Filename: 1d849464-445b-41ec-825b-53d396ee7beb (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.7512140274 seconds
Hash: 2a6409019480c7ac57d9812c76895551
Uploaded: 1561022576

Logfiles


packet_stats.log - (19305 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             2         74792458       75062211      74927334        149.9m    0.00
 IPv4       6          9495          3975845     1056440265     844607663       8019.5b   98.35
 IPv4      17           120          4145479      983651091     347475558         41.7b    0.51
 IPv6      17            82          4379417      983322054     786555647         64.5b    0.79
 IPv6      58            31         74935114      979086509     917409816         28.4b    0.35
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             2            92362         127446        109904        219.8k    0.01
TMM_FLOWWORKER              IPv4       6          9495            66114       12523504        141653          1.3b   89.62
TMM_FLOWWORKER              IPv4      17           120           119925       23792300        612777         73.5m    4.90
TMM_RECEIVEPCAPFILE         IPv4       2             2             2547           2783          2665          5.3k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          9456             2531       10527146          3964         37.5m    2.50
TMM_RECEIVEPCAPFILE         IPv4      17           120             2538          10970          2809        337.2k    0.02
TMM_DECODEPCAPFILE          IPv4       2             2             2792           3304          3048          6.1k    0.00
TMM_DECODEPCAPFILE          IPv4       6          9456             2643          69213          2883         27.3m    1.82
TMM_DECODEPCAPFILE          IPv4      17           120             2666          28303          3199        384.0k    0.03
TMM_FLOWWORKER              IPv6      17            82           103192         386646        162150         13.3m    0.89
TMM_FLOWWORKER              IPv6      58            31            65799         147097         80115          2.5m    0.17
TMM_RECEIVEPCAPFILE         IPv6      17            82             2544           3575          2641        216.6k    0.01
TMM_RECEIVEPCAPFILE         IPv6      58            31             2545           3507          2638         81.8k    0.01
TMM_DECODEPCAPFILE          IPv6      17            82             2685          33185          3455        283.3k    0.02
TMM_DECODEPCAPFILE          IPv6      58            31             2711          10569          3422        106.1k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          9456             2806        6774418          3985         37.7m  3.02  
flow                    IPv4      17           120             2708          42859          4583        550.0k  0.04  
stream                  IPv4       6          9495             2593        7187802          7718         73.3m  5.88  
app-layer               IPv4      17           120             2514          46565         10060          1.2m  0.10  
detect                  IPv4       2             2            86689         121871        104280        208.6k  0.02  
detect                  IPv4       6          9495            44461       12486794        110442          1.0b  84.08 
detect                  IPv4      17           120           102898        6209131        361950         43.4m  3.48  
tcp-prune               IPv4       6          9495             2534         115473          2908         27.6m  2.21  
flow                    IPv6      17            82             2815          22061          4525        371.1k  0.03  
flow                    IPv6      58            31             2820          20487          4099        127.1k  0.01  
app-layer               IPv6      17            82             2518          22366          5102        418.4k  0.03  
detect                  IPv6      17            82            87198         362384        140818         11.5m  0.93  
detect                  IPv6      58            31            55106         130728         67219          2.1m  0.17  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             5             3078          70216         30435        152.2k  14.31 
tls                     IPv4       6            56             2600           4002          2985        167.2k  15.72 
tls                     IPv4      17             3             2827           4896          3516         10.6k  0.99  
dns                     IPv4      17            46             3887          40945          7807        359.1k  33.77 
http                    IPv6      17             5            70216          70216         70216        351.1k  33.01 
tls                     IPv6      17             7             2827           3881          3347         23.4k  2.20  
Proto detect            IPv4       6             5             2967          10232          5692         28.5k
Proto detect            IPv4      17            58             2791          30947          7634        442.8k
Proto detect            IPv6      17            23             2747          16258          4439        102.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            46            30492       23204999        581117         26.7m  91.81 
LOGGER_JSON_HTTP            IPv4       6             3           137363         238521        173367        520.1k  1.79  
LOGGER_JSON_TLS             IPv4       6            30             2817         105562         44326          1.3m  4.57  
LOGGER_JSON_FILE            IPv4       6             3           146633         197813        178473        535.4k  1.84  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1025             2562        6058868         35167        36.0m  17.94 
payload                           IPv4      17           120             3326         134317         22481         2.7m  1.34  
stream                            IPv4       6          1025             2534        6028832         50934        52.2m  25.99 
http_uri                          IPv4       6             3             9409          84012         48387       145.2k  0.07  
http_request_line                 IPv4       6             3             8413          13240         10277        30.8k  0.02  
http_client_body                  IPv4       6             3             3567           4041          3826        11.5k  0.01  
http_header (request)             IPv4       6             3            89197         105351         96349       289.0k  0.14  
http_header (request trailer)     IPv4       6             3             2608           2639          2619         7.9k  0.00  
http_header_names (request)       IPv4       6             3            13684          98584         42449       127.3k  0.06  
http_accept (request)             IPv4       6             3             3892          15359          8014        24.0k  0.01  
http_referer (request)            IPv4       6             3             3284           3553          3405        10.2k  0.01  
http_content_len (request)        IPv4       6             3             3304           3536          3409        10.2k  0.01  
http_content_type (request)       IPv4       6             3             3393           3529          3445        10.3k  0.01  
http_protocol (request)           IPv4       6             3             5458           6334          5837        17.5k  0.01  
http_start (request)              IPv4       6             3            14284          19124         16548        49.6k  0.02  
http_raw_header (request)         IPv4       6             3            16155          18489         17160        51.5k  0.03  
http_method                       IPv4       6             3             5935           6761          6243        18.7k  0.01  
http_cookie (request)             IPv4       6             3             3658           3995          3783        11.4k  0.01  
http_raw_uri                      IPv4       6             3             6034           9767          7790        23.4k  0.01  
http_user_agent                   IPv4       6             3            37457          51898         42745       128.2k  0.06  
http_host                         IPv4       6             3             6983           8429          7851        23.6k  0.01  
dns_query                         IPv4      17            23             5076          16966         11207       257.8k  0.13  
tls_sni                           IPv4       6            46             2570          11678          6168       283.7k  0.14  
http_response_line                IPv4       6             3             9567          11873         10357        31.1k  0.02  
http_header (response)            IPv4       6             3            48939          83312         61273       183.8k  0.09  
http_header (response trailer)    IPv4       6             3             2632           4060          3151         9.5k  0.00  
http_content_type (response)      IPv4       6             3             7644          11589          9659        29.0k  0.01  
http_raw_header (response)        IPv4       6           735             4920        5889772         13336         9.8m  4.88  
http_cookie (response)            IPv4       6             3             3345           4660          4020        12.1k  0.01  
http_stat_code                    IPv4       6             3             4141           4389          4300        12.9k  0.01  
tls_cert_issuer                   IPv4       6            29             2562           7137          2946        85.5k  0.04  
tls_cert_subject                  IPv4       6            29             2557           6622          3017        87.5k  0.04  
tls_cert_serial                   IPv4       6            29             2550           5255          2859        82.9k  0.04  
file_data (http response)         IPv4       6           732             2566        3317326        132806        97.2m  48.39 
Total                             IPv4                  3865                                         51755       200.0m
payload                           IPv6      17            82             3244          55575          9081       744.7k  0.37  
payload                           IPv6      58            31             2733          10756          4221       130.9k  0.07  
Total                             IPv6                   113                                          7748       875.6k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             2            37763          70170         53966        107.9k  0.01  
PROF_DETECT_IPONLY          IPv4       6            70             3461         106389         38857          2.7m  0.23  
PROF_DETECT_IPONLY          IPv4      17            59            37556        5839050        151591          8.9m  0.75  
PROF_DETECT_RULES           IPv4       2             2             2571           3154          2862          5.7k  0.00  
PROF_DETECT_RULES           IPv4       6          9495             2518       11913259         21567        204.8m  17.28 
PROF_DETECT_RULES           IPv4      17           120            44423        5783205        189130         22.7m  1.91  
PROF_DETECT_STATEFUL_START    IPv4       6           671             5099        2754471        115194         77.3m  6.52  
PROF_DETECT_STATEFUL_CONT    IPv4       2             2             2652           2684          2668          5.3k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          9495             2516          84278          6972         66.2m  5.59  
PROF_DETECT_STATEFUL_CONT    IPv4      17           120             2529          95084          5729        687.5k  0.06  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          9344             2541         131973          2809         26.2m  2.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            46             2599          23532          3362        154.7k  0.01  
PROF_DETECT_PREFILTER       IPv4       2             2             9163          10000          9581         19.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          9495             7769        6985570         38564        366.2m  30.89 
PROF_DETECT_PREFILTER       IPv4      17           120            24038         177022         50278          6.0m  0.51  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1025            13031        6071756         94403         96.8m  8.16  
PROF_DETECT_PF_PAYLOAD      IPv4      17           120             8427         139766         27746          3.3m  0.28  
PROF_DETECT_PF_TX           IPv4       6          9344             2569        6579494         15758        147.2m  12.42 
PROF_DETECT_PF_TX           IPv4      17            23            10383          23111         17031        391.7k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6           631             2531          33253          3557          2.2m  0.19  
PROF_DETECT_PF_SORT1        IPv4      17           120             2599           9808          3802        456.3k  0.04  
PROF_DETECT_PF_SORT2        IPv4       2             2             2777           2818          2797          5.6k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          9495             2507          67476          2790         26.5m  2.24  
PROF_DETECT_PF_SORT2        IPv4      17           120             2547          24357          3678        441.4k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       2             2             2783           2812          2797          5.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          9495             2531          68907          2964         28.1m  2.37  
PROF_DETECT_NONMPMLIST      IPv4      17           120             2520          27744          3292        395.1k  0.03  
PROF_DETECT_ALERT           IPv4       2             2             2529           2555          2542          5.1k  0.00  
PROF_DETECT_ALERT           IPv4       6          9495             2512          94363          2784         26.4m  2.23  
PROF_DETECT_ALERT           IPv4      17           120             2523          26925          3029        363.5k  0.03  
PROF_DETECT_CLEANUP         IPv4       2             2             2522           2525          2523          5.0k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          9495             2544          62129          2912         27.7m  2.33  
PROF_DETECT_CLEANUP         IPv4      17           120             2517          14874          3239        388.7k  0.03  
PROF_DETECT_GETSGH          IPv4 

This file has been truncated. Go here to download in full.


suricata-report-2019-06-20-T-09-23-20-06202019.0922-1d849464-445b-41ec-825b-53d396ee7beb_1.pcap.txt - (17823 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/2a6409019480c7ac57d9812c7689555156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06202019.0922-1d849464-445b-41ec-825b-53d396ee7beb_1.pcap -vvv -k none
elapsedtime:22.845721
stderr:
stdout:
20/6/2019 -- 09:22:57 - <Info> - Configuration node 'rule-files' redefined.
20/6/2019 -- 09:22:57 - <Notice> - This is Suricata version 4.0.0 RELEASE
20/6/2019 -- 09:22:57 - <Info> - CPUs/cores online: 1
20/6/2019 -- 09:22:57 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33419 and 'request-body-inspect-window' set to 16809 after randomization.
20/6/2019 -- 09:22:57 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31394 and 'response-body-inspect-window' set to 16381 after randomization.
20/6/2019 -- 09:22:57 - <Config> - DNS request flood protection level: 500
20/6/2019 -- 09:22:57 - <Config> - DNS per flow memcap (state-memcap): 524288
20/6/2019 -- 09:22:57 - <Config> - DNS global memcap: 16777216
20/6/2019 -- 09:22:57 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
20/6/2019 -- 09:22:57 - <Config> - preallocated 1000 hosts of size 136
20/6/2019 -- 09:22:57 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
20/6/2019 -- 09:22:57 - <Config> - using magic-file /usr/share/file/magic
20/6/2019 -- 09:22:57 - <Config> - Core dump size is unlimited.
20/6/2019 -- 09:22:57 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
20/6/2019 -- 09:22:57 - <Config> - preallocated 1000 defrag trackers of size 168
20/6/2019 -- 09:22:57 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
20/6/2019 -- 09:22:57 - <Config> - stream "prealloc-sessions": 2048 (per thread)
20/6/2019 -- 09:22:57 - <Config> - stream "memcap": 33554432
20/6/2019 -- 09:22:57 - <Config> - stream "midstream" session pickups: disabled
20/6/2019 -- 09:22:57 - <Config> - stream "async-oneside": disabled
20/6/2019 -- 09:22:57 - <Config> - stream "checksum-validation": disabled
20/6/2019 -- 09:22:57 - <Config> - stream."inline": disabled
20/6/2019 -- 09:22:57 - <Config> - stream "bypass": disabled
20/6/2019 -- 09:22:57 - <Config> - stream "max-synack-queued": 5
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly "memcap": 134217728
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly "depth": 0
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly "toserver-chunk-size": 2619
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly "toclient-chunk-size": 2453
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly.raw: enabled
20/6/2019 -- 09:22:57 - <Config> - stream.reassembly "segment-prealloc": 2048
20/6/2019 -- 09:22:57 - <Config> - Delayed detect disabled
20/6/2019 -- 09:22:57 - <Config> - pattern matchers: MPM: ac, SPM: bm
20/6/2019 -- 09:22:57 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
20/6/2019 -- 09:22:57 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
20/6/2019 -- 09:22:57 - <Config> - prefilter engines: MPM
20/6/2019 -- 09:22:57 - <Config> - IP reputation disabled
20/6/2019 -- 09:22:57 - <Perf> - Registered 148 keyword profiling counters.
20/6/2019 -- 09:22:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
20/6/2019 -- 09:22:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
20/6/2019 -- 09:22:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
20/6/2019 -- 09:23:02 - <Config> - No rules loaded from ET-icmp.rules.
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
20/6/2019 -- 09:23:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
20/6/2019 -- 09:23:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
20/6/2019 -- 09:23:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
20/6/2019 -- 09:23:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
20/6/2019 -- 09:23:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
20/6/2019 -- 09:23:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
20/6/2019 -- 09:23:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
20/6/2019 -- 09:23:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
20/6/2019 -- 09:23:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
20/6/2019 -- 09:23:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
20/6/2019 -- 09:23:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
20/6/2019 -- 09:23:09 - <Config> - No rules loaded from local.rules.
20/6/2019 -- 09:23:09 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
20/6/2019 -- 09:23:10 - <Info> - Threshold config parsed: 0 rule(s) found
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tcp-packet
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tcp-stream
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for udp-packet
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for other-ip
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_uri
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_request_line
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_client_body
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_response_line
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_header
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_header
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_header_names
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_header_names
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_accept
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_accept_enc
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_accept_lang
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_referer
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_connection
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_content_len
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_content_len
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_content_type
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_content_type
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_protocol
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_protocol
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_start
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_start
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_raw_header
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_raw_header
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_method
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_cookie
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_cookie
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_raw_uri
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_user_agent
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_host
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_raw_host
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_stat_msg
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_stat_code
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for dns_query
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tls_sni
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tls_cert_issuer
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tls_cert_subject
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for tls_cert_serial
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for dce_stub_data
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for dce_stub_data
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for ssh_protocol
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for ssh_protocol
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for ssh_software
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for ssh_software
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for file_data
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for file_data
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_request_line
20/6/2019 -- 09:23:10 - <Perf> - using shared mpm ctx' for http_response_line
20/6/2019 -- 09:23:10 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
20/6/2019 -- 09:23:10 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
20/6/2019 -- 09:23:10 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
20/6/2019 -- 09:23:10 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
20/6/2019 -- 09:23:10 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
20/6/2019 -- 09:23:10 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
20/6/2019 -- 09:23:10 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
20/6/2019 -- 09:23:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
20/6/2019 -- 09:23:16 - <Perf> - Unique rule groups: 104
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toserver TCP packet": 35
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toclient TCP packet": 17
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toserver TCP stream": 33
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toclient TCP stream": 19
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toserver UDP packet": 27
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "toclient UDP packet": 17
20/6/2019 -- 09:23:16 - <Perf> - Builtin MPM "other IP packet": 3
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_uri": 14
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_request_line": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_client_body": 6
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_response_line": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_header": 10
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_header": 6
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_header_names": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_accept": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_referer": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_content_len": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_content_type": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_content_type": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_protocol": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_start": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_method": 5
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_cookie": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_cookie": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver http_host": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver dns_query": 4
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver tls_sni": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toserver file_data": 1
20/6/2019 -- 09:23:16 - <Perf> - AppLayer MPM "toclient file_data": 7
20/6/2019 -- 09:23:18 - <Perf> - Registered 39590 rule profiling counters.
20/6/2019 -- 09:23:18 - <Info> - fast output device (regular) initialized: alert
20/6/2019 -- 09:23:18 - <Info> - eve-log output device (regular) initialized: eve.json
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'alert'
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'http'
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'dns'
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'tls'
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'files'
20/6/2019 -- 09:23:18 - <Config> - enabling 'eve-log' module 'ssh'
20/6/2019 -- 09:23:18 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
20/6/2019 -- 09:23:18 - <Info> - stats output device (regular) initialized: stats.log
20/6/2019 -- 09:23:18 - <Config> - AutoFP mode using "Hash" flow load balancer
20/6/2019 -- 09:23:18 - <Info> - reading pcap file /var/pcap/06202019.0922-1d849464-445b-41ec-825b-53d396ee7beb_1.pcap
20/6/2019 -- 09:23:18 - <Config> 

This file has been truncated. Go here to download in full.


stats.log - (2929 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 6/20/2019 -- 09:23:20 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 10268
decoder.bytes                              | Total                     | 7281248
decoder.ipv4                               | Total                     | 9578
decoder.ipv6                               | Total                     | 113
decoder.ethernet                           | Total                     | 10268
decoder.tcp                                | Total                     | 9456
decoder.udp                                | Total                     | 202
decoder.icmpv6                             | Total                     | 31
decoder.avg_pkt_size                       | Total                     | 709
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 35
flow.udp                                   | Total                     | 59
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 35
tcp.syn                                    | Total                     | 35
tcp.synack                                 | Total                     | 35
tcp.rst                                    | Total                     | 8
tcp.overlap                                | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 3
app_layer.tx.http                          | Total                     | 3
app_layer.flow.tls                         | Total                     | 28
app_layer.flow.dns_udp                     | Total                     | 23
app_layer.tx.dns_udp                       | Total                     | 23
app_layer.flow.failed_udp                  | Total                     | 36
flow_mgr.new_pruned                        | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7089280


eve.json - (29775 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{"timestamp":"2019-06-19T17:42:12.195954+0000","flow_id":281098965024114,"pcap_cnt":35,"event_type":"dns","src_ip":"192.168.100.238","src_port":64977,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55025,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:12.214664+0000","flow_id":281098965024114,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":64977,"proto":"UDP","dns":{"type":"answer","id":55025,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":36,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-06-19T17:42:12.214664+0000","flow_id":281098965024114,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":64977,"proto":"UDP","dns":{"type":"answer","id":55025,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":34,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-06-19T17:42:12.214664+0000","flow_id":281098965024114,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":64977,"proto":"UDP","dns":{"type":"answer","id":55025,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":35,"rdata":"204.79.197.200"}}
{"timestamp":"2019-06-19T17:42:12.214664+0000","flow_id":281098965024114,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":64977,"proto":"UDP","dns":{"type":"answer","id":55025,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":35,"rdata":"13.107.21.200"}}
{"timestamp":"2019-06-19T17:42:12.249462+0000","flow_id":228614464654966,"pcap_cnt":38,"event_type":"dns","src_ip":"192.168.100.238","src_port":50425,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42991,"rrname":"www.whiteelection.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:12.307284+0000","flow_id":228614464654966,"pcap_cnt":46,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":50425,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"www.whiteelection.com","rrtype":"CNAME","ttl":14399,"rdata":"whiteelection.com"}}
{"timestamp":"2019-06-19T17:42:12.307284+0000","flow_id":228614464654966,"pcap_cnt":46,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":50425,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"whiteelection.com","rrtype":"A","ttl":14399,"rdata":"91.216.163.90"}}
{"timestamp":"2019-06-19T17:42:12.483066+0000","flow_id":1899646653067272,"pcap_cnt":61,"event_type":"http","src_ip":"192.168.100.238","src_port":49214,"dest_ip":"204.79.197.200","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon"}}
{"timestamp":"2019-06-19T17:42:56.655427+0000","flow_id":337474708570179,"pcap_cnt":188,"event_type":"dns","src_ip":"192.168.100.238","src_port":62849,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37655,"rrname":"clientservices.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:56.655573+0000","flow_id":643671517036757,"pcap_cnt":189,"event_type":"dns","src_ip":"192.168.100.238","src_port":50030,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13644,"rrname":"www.google.com.ua","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:56.658992+0000","flow_id":623367059148336,"pcap_cnt":190,"event_type":"dns","src_ip":"192.168.100.238","src_port":60288,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11360,"rrname":"accounts.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:56.667639+0000","flow_id":337474708570179,"pcap_cnt":191,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":62849,"proto":"UDP","dns":{"type":"answer","id":37655,"rcode":"NOERROR","rrname":"clientservices.googleapis.com","rrtype":"A","ttl":1,"rdata":"172.217.18.163"}}
{"timestamp":"2019-06-19T17:42:56.671038+0000","flow_id":623367059148336,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":60288,"proto":"UDP","dns":{"type":"answer","id":11360,"rcode":"NOERROR","rrname":"accounts.google.com","rrtype":"A","ttl":296,"rdata":"172.217.22.13"}}
{"timestamp":"2019-06-19T17:42:56.677711+0000","flow_id":643671517036757,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":50030,"proto":"UDP","dns":{"type":"answer","id":13644,"rcode":"NOERROR","rrname":"www.google.com.ua","rrtype":"A","ttl":299,"rdata":"172.217.16.163"}}
{"timestamp":"2019-06-19T17:42:56.789747+0000","flow_id":1481325431235710,"pcap_cnt":212,"event_type":"tls","src_ip":"192.168.100.238","src_port":49903,"dest_ip":"172.217.18.163","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:56.790881+0000","flow_id":1985631901197733,"pcap_cnt":219,"event_type":"tls","src_ip":"192.168.100.238","src_port":49904,"dest_ip":"172.217.16.163","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:56.810681+0000","flow_id":528081758376,"pcap_cnt":224,"event_type":"tls","src_ip":"192.168.100.238","src_port":49905,"dest_ip":"172.217.22.13","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:57.584672+0000","flow_id":1617340603165664,"pcap_cnt":596,"event_type":"dns","src_ip":"192.168.100.238","src_port":58048,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25120,"rrname":"clients1.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:57.584907+0000","flow_id":1617340603165664,"pcap_cnt":597,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":58048,"proto":"UDP","dns":{"type":"answer","id":25120,"rcode":"NOERROR","rrname":"clients1.google.com","rrtype":"CNAME","ttl":200,"rdata":"clients.l.google.com"}}
{"timestamp":"2019-06-19T17:42:57.584907+0000","flow_id":1617340603165664,"pcap_cnt":597,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":58048,"proto":"UDP","dns":{"type":"answer","id":25120,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":200,"rdata":"172.217.18.174"}}
{"timestamp":"2019-06-19T17:42:57.682158+0000","flow_id":189448660840407,"pcap_cnt":608,"event_type":"tls","src_ip":"192.168.100.238","src_port":49918,"dest_ip":"172.217.18.174","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:57.734612+0000","flow_id":999857449940372,"pcap_cnt":618,"event_type":"dns","src_ip":"192.168.100.238","src_port":51116,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7486,"rrname":"ssl.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:57.734764+0000","flow_id":999857449940372,"pcap_cnt":619,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":51116,"proto":"UDP","dns":{"type":"answer","id":7486,"rcode":"NOERROR","rrname":"ssl.gstatic.com","rrtype":"A","ttl":37,"rdata":"216.58.207.35"}}
{"timestamp":"2019-06-19T17:42:57.797206+0000","flow_id":1465812009433295,"pcap_cnt":668,"event_type":"tls","src_ip":"192.168.100.238","src_port":49922,"dest_ip":"216.58.207.35","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:58.274027+0000","flow_id":265819621830251,"pcap_cnt":898,"event_type":"dns","src_ip":"192.168.100.238","src_port":59611,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10302,"rrname":"www.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:58.291665+0000","flow_id":265819621830251,"pcap_cnt":899,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":59611,"proto":"UDP","dns":{"type":"answer","id":10302,"rcode":"NOERROR","rrname":"www.gstatic.com","rrtype":"A","ttl":239,"rdata":"172.217.18.163"}}
{"timestamp":"2019-06-19T17:42:58.347598+0000","flow_id":1757326472279823,"pcap_cnt":907,"event_type":"tls","src_ip":"192.168.100.238","src_port":49932,"dest_ip":"172.217.18.163","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:58.463758+0000","flow_id":831017990624142,"pcap_cnt":1023,"event_type":"dns","src_ip":"192.168.100.238","src_port":53028,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51669,"rrname":"apis.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:58.464035+0000","flow_id":831017990624142,"pcap_cnt":1024,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53028,"proto":"UDP","dns":{"type":"answer","id":51669,"rcode":"NOERROR","rrname":"apis.google.com","rrtype":"CNAME","ttl":21438,"rdata":"plus.l.google.com"}}
{"timestamp":"2019-06-19T17:42:58.464035+0000","flow_id":831017990624142,"pcap_cnt":1024,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53028,"proto":"UDP","dns":{"type":"answer","id":51669,"rcode":"NOERROR","rrname":"plus.l.google.com","rrtype":"A","ttl":138,"rdata":"172.217.16.174"}}
{"timestamp":"2019-06-19T17:42:58.484898+0000","flow_id":1069167484757538,"pcap_cnt":1029,"event_type":"dns","src_ip":"192.168.100.238","src_port":63044,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56237,"rrname":"ogs.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:42:58.498404+0000","flow_id":1069167484757538,"pcap_cnt":1031,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":63044,"proto":"UDP","dns":{"type":"answer","id":56237,"rcode":"NOERROR","rrname":"ogs.google.com","rrtype":"CNAME","ttl":3599,"rdata":"www3.l.google.com"}}
{"timestamp":"2019-06-19T17:42:58.498404+0000","flow_id":1069167484757538,"pcap_cnt":1031,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":63044,"proto":"UDP","dns":{"type":"answer","id":56237,"rcode":"NOERROR","rrname":"www3.l.google.com","rrtype":"A","ttl":299,"rdata":"216.58.206.14"}}
{"timestamp":"2019-06-19T17:42:58.529003+0000","flow_id":1010322137814712,"pcap_cnt":1041,"event_type":"tls","src_ip":"192.168.100.238","src_port":49935,"dest_ip":"172.217.16.174","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:42:58.556985+0000","flow_id":940649178373444,"pcap_cnt":1049,"event_type":"tls","src_ip":"192.168.100.238","src_port":49937,"dest_ip":"216.58.206.14","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:43:00.983110+0000","flow_id":1036033959657542,"pcap_cnt":1176,"event_type":"dns","src_ip":"192.168.100.238","src_port":50270,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23437,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:43:00.983325+0000","flow_id":1036033959657542,"pcap_cnt":1177,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":50270,"proto":"UDP","dns":{"type":"answer","id":23437,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":129,"rdata":"216.58.205.228"}}
{"timestamp":"2019-06-19T17:43:01.056907+0000","flow_id":274108908831608,"pcap_cnt":1194,"event_type":"tls","src_ip":"192.168.100.238","src_port":49978,"dest_ip":"216.58.205.228","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:43:01.618347+0000","flow_id":1560404369436523,"pcap_cnt":1305,"event_type":"dns","src_ip":"192.168.100.238","src_port":55788,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38435,"rrname":"www.google.nl","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:43:01.618586+0000","flow_id":1560404369436523,"pcap_cnt":1306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":55788,"proto":"UDP","dns":{"type":"answer","id":38435,"rcode":"NOERROR","rrname":"www.google.nl","rrtype":"A","ttl":138,"rdata":"172.217.22.3"}}
{"timestamp":"2019-06-19T17:43:01.707255+0000","flow_id":354588006119994,"pcap_cnt":1316,"event_type":"tls","src_ip":"192.168.100.238","src_port":49989,"dest_ip":"172.217.22.3","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:43:02.098163+0000","flow_id":1606375551958899,"pcap_cnt":1392,"event_type":"dns","src_ip":"192.168.100.238","src_port":52245,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39690,"rrname":"fonts.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:43:02.098391+0000","flow_id":1606375551958899,"pcap_cnt":1393,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":52245,"proto":"UDP","dns":{"type":"answer","id":39690,"rcode":"NOERROR","rrname":"fonts.googleapis.com","rrtype":"CNAME","ttl":3304,"rdata":"googleadapis.l.google.com"}}
{"timestamp":"2019-06-19T17:43:02.098391+0000","flow_id":1606375551958899,"pcap_cnt":1393,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":52245,"proto":"UDP","dns":{"type":"answer","id":39690,"rcode":"NOERROR","rrname":"googleadapis.l.google.com","rrtype":"A","ttl":4,"rdata":"216.58.207.74"}}
{"timestamp":"2019-06-19T17:43:02.155711+0000","flow_id":418048295472394,"pcap_cnt":1409,"event_type":"tls","src_ip":"192.168.100.238","src_port":49994,"dest_ip":"216.58.207.74","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:43:02.231528+0000","flow_id":784638786570344,"pcap_cnt":1491,"event_type":"dns","src_ip":"192.168.100.238","src_port":53194,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35404,"rrname":"fonts.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:43:02.243916+0000","flow_id":784638786570344,"pcap_cnt":1492,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53194,"proto":"UDP","dns":{"type":"answer","id":35404,"rcode":"NOERROR","rrname":"fonts.gstatic.com","rrtype":"CNAME","ttl":163,"rdata":"gstaticadssl.l.google.com"}}
{"timestamp":"2019-06-19T17:43:02.243916+0000","flow_id":784638786570344,"pcap_cnt":1492,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53194,"proto":"UDP","dns":{"type":"answer","id":35404,"rcode":"NOERROR","rrname":"gstaticadssl.l.google.com","rrtype":"A","ttl":163,"rdata":"172.217.22.67"}}
{"timestamp":"2019-06-19T17:43:02.303261+0000","flow_id":2246731553487809,"pcap_cnt":1601,"event_type":"tls","src_ip":"192.168.100.238","src_port":49998,"dest_ip":"172.217.22.67","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-19T17:43:02.975846+0000","flow_id":1820524768846822,"pcap_cnt":1639,"event_type":"dns","src_ip":"192.168.100.238","src_port":53489,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2623,"rrname":"clients2.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-19T17:43:02.988563+0000","flow_id":1820524768846822,"pcap_cnt":1641,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53489,"proto":"UDP","dns":{"type":"answer","id":2623,"rcode":"NOERROR","rrname":"clients2.google.com","rrtype":"CNAME","ttl":267,"rdata":"clients.l.google.com"}}
{"timestamp":"2019-06-19T17:43:02.988563+0000","flow_id":1820524768846822,"pcap_cnt":1641,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.238","dest_port":53489,"proto":"UDP","dns":{"type":"answer","id":2623,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":267,"rdata":"

This file has been truncated. Go here to download in full.


keyword_perf.log - (13438 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/20/2019 -- 09:23:20
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             8222083         2679            2679            385503          3069.00         3069.00         0.00           
  content          53269444        3060            714             781561          17408.00        27434.00        14356.00       
  pcre             1532532         256             15              70996           5986.00         15075.00        5420.00        
  byte_test        1173020         351             184             38845           3341.00         3432.00         3242.00        
  byte_jump        104826          30              21              9246            3494.00         3328.00         3882.00        
  isdataat         66600           23              0               3477            2895.00         0.00            2895.00        
  flowbits         44846           5               5               25263           8969.00         8969.00         0.00           
  urilen           188072          50              17              29590           3761.00         3278.00         4010.00        
  byte_extract     99579           32              32              10191           3111.00         3111.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             8222083         2679            2679            385503          3069.00         3069.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2399211         652             294             32113           3679.00         4040.00         3383.00        
  pcre             332931          31              9               70996           10739.00        16663.00        8316.00        
  byte_test        1173020         351             184             38845           3341.00         3432.00         3242.00        
  byte_jump        104826          30              21              9246            3494.00         3328.00         3882.00        
  isdataat         66600           23              0               3477            2895.00         0.00            2895.00        
  byte_extract     99579           32              32              10191           3111.00         3111.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         44846           5               5               25263           8969.00         8969.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          120995          30              12              6567            4033.00         3716.00         4244.00        
  pcre             171211          15              0               20344           11414.00        0.00            11414.00       
  urilen           188072          50              17              29590           3761.00         3278.00         4010.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6400            2               0               3335            3200.00         0.00            3200.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          49984677        2192            277             781561          22803.00        64253.00        16807.00       
  pcre             789608          184             0               24897           4291.00         0.00            4291.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          508151          118             90              6397            4306.00         4352.00         4158.00        
  pcre             197724          20              4               23804           9886.00         13775.00        8913.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          62750           17              12              4730            3691.00         3767.00         3508.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3601            1               1               3601            3601.00         3601.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3118            1               1               3118            3118.00         3118.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7172            2               2               3688            3586.00         3586.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3282            1               1               3282            3282.00         3282.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4117            1               1               4117            4117.00         4117.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          155561          40              22              9657            3889.00         4344.00         3332.00        
  pcre             41058           6               2               10775           6843.00         10530.00        4999.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10409           3               1               3957            3469.00         3957.00         3226.00        


suricata-4.0.0-etpro-all-perf.txt-2019-06-20-T-09-23-20-06202019.0922-1d849464-445b-41ec-825b-53d396ee7beb_1.pcap.txt - (43734 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/20/2019 -- 09:23:20. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022552      1        2        13114895     8.11   91       0        11310440    144119.73   0.00        144119.73  
  2        2826281      1        2        5993239      3.71   23       0        5617625     260575.61   0.00        260575.61  
  3        2819664      1        2        9856576      6.10   57       0        841450      172922.39   0.00        172922.39  
  4        2020865      1        3        9600862      5.94   70       0        569048      137155.17   0.00        137155.17  
  5        2819930      1        2        9442228      5.84   57       0        527671      165653.12   0.00        165653.12  
  6        2820158      1        2        18251703     11.29  110      0        516757      165924.57   0.00        165924.57  
  7        2820157      1        2        17907688     11.07  110      0        483153      162797.16   0.00        162797.16  
  8        2815887      1        2        360734       0.22   1        0        360734      360734.00   0.00        360734.00  
  9        2023622      1        3        595998       0.37   138      0        184909      4318.83     0.00        4318.83    
  10       2021749      1        6        488453       0.30   4        0        168173      122113.25   0.00        122113.25  
  11       2814978      1        2        269266       0.17   2        0        140337      134633.00   0.00        134633.00  
  12       2814979      1        2        237135       0.15   2        0        124840      118567.50   0.00        118567.50  
  13       2018005      1        6        203964       0.13   2        0        112142      101982.00   0.00        101982.00  
  14       2805348      1        4        742450       0.46   15       0        97935       49496.67    0.00        49496.67   
  15       2018576      1        4        2932691      1.81   141      0        97651       20799.23    0.00        20799.23   
  16       2806802      1        2        4390941      2.72   217      0        94408       20234.75    0.00        20234.75   
  17       2024769      1        2        351031       0.22   4        0        90971       87757.75    0.00        87757.75   
  18       2809850      1        2        331479       0.20   9        0        90766       36831.00    0.00        36831.00   
  19       2816940      1        2        151811       0.09   3        0        89425       50603.67    0.00        50603.67   
  20       2016537      1        2        5440341      3.36   375      0        84281       14507.58    0.00        14507.58   
  21       2803760      1        3        503489       0.31   23       0        77756       21890.83    0.00        21890.83   
  22       2017669      1        5        2809600      1.74   141      0        77127       19926.24    0.00        19926.24   
  23       2822213      1        2        153539       0.09   2        0        77126       76769.50    0.00        76769.50   
  24       2014634      1        1        178754       0.11   4        0        75260       44688.50    0.00        44688.50   
  25       2022054      1        3        73543        0.05   1        0        73543       73543.00    0.00        73543.00   
  26       2816909      1        2        188321       0.12   3        0        73363       62773.67    0.00        62773.67   
  27       2024650      1        1        440135       0.27   123      0        73098       3578.33     0.00        3578.33    
  28       2017748      1        6        537904       0.33   176      0        69356       3056.27     0.00        3056.27    
  29       2816927      1        3        136377       0.08   3        0        69200       45459.00    0.00        45459.00   
  30       2025064      1        5        140826       0.09   3        0        68484       46942.00    0.00        46942.00   
  31       2023627      1        3        273425       0.17   74       0        66868       3694.93     0.00        3694.93    
  32       2009387      1        4        513232       0.32   129      0        64003       3978.54     0.00        3978.54    
  33       2018575      1        3        2819194      1.74   141      0        63846       19994.28    0.00        19994.28   
  34       2816910      1        2        172465       0.11   3        0        61952       57488.33    0.00        57488.33   
  35       2017552      1        6        5427195      3.36   378      0        60541       14357.66    0.00        14357.66   
  36       2828675      1        2        62880        0.04   2        1        59454       31440.00    59454.00    3426.00    
  37       2018457      1        1        103487       0.06   2        0        59237       51743.50    0.00        51743.50   
  38       2815754      1        2        100603       0.06   2        0        57258       50301.50    0.00        50301.50   
  39       2023533      1        3        78281        0.05   2        0        55487       39140.50    0.00        39140.50   
  40       2018558      1        5        131574       0.08   24       0        53172       5482.25     0.00        5482.25    
  41       2018358      1        7        52966        0.03   1        0        52966       52966.00    0.00        52966.00   
  42       2022055      1        2        2698993      1.67   141      0        52623       19141.79    0.00        19141.79   
  43       2816929      1        4        105775       0.07   3        0        52311       35258.33    0.00        35258.33   
  44       2024772      1        2        217124       0.13   6        4        52173       36187.33    39647.25    29267.50   
  45       2010140      1        7        741610       0.46   163      0        50979       4549.75     0.00        4549.75    
  46       2014701      1        12       619364       0.38   46       0        50335       13464.43    0.00        13464.43   
  47       2017613      1        9        49980        0.03   1        0        49980       49980.00    0.00        49980.00   
  48       2820851      1        5        110122       0.07   3        0        49476       36707.33    0.00        36707.33   
  49       2811213      1        2        2806114      1.74   141      0        49219       19901.52    0.00        19901.52   
  50       2828060      1        4        49186        0.03   1        0        49186       49186.00    0.00        49186.00   
  51       2816928      1        3        118022       0.07   3        0        48912       39340.67    0.00        39340.67   
  52       2822979      1        3        48729        0.03   1        0        48729       48729.00    0.00        48729.00   
  53       2816922      1        5        110565       0.07   3        0        47617       36855.00    0.00        36855.00   
  54       2014635      1        1        157000       0.10   4        0        47062       39250.00    0.00        39250.00   
  55       2024771      1        1        4176929      2.58   735      0        46143       5682.90     0.00        5682.90    
  56       2810481      1        4        3355383      2.08   176      0        45719       19064.68    0.00        19064.68   
  57       2001330      1        8        2402319      1.49   851      0        45579       2822.94     0.00        2822.94    
  58       2020661      1        3        370702       0.23   103      0        43954       3599.05     0.00        3599.05    
  59       2815481      1        6        80818        0.05   2        0        43772       40409.00    0.00        40409.00   
  60       2024829      1        2        570881       0.35   29       0        43640       19685.55    0.00        19685.55   
  61       2024909      1        2        1673807      1.04   87       0        42857       19239.16    0.00        19239.16   
  62       2018958      1        18       42034        0.03   1        0        42034       42034.00    0.00        42034.00   
  63       2022609      1        2        41982        0.03   1        0        41982       41982.00    0.00        41982.00   
  64       2815817      1        5        104974       0.06   3        0        41914       34991.33    0.00        34991.33   
  65       2022543      1        1        389137       0.24   23       0        41750       16919.00    0.00        16919.00   
  66       2828122      1        2        41745        0.03   1        0        41745       41745.00    0.00        41745.00   
  67       2018452      1        15       41443        0.03   1        0        41443       41443.00    0.00        41443.00   
  68       2816525      1        10       99071        0.06   3        0        41387       33023.67    0.00        33023.67   
  69       2816327      1        4        100088       0.06   3        0        41122       33362.67    0.00        33362.67   
  70       2022502      1        4        40547        0.03   1        0        40547       40547.00    0.00        40547.00   
  71       2020747      1        8        77760        0.05   2        0        39759       38880.00    0.00        38880.00   
  72       2102190      1        5        287232       0.18   81       0        38573       3546.07     0.00        3546.07    
  73       2019344      1        5        37449        0.02   1        0        37449       37449.00    0.00        37449.00   
  74       2014519      1        7        1208005      0.75   60       0        36543       20133.42    0.00        20133.42   
  75       2023083      1        2        67016        0.04   2        0        36538       33508.00    0.00        33508.00   
  76       2103158      1        6        213069       0.13   60       0        36293       3551.15     0.00        3551.15    
  77       2017707      1        4        36233        0.02   1        0        36233       36233.00    0.00        36233.00   
  78       2808175      1        1        129431       0.08   22       0        36163       5883.23     0.00        5883.23    
  79       2008118      1        3        150155       0.09   38       0        35907       3951.45     0.00        3951.45    
  80       2816925      1        3        97298        0.06   3        0        35791       32432.67    0.00        32432.67   
  81       2025162      1        2        35674        0.02   1        0        35674       35674.00    0.00        35674.00   
  82       2019881      1        3        35419        0.02   1        0        35419       35419.00    0.00        35419.00   
  83       2830124      1        1        34121        0.02   1        0        34121       34121.00    0.00        34121.00   
  84       2815451      1        2        743414       0.46   56       0        34117       13275.25    0.00        13275.25   
  85       2816328      1        5        89086        0.06   3        0        33831       29695.33    0.00        29695.33   
  86       2023624      1        3        443949       0.27   146      0        33539       3040.75     0.00        3040.75    
  87       2816931      1        3        88986        0.06   3        0        32942       29662.00    0.00        29662.00   
  88       2020800      1        2        32749        0.02   1        0        32749       32749.00    0.00        32749.00   
  89       2018375      1        3        508397       0.31   34       0        32509       14952.85    0.00        14952.85   
  90       2811447      1        2        206360       0.13   36       0        32117       5732.22     0.00        5732.22    
  91       2824993      1        1        70220        0.04   4        0        31736       17555.00    0.00        17555.00   
  92       2008117      1        3        180352       0.11   51       0        31463       3536.31     0.00        3536.31    
  93       2828986      1        2        31263        0.02   1        0        31263       31263.00    0.00        31263.00   
  94       2023625      1        3        243402       0.15   79       0        30656       3081.04     0.00        3081.04    
  95       2018981      1        4        30390        0.02   1        0        30390       30390.00    0.00        30390.00   
  96       2016858      1        10       29955        0.02   1        0        29955       29955.00    0.00        29955.00   
  97       2829644      1        1        29795        0.02   1        0        29795       29795.00    0.00        29795.00   
  98       2014473      1        5        498108       0.31   176      0        29664       2830.16     0.00        2830.16    
  99       2816660      1        3        29537        0.02   1        0        29537       29537.00    0.00        29537.00   
  100      2819673      1        4        84738        0.05   3        0        29461       28246.00    0.00        28246.00   
  101      2812916      1        6        29367        0.02   1        0        29367       29367.00    0.00        29367.00   
  102      2816356      1        2        29284        0.02   1        0        29284       29284.00    0.00        29284.00   
  103      2816526      1        13       87111        0.05   3        0        29248       29037.00    0.00        29037.00   
  104      2821615      1        2        28931        0.02   1        0        28931       28931.00    0.00        28931.00   
  105      2009702      1        5        609790       0.38   46       0        28614       13256.30    0.00        13256.30   
  106      2809859      1        6        28522        0.02   1        0        28522       28522.00    0.00        28522.00   
  107      2011894      1        19       28398        0.02   1        0        28398       28398.00    0.00        28398.00   
  108      2816924      1        4        83332        0.05   3        0        28376       27777.33    0.00        27777.33   
  109      2018496      1        9        28339        0.02   1        0        28339       28339.00    0.00        28339.00   
  110      2829848      1        2        28049        0.02   1        0        28049       28049.00    0.00        28049.00   
  111      2018242      1        5        27933        0.02   1        0        27933       27933.00    0.00        27933.00   
  112      2018983      1        7        27866        0.02   1        0        27866       27866.00    0.00        27866.00   
  113      2816930      1        4        80063        0.05   3        0        27333       26687.67    0.00        26687.67   
  114      2809255      1        3        29113        0.02   2        0        26142       14556.50    0.00        14556.50   
  115      2021065      1        2        26028        0.02   1        0        26028       26028.00    0.00        26028.00   
  116      2012707      1        5        47304        0.03   2        0        25097       23652.00    0.00        23652.00   
  117      2021972      1        4        124264       0.08   6        0        24846       20710.67    0.00        20710.67   
  118      2014130      1        2        76223        0.05   20       0        24650       3811.15     0.00        3811.15    
  119      2806561      1        5        126035       0.08   32       0        24138       3938.59     0.00        3938.59    
  120      2828190      1        2        46485        0.03   2        0        24058       23242.50    0.00        23242.50   
  121      2018077      1        5        23937        0.01   1        0        23937       23937.00    0.00        23937.00   
  122      2826256      1        2        70290        0.04   3        0        23502       23430.00    0.00        23430.00   
  123      2827279      1        5        68505        0.04   3        0        23429       22835.00    0.00        22835.00   
  124      2020380      1        3        23418        0.01   1        0        23418       23418.00    0.00        23418.00   
  125      2023620      1        3        5

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1178 bytes) - download
1
2
3
4
5
6
7
8
2019-06-20 09:22:56,771 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-20 09:22:57,469 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-20 09:22:57,469 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-06-20 09:22:57,470 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-20 09:22:57,470 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-20 09:22:57,470 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/2a6409019480c7ac57d9812c7689555156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06202019.0922-1d849464-445b-41ec-825b-53d396ee7beb_1.pcap -vvv -k none
2019-06-20 09:23:20,318 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-20 09:23:20,319 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.5569171906