Filename: 5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.8156988621 seconds
Hash: 384b9ef727c721fcff7675b0cd0d0f6c
Uploaded: 1551112898

Logfiles


packet_stats.log - (14448 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           692          1445326      225802527     146433964        101.3b   94.58
 IPv4      17            49          9900707      232715197     106902018          5.2b    4.89
 IPv6      17             9          9588433      233708555      62844453        565.6m    0.53
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           692            69880       12751926        337613        233.6m   88.92
TMM_FLOWWORKER              IPv4      17            49           131477       12586885        469302         23.0m    8.75
TMM_RECEIVEPCAPFILE         IPv4       6           690             2558          34585          3061          2.1m    0.80
TMM_RECEIVEPCAPFILE         IPv4      17            49             2560           3645          2923        143.3k    0.05
TMM_DECODEPCAPFILE          IPv4       6           690             2656           9552          2784          1.9m    0.73
TMM_DECODEPCAPFILE          IPv4      17            49             2693           4301          2826        138.5k    0.05
TMM_FLOWWORKER              IPv6      17             9           109248         395406        186633          1.7m    0.64
TMM_RECEIVEPCAPFILE         IPv6      17             9             2792          11678          3998         36.0k    0.01
TMM_DECODEPCAPFILE          IPv6      17             9             2706          46703          7827         70.4k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           690             2853          31668          3438          2.4m  1.01  
flow                    IPv4      17            49             2684          11145          3886        190.4k  0.08  
stream                  IPv4       6           692             2869         406333          7488          5.2m  2.21  
app-layer               IPv4      17            49             2531          49822          5594        274.1k  0.12  
detect                  IPv4       6           692            45903       12709303        307975        213.1m  90.81 
detect                  IPv4      17            49           114825         513161        199520          9.8m  4.17  
tcp-prune               IPv4       6           692             2555          31115          3192          2.2m  0.94  
flow                    IPv6      17             9             3109          31953          9172         82.6k  0.04  
app-layer               IPv6      17             9             2698          40385          9176         82.6k  0.04  
detect                  IPv6      17             9            92521         300496        155969          1.4m  0.60  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             3562          31697         17629         35.3k  8.33  
dns                     IPv4      17             4             5726          22153         11484         45.9k  10.85 
http                    IPv6      17             1           342067         342067        342067        342.1k  80.82 
Proto detect            IPv4      17            10             2796          19269          7542         75.4k
Proto detect            IPv6      17             4             3004          33005         10994         44.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            43290       11988714       3045374         12.2m  96.27 
LOGGER_JSON_HTTP            IPv4       6             1           234747         234747        234747        234.7k  1.86  
LOGGER_JSON_FILE            IPv4       6             1           237331         237331        237331        237.3k  1.88  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           493             2837          84448         16568         8.2m  10.21 
payload                           IPv4      17            49             3314          58392         12057       590.8k  0.74  
stream                            IPv4       6           493             2547       12515380         56488        27.8m  34.80 
http_uri                          IPv4       6             1            12077          12077         12077        12.1k  0.02  
http_request_line                 IPv4       6             1            13525          13525         13525        13.5k  0.02  
http_client_body                  IPv4       6             1             3667           3667          3667         3.7k  0.00  
http_header (request)             IPv4       6             1            58406          58406         58406        58.4k  0.07  
http_header (request trailer)     IPv4       6             1             2637           2637          2637         2.6k  0.00  
http_header_names (request)       IPv4       6             1            21965          21965         21965        22.0k  0.03  
http_accept (request)             IPv4       6             1            10384          10384         10384        10.4k  0.01  
http_referer (request)            IPv4       6             1             3387           3387          3387         3.4k  0.00  
http_content_len (request)        IPv4       6             1             3905           3905          3905         3.9k  0.00  
http_content_type (request)       IPv4       6             1             3409           3409          3409         3.4k  0.00  
http_protocol (request)           IPv4       6             1             7933           7933          7933         7.9k  0.01  
http_start (request)              IPv4       6             1            12330          12330         12330        12.3k  0.02  
http_raw_header (request)         IPv4       6             1            15844          15844         15844        15.8k  0.02  
http_method                       IPv4       6             1             7404           7404          7404         7.4k  0.01  
http_cookie (request)             IPv4       6             1             4490           4490          4490         4.5k  0.01  
http_raw_uri                      IPv4       6             1             5956           5956          5956         6.0k  0.01  
http_user_agent                   IPv4       6             1            14766          14766         14766        14.8k  0.02  
http_host                         IPv4       6             1             8888           8888          8888         8.9k  0.01  
dns_query                         IPv4      17             2             9027          10217          9622        19.2k  0.02  
http_response_line                IPv4       6             1             9307           9307          9307         9.3k  0.01  
http_header (response)            IPv4       6             1            53013          53013         53013        53.0k  0.07  
http_header (response trailer)    IPv4       6             1             3304           3304          3304         3.3k  0.00  
http_content_type (response)      IPv4       6             1            11489          11489         11489        11.5k  0.01  
http_raw_header (response)        IPv4       6           483             4048          47285          4514         2.2m  2.72  
http_cookie (response)            IPv4       6             1             3004           3004          3004         3.0k  0.00  
http_stat_code                    IPv4       6             1             4161           4161          4161         4.2k  0.01  
file_data (http response)         IPv4       6           482             2571        1297621         84729        40.8m  51.03 
Total                             IPv4                  2026                                         39458        79.9m
payload                           IPv6      17             9             3354          24648         10248        92.2k  0.12  
Total                             IPv6                     9                                         10248        92.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            29249          56113         42681         85.4k  0.03  
PROF_DETECT_IPONLY          IPv4      17            10            37125         129842         56219        562.2k  0.17  
PROF_DETECT_RULES           IPv4       6           692             2553        1782722         93671         64.8m  19.84 
PROF_DETECT_RULES           IPv4      17            49            44817         258598        111271          5.5m  1.67  
PROF_DETECT_STATEFUL_START    IPv4       6           321             5125        1275827         74004         23.8m  7.27  
PROF_DETECT_STATEFUL_CONT    IPv4       6           692             2602        7577067         22689         15.7m  4.81  
PROF_DETECT_STATEFUL_CONT    IPv4      17            49             2521          88420          4894        239.8k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           688             2567          33158          2859          2.0m  0.60  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2786           3225          3016         12.1k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           692             8211       12580446        151678        105.0m  32.13 
PROF_DETECT_PREFILTER       IPv4      17            49            24007          81517         36592          1.8m  0.55  
PROF_DETECT_PF_PAYLOAD      IPv4       6           493            13560       12533809         81301         40.1m  12.27 
PROF_DETECT_PF_PAYLOAD      IPv4      17            49             8386          63786         17688        866.8k  0.27  
PROF_DETECT_PF_TX           IPv4       6           688             2552        1312257         69931         48.1m  14.73 
PROF_DETECT_PF_TX           IPv4      17             2            15702          17140         16421         32.8k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           249             2533          27028          3676        915.6k  0.28  
PROF_DETECT_PF_SORT1        IPv4      17            49             2683           4849          3495        171.3k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6           692             2525        4813634         10002          6.9m  2.12  
PROF_DETECT_PF_SORT2        IPv4      17            49             2564          13481          3242        158.9k  0.05  
PROF_DETECT_NONMPMLIST      IPv4       6           692             2556          31771          2978          2.1m  0.63  
PROF_DETECT_NONMPMLIST      IPv4      17            49             2529           3752          2831        138.7k  0.04  
PROF_DETECT_ALERT           IPv4       6           692             2529          25258          2752          1.9m  0.58  
PROF_DETECT_ALERT           IPv4      17            49             2532           4500          2696        132.1k  0.04  
PROF_DETECT_CLEANUP         IPv4       6           692             2571          23469          2982          2.1m  0.63  
PROF_DETECT_CLEANUP         IPv4      17            49             2531           4116          2782        136.3k  0.04  
PROF_DETECT_GETSGH          IPv4       6           692             2530          23509          2953          2.0m  0.63  
PROF_DETECT_GETSGH          IPv4      17            49             2527          24524          4145        203.1k  0.06  
PROF_DETECT_IPONLY          IPv6      17             4             3485          33983         11933         47.7k  0.01  
PROF_DETECT_RULES           IPv6      17             9            33790         111683         62625        563.6k  0.17  
PROF_DETECT_STATEFUL_CONT    IPv6      17             9             2525           3344          2867         25.8k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             9            24220          47928         34722        312.5k  0.10  
PROF_DETECT_PF_PAYLOAD      IPv6      17             9             8668          29942         15571        140.1k  0.04  
PROF_DETECT_PF_SORT1        IPv6      17             9             2582           9908          4143         37.3k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             9             2553           4472          2868         25.8k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             9             2543           4468          3039         27.4k  0.01  
PROF_DETECT_ALERT           IPv6      17             9             2538          16689          4163         37.5k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             9             2544           7957          3853         34.7k  0.01  
PROF_DETECT_GETSGH          IPv6      17             9             2802          67191         12705        114.3k  0.04  


suricata-report-2019-02-25-T-16-42-01-02252019.1641-5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap.txt - (17708 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/384b9ef727c721fcff7675b0cd0d0f6c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02252019.1641-5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap -vvv -k none
elapsedtime:21.869032
stderr:
stdout:
25/2/2019 -- 16:41:39 - <Info> - Configuration node 'rule-files' redefined.
25/2/2019 -- 16:41:39 - <Notice> - This is Suricata version 4.0.0 RELEASE
25/2/2019 -- 16:41:39 - <Info> - CPUs/cores online: 1
25/2/2019 -- 16:41:39 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33346 and 'request-body-inspect-window' set to 16320 after randomization.
25/2/2019 -- 16:41:39 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32573 and 'response-body-inspect-window' set to 16641 after randomization.
25/2/2019 -- 16:41:39 - <Config> - DNS request flood protection level: 500
25/2/2019 -- 16:41:39 - <Config> - DNS per flow memcap (state-memcap): 524288
25/2/2019 -- 16:41:39 - <Config> - DNS global memcap: 16777216
25/2/2019 -- 16:41:39 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
25/2/2019 -- 16:41:39 - <Config> - preallocated 1000 hosts of size 136
25/2/2019 -- 16:41:39 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
25/2/2019 -- 16:41:39 - <Config> - using magic-file /usr/share/file/magic
25/2/2019 -- 16:41:39 - <Config> - Core dump size is unlimited.
25/2/2019 -- 16:41:39 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
25/2/2019 -- 16:41:39 - <Config> - preallocated 1000 defrag trackers of size 168
25/2/2019 -- 16:41:39 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
25/2/2019 -- 16:41:39 - <Config> - stream "prealloc-sessions": 2048 (per thread)
25/2/2019 -- 16:41:39 - <Config> - stream "memcap": 33554432
25/2/2019 -- 16:41:39 - <Config> - stream "midstream" session pickups: disabled
25/2/2019 -- 16:41:39 - <Config> - stream "async-oneside": disabled
25/2/2019 -- 16:41:39 - <Config> - stream "checksum-validation": disabled
25/2/2019 -- 16:41:39 - <Config> - stream."inline": disabled
25/2/2019 -- 16:41:39 - <Config> - stream "bypass": disabled
25/2/2019 -- 16:41:39 - <Config> - stream "max-synack-queued": 5
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly "memcap": 134217728
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly "depth": 0
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly "toserver-chunk-size": 2523
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly "toclient-chunk-size": 2636
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly.raw: enabled
25/2/2019 -- 16:41:39 - <Config> - stream.reassembly "segment-prealloc": 2048
25/2/2019 -- 16:41:39 - <Config> - Delayed detect disabled
25/2/2019 -- 16:41:39 - <Config> - pattern matchers: MPM: ac, SPM: bm
25/2/2019 -- 16:41:39 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
25/2/2019 -- 16:41:39 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
25/2/2019 -- 16:41:39 - <Config> - prefilter engines: MPM
25/2/2019 -- 16:41:39 - <Config> - IP reputation disabled
25/2/2019 -- 16:41:39 - <Perf> - Registered 148 keyword profiling counters.
25/2/2019 -- 16:41:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
25/2/2019 -- 16:41:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
25/2/2019 -- 16:41:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
25/2/2019 -- 16:41:44 - <Config> - No rules loaded from ET-icmp.rules.
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
25/2/2019 -- 16:41:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
25/2/2019 -- 16:41:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
25/2/2019 -- 16:41:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
25/2/2019 -- 16:41:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
25/2/2019 -- 16:41:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
25/2/2019 -- 16:41:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
25/2/2019 -- 16:41:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
25/2/2019 -- 16:41:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
25/2/2019 -- 16:41:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
25/2/2019 -- 16:41:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
25/2/2019 -- 16:41:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
25/2/2019 -- 16:41:51 - <Config> - No rules loaded from local.rules.
25/2/2019 -- 16:41:51 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
25/2/2019 -- 16:41:52 - <Info> - Threshold config parsed: 0 rule(s) found
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tcp-packet
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tcp-stream
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for udp-packet
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for other-ip
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_uri
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_request_line
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_client_body
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_response_line
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_header
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_header
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_header_names
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_header_names
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_accept
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_accept_enc
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_accept_lang
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_referer
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_connection
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_content_len
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_content_len
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_content_type
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_content_type
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_protocol
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_protocol
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_start
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_start
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_raw_header
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_raw_header
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_method
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_cookie
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_cookie
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_raw_uri
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_user_agent
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_host
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_raw_host
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_stat_msg
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_stat_code
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for dns_query
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tls_sni
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tls_cert_issuer
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tls_cert_subject
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for tls_cert_serial
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for dce_stub_data
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for dce_stub_data
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for ssh_protocol
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for ssh_protocol
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for ssh_software
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for ssh_software
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for file_data
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for file_data
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_request_line
25/2/2019 -- 16:41:52 - <Perf> - using shared mpm ctx' for http_response_line
25/2/2019 -- 16:41:52 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
25/2/2019 -- 16:41:52 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
25/2/2019 -- 16:41:52 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
25/2/2019 -- 16:41:52 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
25/2/2019 -- 16:41:52 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
25/2/2019 -- 16:41:52 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
25/2/2019 -- 16:41:53 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
25/2/2019 -- 16:41:53 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
25/2/2019 -- 16:41:57 - <Perf> - Unique rule groups: 104
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toserver TCP packet": 35
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toclient TCP packet": 17
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toserver TCP stream": 33
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toclient TCP stream": 19
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toserver UDP packet": 27
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "toclient UDP packet": 17
25/2/2019 -- 16:41:57 - <Perf> - Builtin MPM "other IP packet": 3
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_uri": 14
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_request_line": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_client_body": 6
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_response_line": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_header": 10
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_header": 6
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_header_names": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_accept": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_referer": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_content_len": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_content_type": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_content_type": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_protocol": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_start": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_method": 5
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_cookie": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_cookie": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver http_host": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver dns_query": 4
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver tls_sni": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toserver file_data": 1
25/2/2019 -- 16:41:57 - <Perf> - AppLayer MPM "toclient file_data": 7
25/2/2019 -- 16:41:59 - <Perf> - Registered 39590 rule profiling counters.
25/2/2019 -- 16:41:59 - <Info> - fast output device (regular) initialized: alert
25/2/2019 -- 16:41:59 - <Info> - eve-log output device (regular) initialized: eve.json
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'alert'
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'http'
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'dns'
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'tls'
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'files'
25/2/2019 -- 16:41:59 - <Config> - enabling 'eve-log' module 'ssh'
25/2/2019 -- 16:41:59 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
25/2/2019 -- 16:41:59 - <Info> - stats output device (regular) initialized: stats.log
25/2/2019 -- 16:41:59 - <Config> - AutoFP mode using "Hash" flow load balancer
25/2/2019 -- 16:41:59 - <Info> - reading pcap file /var/pcap/02252019.1641-5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap
25/2/2019 -- 16:41:59 - <Config> - us

This file has been truncated. Go here to download in full.


stats.log - (2987 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 2/25/2019 -- 16:42:01 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 906
decoder.bytes                              | Total                     | 507160
decoder.ipv4                               | Total                     | 739
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 906
decoder.tcp                                | Total                     | 690
decoder.udp                                | Total                     | 58
decoder.avg_pkt_size                       | Total                     | 559
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 10
flow_mgr.new_pruned                        | Total                     | 8
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 11
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65525
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078048


eve.json - (2152 bytes) - download
1
2
3
4
5
6
{"timestamp":"2019-01-24T12:55:14.146774+0000","flow_id":974552602656086,"pcap_cnt":53,"event_type":"dns","src_ip":"192.168.100.178","src_port":52618,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33039,"rrname":"office365advance.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T12:55:14.564283+0000","flow_id":974552602656086,"pcap_cnt":58,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.178","dest_port":52618,"proto":"UDP","dns":{"type":"answer","id":33039,"rcode":"NOERROR","rrname":"office365advance.com","rrtype":"A","ttl":599,"rdata":"185.68.93.84"}}
{"timestamp":"2019-01-24T12:55:14.835089+0000","flow_id":1507476439743247,"pcap_cnt":747,"event_type":"http","src_ip":"192.168.100.178","src_port":49215,"dest_ip":"185.68.93.84","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"office365advance.com","url":"\/update","http_user_agent":"Windows Installer","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-01-24T12:55:36.409801+0000","flow_id":1314602344792265,"pcap_cnt":824,"event_type":"dns","src_ip":"192.168.100.178","src_port":50348,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57257,"rrname":"vesecase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T12:55:36.434229+0000","flow_id":1314602344792265,"pcap_cnt":825,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.178","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"vesecase.com","rrtype":"A","ttl":1798,"rdata":"127.0.0.1"}}
{"timestamp":"2019-01-24T12:56:09.617759+0000","flow_id":1507476439743247,"event_type":"fileinfo","src_ip":"185.68.93.84","src_port":80,"dest_ip":"192.168.100.178","dest_port":49215,"proto":"TCP","http":{"hostname":"office365advance.com","url":"\/update","http_user_agent":"Windows Installer","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":454656},"app_proto":"http","fileinfo":{"filename":"\/update","gaps":false,"state":"CLOSED","stored":false,"size":454656,"tx_id":0}}


suricata-4.0.0-etpro-all-perf.txt-2019-02-25-T-16-42-01-02252019.1641-5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap.txt - (39126 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 2/25/2019 -- 16:42:01. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820157      1        2        2975761      4.98   19       0        402575      156619.00   0.00        156619.00  
  2        2820158      1        2        2913217      4.88   19       0        371457      153327.21   0.00        153327.21  
  3        2804911      1        3        908282       1.52   11       0        262456      82571.09    0.00        82571.09   
  4        2819664      1        2        3629365      6.08   23       0        262374      157798.48   0.00        157798.48  
  5        2803027      1        6        690504       1.16   11       0        261680      62773.09    0.00        62773.09   
  6        2819930      1        2        3580260      5.99   23       0        260677      155663.48   0.00        155663.48  
  7        2020865      1        3        2803006      4.69   21       0        231782      133476.48   0.00        133476.48  
  8        2804906      1        3        504857       0.85   5        0        216302      100971.40   0.00        100971.40  
  9        2802991      1        5        743373       1.24   9        0        203063      82597.00    0.00        82597.00   
  10       2801930      1        7        542813       0.91   7        0        190997      77544.71    0.00        77544.71   
  11       2012520      1        7        178452       0.30   1        1        178452      178452.00   178452.00   0.00       
  12       2803657      1        5        324521       0.54   4        0        162010      81130.25    0.00        81130.25   
  13       2809145      1        2        1343066      2.25   12       0        153346      111922.17   0.00        111922.17  
  14       2801929      1        7        484950       0.81   7        0        149101      69278.57    0.00        69278.57   
  15       2022552      1        2        671553       1.12   29       0        117189      23157.00    0.00        23157.00   
  16       2804927      1        2        366979       0.61   6        0        110721      61163.17    0.00        61163.17   
  17       2802987      1        5        631417       1.06   19       0        102046      33232.47    0.00        33232.47   
  18       2812950      1        2        624478       1.05   10       0        95758       62447.80    0.00        62447.80   
  19       2812914      1        4        594886       1.00   10       0        95349       59488.60    0.00        59488.60   
  20       2022008      1        3        89343        0.15   1        0        89343       89343.00    0.00        89343.00   
  21       2018789      1        3        87486        0.15   1        0        87486       87486.00    0.00        87486.00   
  22       2805348      1        4        645468       1.08   13       0        81807       49651.38    0.00        49651.38   
  23       2812915      1        4        565279       0.95   10       0        81729       56527.90    0.00        56527.90   
  24       2804157      1        4        81446        0.14   1        0        81446       81446.00    0.00        81446.00   
  25       2802044      1        4        72366        0.12   1        0        72366       72366.00    0.00        72366.00   
  26       2812951      1        2        536732       0.90   10       0        64115       53673.20    0.00        53673.20   
  27       2019707      1        2        710263       1.19   12       0        62575       59188.58    0.00        59188.58   
  28       2815254      1        7        62416        0.10   1        0        62416       62416.00    0.00        62416.00   
  29       2816530      1        2        60498        0.10   1        0        60498       60498.00    0.00        60498.00   
  30       2807878      1        2        58187        0.10   1        0        58187       58187.00    0.00        58187.00   
  31       2812952      1        2        524829       0.88   10       0        57288       52482.90    0.00        52482.90   
  32       2815287      1        3        454771       0.76   10       0        56425       45477.10    0.00        45477.10   
  33       2804907      1        3        93050        0.16   2        0        56417       46525.00    0.00        46525.00   
  34       2016537      1        2        2863558      4.79   195      0        56188       14684.91    0.00        14684.91   
  35       2023614      1        3        78963        0.13   10       0        55634       7896.30     0.00        7896.30    
  36       2804973      1        3        54553        0.09   1        0        54553       54553.00    0.00        54553.00   
  37       2022653      1        2        93920        0.16   4        0        52859       23480.00    0.00        23480.00   
  38       2024909      1        2        658282       1.10   32       0        52360       20571.31    0.00        20571.31   
  39       2828837      1        2        279404       0.47   12       0        49127       23283.67    0.00        23283.67   
  40       2009028      1        11       107380       0.18   4        0        48364       26845.00    0.00        26845.00   
  41       2826256      1        2        47703        0.08   1        0        47703       47703.00    0.00        47703.00   
  42       2810910      1        3        253876       0.43   15       0        47228       16925.07    0.00        16925.07   
  43       2008438      1        20       45881        0.08   1        0        45881       45881.00    0.00        45881.00   
  44       2022547      1        1        170690       0.29   43       0        45421       3969.53     0.00        3969.53    
  45       2802177      1        3        45409        0.08   1        0        45409       45409.00    0.00        45409.00   
  46       2016948      1        2        683185       1.14   45       0        44461       15181.89    0.00        15181.89   
  47       2023711      1        2        84410        0.14   4        0        44241       21102.50    0.00        21102.50   
  48       2804158      1        3        44202        0.07   1        0        44202       44202.00    0.00        44202.00   
  49       2024771      1        1        2236905      3.75   483      0        43769       4631.27     0.00        4631.27    
  50       2013250      1        3        42859        0.07   1        0        42859       42859.00    0.00        42859.00   
  51       2024829      1        2        662339       1.11   32       0        42737       20698.09    0.00        20698.09   
  52       2816330      1        2        39194        0.07   1        0        39194       39194.00    0.00        39194.00   
  53       2014519      1        7        653489       1.09   33       0        37438       19802.70    0.00        19802.70   
  54       2802043      1        3        37428        0.06   1        0        37428       37428.00    0.00        37428.00   
  55       2018667      1        3        37033        0.06   1        0        37033       37033.00    0.00        37033.00   
  56       2024650      1        1        841929       1.41   59       0        36287       14269.98    0.00        14269.98   
  57       2010140      1        7        234289       0.39   48       0        36215       4881.02     0.00        4881.02    
  58       2810353      1        5        35580        0.06   1        0        35580       35580.00    0.00        35580.00   
  59       2017552      1        6        2677909      4.48   196      0        34909       13662.80    0.00        13662.80   
  60       2018959      1        3        120787       0.20   4        0        34240       30196.75    0.00        30196.75   
  61       2816356      1        2        34226        0.06   1        0        34226       34226.00    0.00        34226.00   
  62       2022543      1        1        50387        0.08   2        0        33542       25193.50    0.00        25193.50   
  63       2008120      1        4        174102       0.29   50       0        32774       3482.04     0.00        3482.04    
  64       2806802      1        2        1517856      2.54   77       0        32397       19712.42    0.00        19712.42   
  65       2809306      1        4        838596       1.40   55       0        30978       15247.20    0.00        15247.20   
  66       2804508      1        2        30758        0.05   1        0        30758       30758.00    0.00        30758.00   
  67       2826281      1        2        47161        0.08   2        0        30672       23580.50    0.00        23580.50   
  68       2829249      1        2        30137        0.05   1        0        30137       30137.00    0.00        30137.00   
  69       2009909      1        10       30010        0.05   1        0        30010       30010.00    0.00        30010.00   
  70       2821615      1        2        30008        0.05   1        0        30008       30008.00    0.00        30008.00   
  71       2820855      1        3        239398       0.40   17       0        29943       14082.24    0.00        14082.24   
  72       2811041      1        3        290765       0.49   15       0        29839       19384.33    0.00        19384.33   
  73       2014956      1        1        144939       0.24   10       0        29704       14493.90    0.00        14493.90   
  74       2012981      1        5        56038        0.09   2        0        29671       28019.00    0.00        28019.00   
  75       2009897      1        14       29205        0.05   1        0        29205       29205.00    0.00        29205.00   
  76       2020496      1        2        29093        0.05   1        0        29093       29093.00    0.00        29093.00   
  77       2829858      1        2        89747        0.15   4        0        28618       22436.75    0.00        22436.75   
  78       2020295      1        6        28556        0.05   1        0        28556       28556.00    0.00        28556.00   
  79       2805292      1        3        28540        0.05   1        0        28540       28540.00    0.00        28540.00   
  80       2013441      1        9        28490        0.05   1        0        28490       28490.00    0.00        28490.00   
  81       2812101      1        2        227499       0.38   15       0        28210       15166.60    0.00        15166.60   
  82       2820931      1        2        253527       0.42   17       0        28134       14913.35    0.00        14913.35   
  83       2008575      1        5        102439       0.17   4        0        27897       25609.75    0.00        25609.75   
  84       2820811      1        2        238493       0.40   17       0        27420       14029.00    0.00        14029.00   
  85       2019834      1        2        26997        0.05   1        1        26997       26997.00    26997.00    0.00       
  86       2819694      1        2        470619       0.79   33       0        26844       14261.18    0.00        14261.18   
  87       2819887      1        2        26794        0.04   1        0        26794       26794.00    0.00        26794.00   
  88       2014353      1        6        97837        0.16   4        0        26560       24459.25    0.00        24459.25   
  89       2810852      1        2        242685       0.41   15       0        26350       16179.00    0.00        16179.00   
  90       2016503      1        2        230791       0.39   16       0        26218       14424.44    0.00        14424.44   
  91       2018375      1        3        135001       0.23   10       0        25937       13500.10    0.00        13500.10   
  92       2820928      1        2        234970       0.39   17       0        25911       13821.76    0.00        13821.76   
  93       2815261      1        2        146188       0.24   10       0        25884       14618.80    0.00        14618.80   
  94       2820003      1        2        489243       0.82   35       0        25788       13978.37    0.00        13978.37   
  95       2804858      1        2        25590        0.04   1        0        25590       25590.00    0.00        25590.00   
  96       2807130      1        4        425592       0.71   30       0        25569       14186.40    0.00        14186.40   
  97       2017748      1        6        287245       0.48   20       0        25312       14362.25    0.00        14362.25   
  98       2820079      1        2        79835        0.13   4        0        25245       19958.75    0.00        19958.75   
  99       2820923      1        2        234505       0.39   17       0        25155       13794.41    0.00        13794.41   
  100      2824739      1        2        73037        0.12   4        0        24696       18259.25    0.00        18259.25   
  101      2008299      1        4        65342        0.11   16       0        24545       4083.88     0.00        4083.88    
  102      2023671      1        4        63317        0.11   4        0        24377       15829.25    0.00        15829.25   
  103      2016502      1        2        239800       0.40   16       0        24357       14987.50    0.00        14987.50   
  104      2018477      1        1        44713        0.07   8        0        24204       5589.12     0.00        5589.12    
  105      2804096      1        9        65098        0.11   4        0        23996       16274.50    0.00        16274.50   
  106      2008782      1        5        23917        0.04   1        0        23917       23917.00    0.00        23917.00   
  107      2827279      1        5        23619        0.04   1        0        23619       23619.00    0.00        23619.00   
  108      2803139      1        3        23292        0.04   1        0        23292       23292.00    0.00        23292.00   
  109      2021954      1        2        64326        0.11   4        0        23243       16081.50    0.00        16081.50   
  110      2019822      1        7        64284        0.11   4        0        23202       16071.00    0.00        16071.00   
  111      2012707      1        5        23197        0.04   1        0        23197       23197.00    0.00        23197.00   
  112      2023626      1        3        142931       0.24   46       0        23185       3107.20     0.00        3107.20    
  113      2016854      1        3        78637        0.13   4        0        22868       19659.25    0.00        19659.25   
  114      2804922      1        6        22779        0.04   1        0        22779       22779.00    0.00        22779.00   
  115      2816165      1        5        22779        0.04   1        0        22779       22779.00    0.00        22779.00   
  116      2012612      1        16       22716        0.04   1        0        22716       22716.00    0.00        22716.00   
  117      2009702      1        5        49915        0.08   4        0        22474       12478.75    0.00        12478.75   
  118      2014701      1        12       50483        0.08   4        0        22431       12620.75    0.00        12620.75   
  119      2018241      1        2        79190        0.13   4        0        22278       19797.50    0.00        19797.50   
  120      2008184      1        10       22000        0.04   1        0        22000       22000.00    0.00        22000.00   
  121      2013352      1        4        77458        0.13   4        0        21893       19364.50    0.00        19364.50   
  122      2022502      1        4        21802        0.04   1        0        21802       21802.00    0.00        21802.00   
  123      2830036      1        1        21775        0.04   1        0        21775       21775.00    0.00        21775.00   
  124      2828008      1        2        21451        0.04   1        0        21451       21451.00    0.00        21451.00   
  125      2802876      1        3        2

This file has been truncated. Go here to download in full.


keyword_perf.log - (9762 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/25/2019 -- 16:42:01
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             4738737         1599            1599            32734           2963.00         2963.00         0.00           
  content          18626922        941             289             223104          19794.00        31696.00        14519.00       
  pcre             647968          118             0               64139           5491.00         0.00            5491.00        
  byte_test        399165          126             70              12677           3167.00         3229.00         3090.00        
  byte_jump        50224           14              13              9182            3587.00         3514.00         4533.00        
  isdataat         5699            2               0               2855            2849.00         0.00            2849.00        
  flowbits         2116912         723             24              22511           2927.00         3903.00         2894.00        
  urilen           6373            2               1               3358            3186.00         3015.00         3358.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             4738737         1599            1599            32734           2963.00         2963.00         0.00           
  flowbits         2097758         721             22              22511           2909.00         3387.00         2894.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3565912         259             124             169135          13768.00        18858.00        9091.00        
  pcre             69039           8               0               28083           8629.00         0.00            8629.00        
  byte_test        399165          126             70              12677           3167.00         3229.00         3090.00        
  byte_jump        45691           13              13              9182            3514.00         3514.00         0.00           
  isdataat         5699            2               0               2855            2849.00         0.00            2849.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         19154           2               2               16192           9577.00         9577.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26191           7               2               5714            3741.00         4490.00         3442.00        
  urilen           6373            2               1               3358            3186.00         3015.00         3358.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3257            1               0               3257            3257.00         0.00            3257.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14900211        641             147             223104          23245.00        45924.00        16496.00       
  pcre             494464          108             0               30860           4578.00         0.00            4578.00        
  byte_jump        4533            1               0               4533            4533.00         0.00            4533.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          89775           22              13              5452            4080.00         3884.00         4363.00        
  pcre             84465           2               0               64139           42232.00        0.00            42232.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30929           8               1               4367            3866.00         4087.00         3834.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7627            2               1               4412            3813.00         4412.00         3215.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3020            1               1               3020            3020.00         3020.00         0.00           


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-02-25 16:41:38,696 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-25 16:41:39,443 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-25 16:41:39,443 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-02-25 16:41:39,444 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-25 16:41:39,444 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-25 16:41:39,444 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/384b9ef727c721fcff7675b0cd0d0f6c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02252019.1641-5152e9fd-c8c6-49ee-9500-2ceacbb3b2c1.pcap -vvv -k none
2019-02-25 16:42:01,316 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-25 16:42:01,317 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.6288149357