       936599       0.89   33       0        48939       28381.79    0.00        28381.79   
  91       2828060      1        4        48203        0.05   1        0        48203       48203.00    0.00        48203.00   
  92       2013419      1        4        48128        0.05   1        0        48128       48128.00    0.00        48128.00   
  93       2815872      1        2        563857       0.54   32       0        47882       17620.53    0.00        17620.53   
  94       2809363      1        3        47302        0.04   1        0        47302       47302.00    0.00        47302.00   
  95       2827580      1        7        46940        0.04   1        0        46940       46940.00    0.00        46940.00   
  96       2812526      1        2        46541        0.04   1        0        46541       46541.00    0.00        46541.00   
  97       2020181      1        8        46259        0.04   1        0        46259       46259.00    0.00        46259.00   
  98       2021413      1        2        46062        0.04   1        0        46062       46062.00    0.00        46062.00   
  99       2804626      1        9        796306       0.76   33       0        45950       24130.48    0.00        24130.48   
  100      2822482      1        6        44677        0.04   1        0        44677       44677.00    0.00        44677.00   
  101      2017814      1        3        44588        0.04   1        0        44588       44588.00    0.00        44588.00   
  102      2823917      1        2        44572        0.04   1        0        44572       44572.00    0.00        44572.00   
  103      2019094      1        5        44501        0.04   1        0        44501       44501.00    0.00        44501.00   
  104      2804586      1        2        185662       0.18   33       0        43658       5626.12     0.00        5626.12    
  105      2020963      1        2        43640        0.04   1        0        43640       43640.00    0.00        43640.00   
  106      2812433      1        2        43436        0.04   1        0        43436       43436.00    0.00        43436.00   
  107      2816394      1        2        783468       0.75   32       0        43141       24483.38    0.00        24483.38   
  108      2022679      1        4        42929        0.04   1        0        42929       42929.00    0.00        42929.00   
  109      2820983      1        5        42856        0.04   1        0        42856       42856.00    0.00        42856.00   
  110      2020964      1        2        42739        0.04   1        0        42739       42739.00    0.00        42739.00   
  111      2816530      1        2        781753       0.74   34       0        42712       22992.74    0.00        22992.74   
  112      2012707      1        5        824105       0.78   34       0        42599       24238.38    0.00        24238.38   
  113      2816095      1        7        571865       0.54   32       0        42349       17870.78    0.00        17870.78   
  114      2819881      1        2        41645        0.04   1        0        41645       41645.00    0.00        41645.00   
  115      2014189      1        3        41582        0.04   1        0        41582       41582.00    0.00        41582.00   
  116      2024139      1        2        749700       0.71   32       0        41465       23428.12    0.00        23428.12   
  117      2815156      1        2        41461        0.04   1        0        41461       41461.00    0.00        41461.00   
  118      2816189      1        2        41398        0.04   1        0        41398       41398.00    0.00        41398.00   
  119      2024133      1        2        734099       0.70   32       0        41297       22940.59    0.00        22940.59   
  120      2821471      1        2        41249        0.04   1        0        41249       41249.00    0.00        41249.00   
  121      2821022      1        4        561732       0.53   32       0        41234       17554.12    0.00        17554.12   
  122      2017948      1        2        58459        0.06   3        0        38230       19486.33    0.00        19486.33   
  123      2823858      1        3        38035        0.04   1        0        38035       38035.00    0.00        38035.00   
  124      2021747      1        9        37943        0.04   1        0        37943       37943.00    0.00        37943.00   
  125      2018496      1        9        

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2018-12-24 14:52:31,740 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-24 14:52:32,543 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-24 14:52:32,544 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-12-24 14:52:32,544 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-24 14:52:32,544 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-24 14:52:32,544 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/2625a08168de1ca08b7ddf93800b752456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12242018.1452-network_1.pcap -vvv -k none
2018-12-24 14:52:56,309 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-24 14:52:56,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.5772790909


unified2.alert.1545663175 - (2164 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
4\(ñÌ6À¨8%‹ÀPh\(\(ñLE>•gÀ¨8%‹ÀPPDŒPOST /submit.php?id=60605 HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0;  rv:11.0) like Gecko
Host: 37.139.6.18
Content-Length: 1556
Connection: Keep-Alive
Cache-Control: no-cache

\(\(ñêEܐÉÀ¨8%‹ÀPPXâŸÓCQî=Ÿü"W¯„ðï0N‚
}¥”¼ [Žs °»h¸°Ik1 ÏFöf˜¨VÈ=Y‚%öśmÇ­6݉„Nª>kZq·ÝFj™9’;© iwiuÁ‰
¬etÏÑfÀԎ
“V0¿.B2M‚›I®†h¶€Åx÷‹2ÆÅûÇ/¿uÙrA„E9Ïí<¦ƒu”lì>
+êÚ¨ђ’ ˜EI—¤¤Ú®pET±Áýªò
‹‘òÝÈ@¥r†^Zp³Å~ȤÁåì¶æ—$¾iá~döœHú5?W³êz"`¨­´à/°D<J6ÐùóIÎÙáþÃÏê‹pѽ_؅?u2¾Kª
‹n&>«_üqR{2Nƒ¶\’R=9óJ§dmû×I®s%cóè›,®IÊ4©¡£íã %;CÌ×
éTŠs–ÂÝZæ=—íªIs/¹ú\ŠŽ;g›ùs.YHýùà?"ÓZ-½k_µ\{ÜðúàkøíœæÊÝTÜÖBGÒG ©É=EÑÃ.3Œ©ÖÑÇ8p¹¿Ö	ú•¤©6èý
Ó}âe÷ók‹Û{.…r’36XÿT¹
°|Qä+š,æÜ<óy¬§à»þÈ~‹8îÑ.Ç£—5ƒ•¹_Ä,ÌB‚b•L^áèÓ­ƒšçŒ¨MžŽ+˜hߞ®
¦JndhÊ⍎ö
‰ïö+ù! Œ(u>»¢-rñëމ*,#d†ó%×Eèú,7 ÷R*^ÎÊ8P¦› Óßç¬O’ì³ÝP}7vqÔ…^ÏÚ_ù…¤nuÂÅÄ#nê4Nӓ¬¬j
;qB¤‰‘‘µ¨0+×à«!9ÏÔ½ù«†{Oò¯J¯›¦Öò•…ÑKgÓ8˜Àüå~n¢‹{ÀÕúž`WÅÖ}ÿËuõÌ÷±‹%ü›öõ,I£|ÎEíÝ7ô̖®sN·Óéáù’³=Ýwãå	ΝAw’9¹±40.ђN–~aá§Ñ
š›”Ê»íܯ_…vv…Tò&?mÔw†¾á¢qûÕâÖ¥yëˆ-~º‘sK†w4„Äׂ3nvWíñjª%á߇8¢7`z¥”#îÕG,›OÛB{O”wåmlþ¾¯!™ÞOèä}=ùú#A“î{Í¥PÆëjpœ£œ{èÅÝ!Ӄýõ~`‡ƒšÈÍI˜“—‡‚¦Æù<0ûi	è€Ê±%…‘‰³—Áýæ02*JÔYÒ݌0Äoòç7å.¨s{ïõr¤é«ŸÿÄX&–ro³úʵÇÓfJl!ÉfPòð@¨	8qï•pvH©{+ӁŠßµRkª±üp¶)º?ÿÏnÂ^—•e$OÛY†ƒ]V­÷FñÎ_å&•Ì)= ¸k`§¹¿U’T=CßC)©¬PZvÿKÅ{°ºk:֎ï#´NþóÌýBž¼Gy­éBwÚd{@ø©ª!/ _‘èyHlºñkýÄ=]ßt²;à›<oý*m.¬Yh³¥qIUÆTñQé‚R…nk.…æ¨I¨áRÃU/%DcHô¨Ú^3© 4º;ÅÚJ1Qu|9š»û¢ŠNlèpÉêÆÏ­íf§¥_ˆŸù%ì*B±å*²ç?€úšAcxRáƒ4Žð»ñs÷7àþWÏ;–X6uþQýQ÷•’3ªìŠÕ\5Rãκê]d]­‹S
`{Þy-³¸Ú„7WíEúOÍ=ògëƄÎJH-qʆŸÿÈo'°!Z¨VßÚÇ#ébsÜeïC+>ý%°ës©•·¤ì´(ÂN^Ŏ}‰Œ¹pTÿs*±¿Ìãj…«c~!ü¨|áõ—\Ô\:°|-£r#ûâ^›û<"åꐰ€¶hÜ([߈…²\(\(ñ–Eˆ–À¨8%‹ÀPP­—s?&ƒf¹@
—$HEˆ?àÓÐäkã(̛‡Q1S[‹]Ё*NÐ+’¾;nH›3ô†nB‡ãÃm{.• 'É£'àòȝù6”óØ#/=•UaÂÁ>xf“TÛ


suricata-4.0.0-etpro-all-alert-2018-12-24-T-14-52-56-12242018.1452-network_1.pcap.txt - (219 bytes) - download
1
12/11/2018-19:34:00.789489  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.14:49176 -> 37.139.6.18:80