Filename: network (3).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.4723470211 seconds
Hash: 28294af3a6b9b758165f672ad245ad78
Uploaded: 1568629023

Logfiles


suricata-report-2019-09-16-T-10-17-29-09162019.1017-network_3.pcap.txt - (17653 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/28294af3a6b9b758165f672ad245ad7856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1017-network_3.pcap -vvv -k none
elapsedtime:25.445588
stderr:
stdout:
16/9/2019 -- 10:17:04 - <Info> - Configuration node 'rule-files' redefined.
16/9/2019 -- 10:17:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/9/2019 -- 10:17:04 - <Info> - CPUs/cores online: 1
16/9/2019 -- 10:17:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31772 and 'request-body-inspect-window' set to 15752 after randomization.
16/9/2019 -- 10:17:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33971 and 'response-body-inspect-window' set to 15667 after randomization.
16/9/2019 -- 10:17:04 - <Config> - DNS request flood protection level: 500
16/9/2019 -- 10:17:04 - <Config> - DNS per flow memcap (state-memcap): 524288
16/9/2019 -- 10:17:04 - <Config> - DNS global memcap: 16777216
16/9/2019 -- 10:17:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/9/2019 -- 10:17:04 - <Config> - preallocated 1000 hosts of size 136
16/9/2019 -- 10:17:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/9/2019 -- 10:17:04 - <Config> - using magic-file /usr/share/file/magic
16/9/2019 -- 10:17:04 - <Config> - Core dump size is unlimited.
16/9/2019 -- 10:17:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/9/2019 -- 10:17:04 - <Config> - preallocated 1000 defrag trackers of size 168
16/9/2019 -- 10:17:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/9/2019 -- 10:17:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/9/2019 -- 10:17:04 - <Config> - stream "memcap": 33554432
16/9/2019 -- 10:17:04 - <Config> - stream "midstream" session pickups: disabled
16/9/2019 -- 10:17:04 - <Config> - stream "async-oneside": disabled
16/9/2019 -- 10:17:04 - <Config> - stream "checksum-validation": disabled
16/9/2019 -- 10:17:04 - <Config> - stream."inline": disabled
16/9/2019 -- 10:17:04 - <Config> - stream "bypass": disabled
16/9/2019 -- 10:17:04 - <Config> - stream "max-synack-queued": 5
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly "memcap": 134217728
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly "depth": 0
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly "toserver-chunk-size": 2566
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly "toclient-chunk-size": 2575
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly.raw: enabled
16/9/2019 -- 10:17:04 - <Config> - stream.reassembly "segment-prealloc": 2048
16/9/2019 -- 10:17:04 - <Config> - Delayed detect disabled
16/9/2019 -- 10:17:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/9/2019 -- 10:17:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/9/2019 -- 10:17:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/9/2019 -- 10:17:04 - <Config> - prefilter engines: MPM
16/9/2019 -- 10:17:04 - <Config> - IP reputation disabled
16/9/2019 -- 10:17:04 - <Perf> - Registered 148 keyword profiling counters.
16/9/2019 -- 10:17:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/9/2019 -- 10:17:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/9/2019 -- 10:17:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/9/2019 -- 10:17:09 - <Config> - No rules loaded from ET-icmp.rules.
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/9/2019 -- 10:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/9/2019 -- 10:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/9/2019 -- 10:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/9/2019 -- 10:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/9/2019 -- 10:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/9/2019 -- 10:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/9/2019 -- 10:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/9/2019 -- 10:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/9/2019 -- 10:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/9/2019 -- 10:17:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/9/2019 -- 10:17:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/9/2019 -- 10:17:17 - <Config> - No rules loaded from local.rules.
16/9/2019 -- 10:17:17 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/9/2019 -- 10:17:17 - <Info> - Threshold config parsed: 0 rule(s) found
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tcp-packet
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tcp-stream
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for udp-packet
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for other-ip
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_uri
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_client_body
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_accept
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_accept_enc
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_accept_lang
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_referer
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_connection
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_method
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_raw_uri
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_user_agent
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_host
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_raw_host
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_stat_msg
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_stat_code
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for dns_query
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tls_sni
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:17:18 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:17:18 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/9/2019 -- 10:17:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/9/2019 -- 10:17:18 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/9/2019 -- 10:17:18 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/9/2019 -- 10:17:18 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/9/2019 -- 10:17:18 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/9/2019 -- 10:17:18 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/9/2019 -- 10:17:18 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/9/2019 -- 10:17:26 - <Perf> - Unique rule groups: 104
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/9/2019 -- 10:17:26 - <Perf> - Builtin MPM "other IP packet": 3
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_header": 10
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_header": 6
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_start": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_method": 5
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver http_host": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toserver file_data": 1
16/9/2019 -- 10:17:26 - <Perf> - AppLayer MPM "toclient file_data": 7
16/9/2019 -- 10:17:28 - <Perf> - Registered 39590 rule profiling counters.
16/9/2019 -- 10:17:28 - <Info> - fast output device (regular) initialized: alert
16/9/2019 -- 10:17:28 - <Info> - eve-log output device (regular) initialized: eve.json
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'alert'
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'http'
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'dns'
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'tls'
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'files'
16/9/2019 -- 10:17:28 - <Config> - enabling 'eve-log' module 'ssh'
16/9/2019 -- 10:17:28 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/9/2019 -- 10:17:28 - <Info> - stats output device (regular) initialized: stats.log
16/9/2019 -- 10:17:28 - <Config> - AutoFP mode using "Hash" flow load balancer
16/9/2019 -- 10:17:28 - <Info> - reading pcap file /var/pcap/09162019.1017-network_3.pcap
16/9/2019 -- 10:17:28 - <Config> - using 1 flow manager threads
16/9/2019 -- 10:17:28 - <Co

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-16-T-10-17-29-09162019.1017-network_3.pcap.txt - (45910 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:17:29. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2815753      1        2        555770       1.75   2        0        493882      277885.00   0.00        277885.00  
  2        2008116      1        4        480474       1.52   1        0        480474      480474.00   0.00        480474.00  
  3        2821561      1        2        551224       1.74   2        0        477686      275612.00   0.00        275612.00  
  4        2020936      1        3        447316       1.41   2        0        412430      223658.00   0.00        223658.00  
  5        2018784      1        9        338096       1.07   1        0        338096      338096.00   0.00        338096.00  
  6        2023615      1        3        362782       1.14   19       0        273774      19093.79    0.00        19093.79   
  7        2009471      1        9        369994       1.17   27       0        193802      13703.48    0.00        13703.48   
  8        2823263      1        3        182860       0.58   1        0        182860      182860.00   0.00        182860.00  
  9        2815780      1        4        168244       0.53   1        0        168244      168244.00   0.00        168244.00  
  10       2024565      1        3        156784       0.49   1        0        156784      156784.00   0.00        156784.00  
  11       2024555      1        7        154750       0.49   1        0        154750      154750.00   0.00        154750.00  
  12       2024554      1        7        147542       0.47   1        0        147542      147542.00   0.00        147542.00  
  13       2814472      1        4        238770       0.75   2        0        139430      119385.00   0.00        119385.00  
  14       2812100      1        3        135764       0.43   1        0        135764      135764.00   0.00        135764.00  
  15       2810651      1        2        133358       0.42   1        0        133358      133358.00   0.00        133358.00  
  16       2815778      1        6        129956       0.41   1        0        129956      129956.00   0.00        129956.00  
  17       2816910      1        2        241446       0.76   2        0        125080      120723.00   0.00        120723.00  
  18       2007863      1        9        337360       1.06   27       0        124254      12494.81    0.00        12494.81   
  19       2809513      1        5        122652       0.39   1        0        122652      122652.00   0.00        122652.00  
  20       2815480      1        6        183346       0.58   2        0        122616      91673.00    0.00        91673.00   
  21       2019094      1        5        370482       1.17   28       0        115912      13231.50    0.00        13231.50   
  22       2811867      1        2        112170       0.35   1        0        112170      112170.00   0.00        112170.00  
  23       2812976      1        3        111826       0.35   1        0        111826      111826.00   0.00        111826.00  
  24       2022901      1        2        184876       0.58   2        0        111250      92438.00    0.00        92438.00   
  25       2816909      1        2        203294       0.64   2        0        110610      101647.00   0.00        101647.00  
  26       2024099      1        2        245550       0.77   27       0        102676      9094.44     0.00        9094.44    
  27       2021067      1        2        150754       0.48   2        0        100068      75377.00    0.00        75377.00   
  28       2814103      1        2        97234        0.31   1        0        97234       97234.00    0.00        97234.00   
  29       2022080      1        1        136772       0.43   2        2        94608       68386.00    68386.00    0.00       
  30       2810949      1        2        279382       0.88   27       0        94554       10347.48    0.00        10347.48   
  31       2814570      1        4        171536       0.54   2        0        93756       85768.00    0.00        85768.00   
  32       2024848      1        2        152260       0.48   2        0        92922       76130.00    0.00        76130.00   
  33       2816669      1        4        152350       0.48   2        0        92578       76175.00    0.00        76175.00   
  34       2021418      1        9        155498       0.49   2        0        90792       77749.00    0.00        77749.00   
  35       2821471      1        2        169172       0.53   2        0        88438       84586.00    0.00        84586.00   
  36       2809363      1        3        162150       0.51   2        0        88094       81075.00    0.00        81075.00   
  37       2813068      1        3        88016        0.28   1        0        88016       88016.00    0.00        88016.00   
  38       2809280      1        2        87588        0.28   1        0        87588       87588.00    0.00        87588.00   
  39       2018153      1        4        201866       0.64   4        0        84876       50466.50    0.00        50466.50   
  40       2025142      1        2        157852       0.50   2        0        84754       78926.00    0.00        78926.00   
  41       2018386      1        2        84598        0.27   1        0        84598       84598.00    0.00        84598.00   
  42       2021413      1        2        143698       0.45   2        0        84340       71849.00    0.00        71849.00   
  43       2814116      1        2        82988        0.26   1        0        82988       82988.00    0.00        82988.00   
  44       2815568      1        2        139736       0.44   2        0        80284       69868.00    0.00        69868.00   
  45       2015877      1        6        127876       0.40   2        0        78960       63938.00    0.00        63938.00   
  46       2805001      1        2        77096        0.24   1        0        77096       77096.00    0.00        77096.00   
  47       2807970      1        8        143320       0.45   2        0        76370       71660.00    0.00        71660.00   
  48       2810913      1        2        74880        0.24   1        0        74880       74880.00    0.00        74880.00   
  49       2020747      1        8        128002       0.40   2        0        74866       64001.00    0.00        64001.00   
  50       2828701      1        2        74002        0.23   1        0        74002       74002.00    0.00        74002.00   
  51       2809816      1        2        133390       0.42   3        0        72702       44463.33    0.00        44463.33   
  52       2816525      1        10       118334       0.37   2        0        72530       59167.00    0.00        59167.00   
  53       2814049      1        2        71170        0.22   1        0        71170       71170.00    0.00        71170.00   
  54       2020295      1        6        178504       0.56   3        0        70900       59501.33    0.00        59501.33   
  55       2811279      1        7        121786       0.38   2        0        70418       60893.00    0.00        60893.00   
  56       2814316      1        2        70220        0.22   1        0        70220       70220.00    0.00        70220.00   
  57       2814193      1        3        211610       0.67   27       0        70162       7837.41     0.00        7837.41    
  58       2811447      1        2        220552       0.70   4        0        70140       55138.00    0.00        55138.00   
  59       2811711      1        2        109750       0.35   2        0        69974       54875.00    0.00        54875.00   
  60       2816165      1        5        264628       0.83   5        0        69412       52925.60    0.00        52925.60   
  61       2816365      1        3        69382        0.22   1        0        69382       69382.00    0.00        69382.00   
  62       2812624      1        2        162076       0.51   3        0        69350       54025.33    0.00        54025.33   
  63       2807793      1        4        123952       0.39   2        0        69286       61976.00    0.00        61976.00   
  64       2828190      1        2        106204       0.33   2        0        68824       53102.00    0.00        53102.00   
  65       2809289      1        4        68708        0.22   1        0        68708       68708.00    0.00        68708.00   
  66       2823676      1        2        68666        0.22   1        0        68666       68666.00    0.00        68666.00   
  67       2820002      1        2        68324        0.22   1        0        68324       68324.00    0.00        68324.00   
  68       2816931      1        3        114232       0.36   2        0        68042       57116.00    0.00        57116.00   
  69       2017261      1        3        115172       0.36   2        0        68016       57586.00    0.00        57586.00   
  70       2025064      1        5        118272       0.37   2        0        67796       59136.00    0.00        59136.00   
  71       2820319      1        2        67590        0.21   1        0        67590       67590.00    0.00        67590.00   
  72       2828844      1        2        237534       0.75   27       0        67524       8797.56     0.00        8797.56    
  73       2820309      1        2        107292       0.34   2        0        66438       53646.00    0.00        53646.00   
  74       2828060      1        4        114072       0.36   2        0        66238       57036.00    0.00        57036.00   
  75       2827882      1        2        66224        0.21   1        0        66224       66224.00    0.00        66224.00   
  76       2820851      1        5        114364       0.36   2        0        65848       57182.00    0.00        57182.00   
  77       2020181      1        8        111790       0.35   2        0        65774       55895.00    0.00        55895.00   
  78       2830286      1        2        65622        0.21   1        0        65622       65622.00    0.00        65622.00   
  79       2821148      1        4        113022       0.36   2        0        65450       56511.00    0.00        56511.00   
  80       2828845      1        1        204504       0.64   27       0        64858       7574.22     0.00        7574.22    
  81       2815817      1        5        113992       0.36   2        0        64618       56996.00    0.00        56996.00   
  82       2816922      1        5        118620       0.37   2        0        63114       59310.00    0.00        59310.00   
  83       2022132      1        1        175872       0.55   6        0        62902       29312.00    0.00        29312.00   
  84       2017948      1        2        249408       0.79   28       0        62882       8907.43     0.00        8907.43    
  85       2816925      1        3        107008       0.34   2        0        62080       53504.00    0.00        53504.00   
  86       2816899      1        2        96422        0.30   2        0        61144       48211.00    0.00        48211.00   
  87       2816327      1        4        114534       0.36   2        0        60566       57267.00    0.00        57267.00   
  88       2024771      1        1        71650        0.23   3        0        60492       23883.33    0.00        23883.33   
  89       2012810      1        10       120086       0.38   2        2        60084       60043.00    60043.00    0.00       
  90       2809405      1        2        200184       0.63   27       0        60034       7414.22     0.00        7414.22    
  91       2022694      1        2        59986        0.19   1        0        59986       59986.00    0.00        59986.00   
  92       2812433      1        2        106358       0.34   2        0        59900       53179.00    0.00        53179.00   
  93       2012707      1        5        210146       0.66   5        0        59898       42029.20    0.00        42029.20   
  94       2809017      1        3        59832        0.19   1        0        59832       59832.00    0.00        59832.00   
  95       2813098      1        2        59680        0.19   1        0        59680       59680.00    0.00        59680.00   
  96       2017552      1        6        1353666      4.27   42       0        59292       32230.14    0.00        32230.14   
  97       2807704      1        3        59086        0.19   1        0        59086       59086.00    0.00        59086.00   
  98       2023083      1        2        109892       0.35   2        0        58720       54946.00    0.00        54946.00   
  99       2809674      1        2        58566        0.18   1        0        58566       58566.00    0.00        58566.00   
  100      2812967      1        3        58408        0.18   1        0        58408       58408.00    0.00        58408.00   
  101      2816940      1        2        105790       0.33   2        0        58386       52895.00    0.00        52895.00   
  102      2020607      1        3        58218        0.18   1        0        58218       58218.00    0.00        58218.00   
  103      2808948      1        3        58140        0.18   1        0        58140       58140.00    0.00        58140.00   
  104      2821569      1        7        105470       0.33   2        0        58082       52735.00    0.00        52735.00   
  105      2816454      1        2        58050        0.18   1        0        58050       58050.00    0.00        58050.00   
  106      2816924      1        4        103318       0.33   2        0        57932       51659.00    0.00        51659.00   
  107      2809675      1        2        57704        0.18   1        0        57704       57704.00    0.00        57704.00   
  108      2024606      1        2        99794        0.31   2        0        57630       49897.00    0.00        49897.00   
  109      2809511      1        4        105840       0.33   2        0        57430       52920.00    0.00        52920.00   
  110      2016706      1        20       92678        0.29   2        0        55870       46339.00    0.00        46339.00   
  111      2020769      1        2        128244       0.40   3        0        55586       42748.00    0.00        42748.00   
  112      2020785      1        3        92926        0.29   2        0        55366       46463.00    0.00        46463.00   
  113      2018636      1        2        92052        0.29   2        0        55296       46026.00    0.00        46026.00   
  114      2019155      1        2        101924       0.32   2        0        54876       50962.00    0.00        50962.00   
  115      2823858      1        3        104740       0.33   2        0        54728       52370.00    0.00        52370.00   
  116      2020308      1        3        90908        0.29   2        0        54510       45454.00    0.00        45454.00   
  117      2807705      1        3        54458        0.17   1        0        54458       54458.00    0.00        54458.00   
  118      2828008      1        2        137006       0.43   5        0        54288       27401.20    0.00        27401.20   
  119      2014701      1        12       102016       0.32   4        0        53882       25504.00    0.00        25504.00   
  120      2830085      1        2        53618        0.17   1        0        53618       53618.00    0.00        53618.00   
  121      2816929      1        4        99566        0.31   2        0        53572       49783.00    0.00        49783.00   
  122      2014380      1        4        133166       0.42   7        0        53544       19023.71    0.00        19023.71   
  123      2009127      1        7        228802       0.72   27       0        53428       8474.15     0.00        8474.15    
  124      2016537      1        2        1229336      3.88   37       0        53410       33225.30    0.00        33225.30   
  125      2020767      1        2        1

This file has been truncated. Go here to download in full.


packet_stats.log - (15186 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           112          1573988      131737070      92077011         10.3b   87.13
 IPv4      17            19          5655300      134010930      66386268          1.3b   10.66
 IPv6      17             5          7326780       70714488      52314375        261.6m    2.21
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           112           116696       37269168       1051551        117.8m   88.56
TMM_FLOWWORKER              IPv4      17            19           281030        1373856        592989         11.3m    8.47
TMM_RECEIVEPCAPFILE         IPv4       6           111             4444          10876          5110        567.2k    0.43
TMM_RECEIVEPCAPFILE         IPv4      17            19             4566          12468          5417        102.9k    0.08
TMM_DECODEPCAPFILE          IPv4       6           111             4560          16162          5039        559.4k    0.42
TMM_DECODEPCAPFILE          IPv4      17            19             4628          35102          6473        123.0k    0.09
TMM_FLOWWORKER              IPv6      17             5           327340        1043780        504168          2.5m    1.90
TMM_RECEIVEPCAPFILE         IPv6      17             5             4814           6420          5272         26.4k    0.02
TMM_DECODEPCAPFILE          IPv6      17             5             4628          19024          8017         40.1k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           111             4774          20864          5623        624.2k  0.51  
flow                    IPv4      17            19             5112          41010         10520        199.9k  0.16  
stream                  IPv4       6           112             4906         490482         28267          3.2m  2.57  
app-layer               IPv4      17            19             4458          60466         16628        315.9k  0.26  
detect                  IPv4       6           112            77728       35018696        949699        106.4m  86.24 
detect                  IPv4      17            19           252456        1130264        506752          9.6m  7.81  
tcp-prune               IPv4       6           112             4456          26634          5528        619.2k  0.50  
flow                    IPv6      17             5             4848           6244          5413         27.1k  0.02  
app-layer               IPv6      17             5             4520          19942          9581         47.9k  0.04  
detect                  IPv6      17             5           298468         997630        469782          2.3m  1.90  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6             7496          41092         21388        128.3k  70.66 
dns                     IPv4      17             4             6886          13804          9532         38.1k  20.99 
http                    IPv6      17             1            15166          15166         15166         15.2k  8.35  
Proto detect            IPv4      17             9             4698          39648         16602        149.4k
Proto detect            IPv6      17             2             4908          10042          7475         14.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            43854          52296         48842        146.5k  3.25  
LOGGER_ALERT_FAST           IPv4      17             1           149620         149620        149620        149.6k  3.32  
LOGGER_UNIFIED2             IPv4       6             3            39954          44448         41806        125.4k  2.79  
LOGGER_UNIFIED2             IPv4      17             1           153532         153532        153532        153.5k  3.41  
LOGGER_JSON_ALERT           IPv4       6             3            61208          84718         69927        209.8k  4.66  
LOGGER_JSON_ALERT           IPv4      17             1           132884         132884        132884        132.9k  2.95  
LOGGER_JSON_DNS             IPv4      17             4            42738          78962         60815        243.3k  5.40  
LOGGER_JSON_HTTP            IPv4       6             5            59220         173704         96141        480.7k  10.68 
LOGGER_JSON_FILE            IPv4       6             8            58940        2045426        357635          2.9m  63.54 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            55             4540         801940        117395         6.5m  34.25 
payload                           IPv4      17            19             9524         350006        101309         1.9m  10.21 
stream                            IPv4       6            55             4452        1334402        120483         6.6m  35.15 
http_uri                          IPv4       6             5            22214          39844         32544       162.7k  0.86  
http_request_line                 IPv4       6             5             7808          56178         18924        94.6k  0.50  
http_client_body                  IPv4       6            31             4504         682218         35035         1.1m  5.76  
http_header (request)             IPv4       6             5            78676         164652        120412       602.1k  3.19  
http_header (request trailer)     IPv4       6             5             4516           4574          4549        22.7k  0.12  
http_header_names (request)       IPv4       6             5            19994          36856         27618       138.1k  0.73  
http_accept (request)             IPv4       6             5             6400          17372          9555        47.8k  0.25  
http_referer (request)            IPv4       6             5             4748           5404          5024        25.1k  0.13  
http_content_len (request)        IPv4       6             5             4888          13308          7824        39.1k  0.21  
http_content_type (request)       IPv4       6             5             4852          31212         12558        62.8k  0.33  
http_protocol (request)           IPv4       6             5             6478          16112          9291        46.5k  0.25  
http_start (request)              IPv4       6             5            12374          61872         23606       118.0k  0.63  
http_raw_header (request)         IPv4       6            31             6410          27572          9550       296.1k  1.57  
http_method                       IPv4       6             5             8174          26908         13889        69.4k  0.37  
http_cookie (request)             IPv4       6             5             4940          14178          6968        34.8k  0.18  
http_raw_uri                      IPv4       6             5             5878           8366          7298        36.5k  0.19  
http_user_agent                   IPv4       6             5            10346          68698         31287       156.4k  0.83  
http_host                         IPv4       6             5             6992          21522         12491        62.5k  0.33  
dns_query                         IPv4      17             2            11954          13456         12705        25.4k  0.13  
http_response_line                IPv4       6             5             9604          20166         12888        64.4k  0.34  
http_header (response)            IPv4       6             5            31408          71848         46249       231.2k  1.23  
http_header (response trailer)    IPv4       6             5             4492           6784          4971        24.9k  0.13  
http_content_type (response)      IPv4       6             5             9410          14482         11299        56.5k  0.30  
http_raw_header (response)        IPv4       6             7             7524          13546         11460        80.2k  0.43  
http_cookie (response)            IPv4       6             5             5070           7504          5642        28.2k  0.15  
http_stat_code                    IPv4       6             5             5480           6962          6070        30.4k  0.16  
file_data (http response)         IPv4       6             2             5512           7908          6710        13.4k  0.07  
Total                             IPv4                   312                                         59821        18.7m
payload                           IPv6      17             5            16104         117742         37962       189.8k  1.01  
Total                             IPv6                     5                                         37962       189.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            10            17536         142216         76443        764.4k  0.45  
PROF_DETECT_IPONLY          IPv4      17             9            15664         360428        108202        973.8k  0.58  
PROF_DETECT_RULES           IPv4       6           112             4448        6841090        295334         33.1m  19.61 
PROF_DETECT_RULES           IPv4      17            19           129866         471742        217348          4.1m  2.45  
PROF_DETECT_STATEFUL_START    IPv4       6            47             8934        3393936        259809         12.2m  7.24  
PROF_DETECT_STATEFUL_CONT    IPv4       6           112             4414         793142         44936          5.0m  2.98  
PROF_DETECT_STATEFUL_CONT    IPv4      17            19             4404          17888          6327        120.2k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            89             4476           6126          4730        421.1k  0.25  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             4720           5052          4879         19.5k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           112            13578       30821046        460613         51.6m  30.58 
PROF_DETECT_PREFILTER       IPv4      17            19            52470         398822        150544          2.9m  1.70  
PROF_DETECT_PF_PAYLOAD      IPv4       6            55            31960        1484354        252360         13.9m  8.23  
PROF_DETECT_PF_PAYLOAD      IPv4      17            19            18468         359146        110442          2.1m  1.24  
PROF_DETECT_PF_TX           IPv4       6            89             4458       29601534        381460         34.0m  20.12 
PROF_DETECT_PF_TX           IPv4      17             2            22880          23464         23172         46.3k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6            51             4554          21446          6459        329.5k  0.20  
PROF_DETECT_PF_SORT1        IPv4      17            19             5072          12158          6030        114.6k  0.07  
PROF_DETECT_PF_SORT2        IPv4       6           112             4416         541962         11673          1.3m  0.77  
PROF_DETECT_PF_SORT2        IPv4      17            19             4494          29222          7865        149.4k  0.09  
PROF_DETECT_NONMPMLIST      IPv4       6           112             4438          27332          5337        597.8k  0.35  
PROF_DETECT_NONMPMLIST      IPv4      17            19             4640          12818          6226        118.3k  0.07  
PROF_DETECT_ALERT           IPv4       6           112             4414           7426          4781        535.5k  0.32  
PROF_DETECT_ALERT           IPv4      17            19             4438          17598          5710        108.5k  0.06  
PROF_DETECT_CLEANUP         IPv4       6           112             4470          24458          5105        571.8k  0.34  
PROF_DETECT_CLEANUP         IPv4      17            19             4430          24356          6006        114.1k  0.07  
PROF_DETECT_GETSGH          IPv4       6           112             4428         202770          8568        959.7k  0.57  
PROF_DETECT_GETSGH          IPv4      17            19             4494         121030         16400        311.6k  0.18  
PROF_DETECT_IPONLY          IPv6      17             2            24614          28912         26763         53.5k  0.03  
PROF_DETECT_RULES           IPv6      17             5           156428         706630        283758          1.4m  0.84  
PROF_DETECT_STATEFUL_CONT    IPv6      17             5             4678          18776          7511         37.6k  0.02  
PROF_DETECT_PREFILTER       IPv6      17             5            52626         172844         78458        392.3k  0.23  
PROF_DETECT_PF_PAYLOAD      IPv6      17             5            25056         127242         47063        235.3k  0.14  
PROF_DETECT_PF_SORT1        IPv6      17             5             4920           6242          5454         27.3k  0.02  
PROF_DETECT_PF_SORT2        IPv6      17             5             4468          21222          7862         39.3k  0.02  
PROF_DETECT_NONMPMLIST      IPv6      17             5             4412           5060          4715         23.6k  0.01  
PROF_DETECT_ALERT           IPv6      17             5             4444           4830          4655         23.3k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             5             4466           6632          4963         24.8k  0.01  
PROF_DETECT_GETSGH          IPv6      17             5             4436          27244         10238         51.2k  0.03  


unified2.alert.1568629048 - (1765 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
4]fœ
}¶‹À¨ðWø5b]fœ
]fœ
}F^
'G{ñE8­€qøÀ¨ðWø5$ç©Sredl1netk4]fœ	âضŠ
À¨ðWWb˜À|PG]fœ	]fœ	âØ+EtÀ¨ðWWb˜À|PPÚ÷GET /list.php HTTP/1.1
Host: redl1ne.tk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36

4]fœ
æˆÚÂ!À¨ðWE҂À}PD]fœ
]fœ
æˆ(E0™À¨ðWE҂À}PPŸÃGET /json/ HTTP/1.1
Host: ip-api.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36

4]fœõ‡¶Š
À¨ðWWb˜À~Pp]fœ]fœõ‡TEFKÀ¨ðWWb˜À~PPPOST /post.php HTTP/1.0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------082819172311811
Content-Length: 23872
Host: redl1ne.tk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)

p]fœ]fœõ‡TEFKÀ¨ðWWb˜À~PPPOST /post.php HTTP/1.0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------082819172311811
Content-Length: 23872
Host: redl1ne.tk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)


stats.log - (2984 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 9/16/2019 -- 10:17:29 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 148
decoder.bytes                              | Total                     | 74395
decoder.ipv4                               | Total                     | 130
decoder.ipv6                               | Total                     | 5
decoder.ethernet                           | Total                     | 148
decoder.tcp                                | Total                     | 111
decoder.udp                                | Total                     | 24
decoder.avg_pkt_size                       | Total                     | 502
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 9
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 5
tcp.overlap                                | Total                     | 12
detect.alert                               | Total                     | 4
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 9
app_layer.flow.http                        | Total                     | 5
app_layer.tx.http                          | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075744


eve.json - (9534 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
{"timestamp":"2019-08-28T15:21:32.920653+0000","flow_id":1853177925993884,"pcap_cnt":18,"event_type":"fileinfo","src_ip":"192.168.240.87","src_port":49274,"dest_ip":"192.168.240.60","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:32.920831+0000","flow_id":1853177925993884,"pcap_cnt":20,"event_type":"http","src_ip":"192.168.240.87","src_port":49274,"dest_ip":"192.168.240.60","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-08-28T15:21:32.921664+0000","flow_id":1853177925993884,"pcap_cnt":22,"event_type":"fileinfo","src_ip":"192.168.240.60","src_port":5357,"dest_ip":"192.168.240.87","dest_port":49274,"proto":"TCP","http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:38.804344+0000","flow_id":100264333950974,"pcap_cnt":40,"event_type":"fileinfo","src_ip":"192.168.240.87","src_port":49275,"dest_ip":"192.168.240.60","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:38.804507+0000","flow_id":100264333950974,"pcap_cnt":42,"event_type":"http","src_ip":"192.168.240.87","src_port":49275,"dest_ip":"192.168.240.60","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-08-28T15:21:38.805158+0000","flow_id":100264333950974,"pcap_cnt":44,"event_type":"fileinfo","src_ip":"192.168.240.60","src_port":5357,"dest_ip":"192.168.240.87","dest_port":49275,"proto":"TCP","http":{"hostname":"192.168.240.60","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:46.528509+0000","flow_id":204395816554621,"pcap_cnt":48,"event_type":"alert","src_ip":"192.168.240.87","src_port":63515,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2012811,"rev":2,"signature":"ET DNS Query to a .tk domain - Likely Hostile","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2019-08-28T15:21:46.528509+0000","flow_id":204395816554621,"pcap_cnt":48,"event_type":"dns","src_ip":"192.168.240.87","src_port":63515,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43347,"rrname":"redl1ne.tk","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-28T15:21:44.980523+0000","flow_id":204395816554621,"pcap_cnt":49,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.87","dest_port":63515,"proto":"UDP","dns":{"type":"answer","id":43347,"rcode":"NOERROR","rrname":"redl1ne.tk","rrtype":"A","ttl":3599,"rdata":"87.98.152.5"}}
{"timestamp":"2019-08-28T15:21:45.320216+0000","flow_id":2059405076480511,"pcap_cnt":56,"event_type":"alert","src_ip":"192.168.240.87","src_port":49276,"dest_ip":"87.98.152.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-08-28T15:21:45.470453+0000","flow_id":2059405076480511,"pcap_cnt":57,"event_type":"http","src_ip":"192.168.240.87","src_port":49276,"dest_ip":"87.98.152.5","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"redl1ne.tk","url":"\/list.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.119 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-08-28T15:21:45.470453+0000","flow_id":2059405076480511,"pcap_cnt":57,"event_type":"fileinfo","src_ip":"87.98.152.5","src_port":80,"dest_ip":"192.168.240.87","dest_port":49276,"proto":"TCP","http":{"hostname":"redl1ne.tk","url":"\/list.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.119 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":210},"app_proto":"http","fileinfo":{"filename":"\/list.php","gaps":false,"state":"CLOSED","stored":false,"size":201,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:47.390328+0000","flow_id":380038504248504,"pcap_cnt":59,"event_type":"dns","src_ip":"192.168.240.87","src_port":56373,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20325,"rrname":"ip-api.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-28T15:21:47.430086+0000","flow_id":380038504248504,"pcap_cnt":60,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.87","dest_port":56373,"proto":"UDP","dns":{"type":"answer","id":20325,"rcode":"NOERROR","rrname":"ip-api.com","rrtype":"A","ttl":99,"rdata":"69.195.146.130"}}
{"timestamp":"2019-08-28T15:21:49.321160+0000","flow_id":1752211835818420,"pcap_cnt":67,"event_type":"alert","src_ip":"192.168.240.87","src_port":49277,"dest_ip":"69.195.146.130","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022082,"rev":3,"signature":"ET POLICY External IP Lookup ip-api.com","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-28T15:21:47.519058+0000","flow_id":1752211835818420,"pcap_cnt":68,"event_type":"http","src_ip":"192.168.240.87","src_port":49277,"dest_ip":"69.195.146.130","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.119 Safari\/537.36","http_content_type":"application\/json"}}
{"timestamp":"2019-08-28T15:21:47.519058+0000","flow_id":1752211835818420,"pcap_cnt":68,"event_type":"fileinfo","src_ip":"69.195.146.130","src_port":80,"dest_ip":"192.168.240.87","dest_port":49277,"proto":"TCP","http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.119 Safari\/537.36","http_content_type":"application\/json","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":307},"app_proto":"http","fileinfo":{"filename":"\/json\/","gaps":false,"state":"CLOSED","stored":false,"size":307,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:48.128391+0000","flow_id":110769824568355,"pcap_cnt":76,"event_type":"alert","src_ip":"192.168.240.87","src_port":49278,"dest_ip":"87.98.152.5","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012810,"rev":10,"signature":"ET POLICY HTTP Request to a *.tk domain","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-08-28T15:21:48.930508+0000","flow_id":110769824568355,"pcap_cnt":118,"event_type":"fileinfo","src_ip":"192.168.240.87","src_port":49278,"dest_ip":"87.98.152.5","dest_port":80,"proto":"TCP","http":{"hostname":"redl1ne.tk","url":"\/post.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"1-6F178BF1555024407BFBBGE458OPQZ.zip","gaps":false,"state":"CLOSED","stored":false,"size":22619,"tx_id":0}}
{"timestamp":"2019-08-28T15:21:49.635620+0000","flow_id":110769824568355,"pcap_cnt":135,"event_type":"http","src_ip":"192.168.240.87","src_port":49278,"dest_ip":"87.98.152.5","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"redl1ne.tk","url":"\/post.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html"}}
{"timestamp":"2019-08-28T15:21:49.635620+0000","flow_id":110769824568355,"pcap_cnt":135,"event_type":"fileinfo","src_ip":"87.98.152.5","src_port":80,"dest_ip":"192.168.240.87","dest_port":49278,"proto":"TCP","http":{"hostname":"redl1ne.tk","url":"\/post.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":174},"app_proto":"http","fileinfo":{"filename":"\/post.php","gaps":false,"state":"CLOSED","stored":false,"size":174,"tx_id":0}}


keyword_perf.log - (13839 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:17:29
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            23582           2               2               19030           11791.00        11791.00        0.00           
  flow             2163566         362             362             38676           5976.00         5976.00         0.00           
  content          6823986         685             358             424174          9962.00         7963.00         12149.00       
  pcre             971544          56              20              71062           17349.00        13758.00        19343.00       
  byte_test        110358          18              8               19494           6131.00         7291.00         5202.00        
  byte_jump        260736          45              0               22140           5794.00         0.00            5794.00        
  isdataat         9556            2               0               4930            4778.00         0.00            4778.00        
  flowbits         78112           10              2               30426           7811.00         17657.00        5349.00        
  urilen           277874          46              9               27760           6040.00         5646.00         6136.00        
  byte_extract     19256           2               2               13576           9628.00         9628.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            23582           2               2               19030           11791.00        11791.00        0.00           
  flow             2163566         362             362             38676           5976.00         5976.00         0.00           
  flowbits         42798           8               0               7384            5349.00         0.00            5349.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1232098         154             81              35354           8000.00         8943.00         6954.00        
  pcre             47952           4               0               17896           11988.00        0.00            11988.00       
  byte_test        110358          18              8               19494           6131.00         7291.00         5202.00        
  byte_jump        260736          45              0               22140           5794.00         0.00            5794.00        
  isdataat         9556            2               0               4930            4778.00         0.00            4778.00        
  byte_extract     19256           2               2               13576           9628.00         9628.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         35314           2               2               30426           17657.00        17657.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          769994          123             49              27632           6260.00         6509.00         6094.00        
  pcre             390350          22              16              71062           17743.00        14322.00        26865.00       
  urilen           277874          46              9               27760           6040.00         5646.00         6136.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1937380         56              10              205028          34596.00        22426.00        37241.00       
  pcre             69116           1               0               69116           69116.00        0.00            69116.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26228           5               0               5478            5245.00         0.00            5245.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2102440         232             146             424174          9062.00         7744.00         11298.00       
  pcre             392528          25              4               33990           15701.00        11502.00        16500.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          153622          20              9               21278           7681.00         7750.00         7624.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10284           2               0               5400            5142.00         0.00            5142.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22902           4               4               5856            5725.00         5725.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5810            1               1               5810            5810.00         5810.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          295806          45              30              37720           6573.00         5964.00         7791.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          203986          32              21              11116           6374.00         6349.00         6422.00        
  pcre             71598           4               0               31870           17899.00        0.00            17899.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          41956           7               7               7018            5993.00         5993.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21480           4               0               5778            5370.00         0.00            5370.00        


suricata-4.0.0-etpro-all-alert-2019-09-16-T-10-17-29-09162019.1017-network_3.pcap.txt - (793 bytes) - download
1
2
3
4
08/28/2019-15:21:46.528509  [**] [1:2012811:2] ET DNS Query to a .tk domain - Likely Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.240.87:63515 -> 8.8.8.8:53
08/28/2019-15:21:45.320216  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.87:49276 -> 87.98.152.5:80
08/28/2019-15:21:49.321160  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.87:49277 -> 69.195.146.130:80
08/28/2019-15:21:48.128391  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.87:49278 -> 87.98.152.5:80


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2019-09-16 10:17:03,191 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-16 10:17:03,995 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-16 10:17:03,995 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-16 10:17:03,996 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-16 10:17:03,996 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-16 10:17:03,996 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/28294af3a6b9b758165f672ad245ad7856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1017-network_3.pcap -vvv -k none
2019-09-16 10:17:29,445 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-16 10:17:29,446 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.2629680634