Filename: test.pcap
Status: Analysis complete
IDS: suricata-3.1
Ruleset: etopen-all
Runtime: 18.4229619503 seconds
Hash: 3dc60c47daead95c4038b969010cd134
Uploaded: 1516523147

Logfiles


packet_stats.log - (9633 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           473          6752919      193175352     134549930         63.6b   70.48
 IPv4      17           194         16210488      193903035     137393363         26.7b   29.52
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           473            86385       20881920        298605        141.2m   56.96
TMM_FLOWWORKER              IPv4      17           194           106191        1430037        292066         56.7m   22.85
TMM_RECEIVEPCAPFILE         IPv4       6           473             3249          57780          4237          2.0m    0.81
TMM_RECEIVEPCAPFILE         IPv4      17           194             3351           6654          4100        795.5k    0.32
TMM_DECODEPCAPFILE          IPv4       6           473             3510          94020          4485          2.1m    0.86
TMM_DECODEPCAPFILE          IPv4      17           194             3384       19253847        103834         20.1m    8.12
TMM_PACKETLOGGER            IPv4       6           473             3291         406221          5868          2.8m    1.12
TMM_PACKETLOGGER            IPv4      17           194             3399        7403277         42973          8.3m    3.36
TMM_TXLOGGER                IPv4       6           473             3225         843042         10702          5.1m    2.04
TMM_TXLOGGER                IPv4      17           194             3483        1076148         20256          3.9m    1.58
TMM_FILELOGGER              IPv4       6           473             3636        1107213          8535          4.0m    1.63
TMM_FILELOGGER              IPv4      17           194             3318          78912          4455        864.4k    0.35

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           473             4104         407814          6941          3.3m  1.85  
flow                    IPv4      17           194             4002         547542          8718          1.7m  0.95  
stream                  IPv4       6           473             3588        1129224         15711          7.4m  4.19  
app-layer               IPv4      17           194             3300          64905          7125          1.4m  0.78  
detect                  IPv4       6           473            61947       20855871        240471        113.7m  64.10 
detect                  IPv4      17           194            82335        1305402        257251         49.9m  28.13 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            12            21633         580998        170269          2.0m  49.71 
http                    IPv4      17             1            21633          21633         21633         21.6k  0.53  
tls                     IPv4       6            10             4350        1114758        122772          1.2m  29.87 
dns                     IPv4      17            58             7308          44874         14097        817.6k  19.89 
Proto detect            IPv4       6             8             7077          66885         32177        257.4k
Proto detect            IPv4      17            74             4992          37545          7656        566.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_ALERTFASTLOG            IPv4      17             1           351069         351069        351069        351.1k    2.58
TMM_ALERTUNIFIED2ALERT      IPv4      17             1           163014         163014        163014        163.0k    1.20
TMM_LOGHTTPLOG              IPv4       6             3            53058         161607         94030        282.1k    2.07
TMM_JSONALERTLOG            IPv4      17             1          6869568        6869568       6869568          6.9m   50.44
TMM_JSONHTTPLOG             IPv4       6             3           110748         676062        484416          1.5m   10.67
TMM_JSONDNSLOG              IPv4      17             6           271251        1058475        489769          2.9m   21.58
TMM_JSONTLSLOG              IPv4       6             1           140442         140442        140442        140.4k    1.03
TMM_JSONFILELOG             IPv4       6             3           139746        1091871        474048          1.4m   10.44

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_MPM             IPv4       6           473             3195        9029457         65479         31.0m  18.83 
PROF_DETECT_MPM             IPv4      17           194            13086         195069         36885          7.2m  4.35  
PROF_DETECT_MPM_PACKET      IPv4       6           166             5133         462855         50091          8.3m  5.05  
PROF_DETECT_MPM_PACKET      IPv4      17           194             5301         185139         26030          5.0m  3.07  
PROF_DETECT_MPM_PKT_STR     IPv4       6           146             5685         481569         44744          6.5m  3.97  
PROF_DETECT_MPM_STREAM      IPv4       6            13            15150         449889        144763          1.9m  1.14  
PROF_DETECT_MPM_URI         IPv4       6             3            12957          28917         20893         62.7k  0.04  
PROF_DETECT_MPM_HCBD        IPv4       6             3             4284           6210          5184         15.6k  0.01  
PROF_DETECT_MPM_HSBD        IPv4       6             6             4365         528531        125268        751.6k  0.46  
PROF_DETECT_MPM_HHD         IPv4       6             9            20136          94566         41548        373.9k  0.23  
PROF_DETECT_MPM_HRHD        IPv4       6             9             6261          10047          7807         70.3k  0.04  
PROF_DETECT_MPM_HMD         IPv4       6             3             5055           6531          5919         17.8k  0.01  
PROF_DETECT_MPM_HCD         IPv4       6             9             5007        8698683        981407          8.8m  5.37  
PROF_DETECT_MPM_HRUD        IPv4       6             3             5043           7644          6653         20.0k  0.01  
PROF_DETECT_MPM_HSCD        IPv4       6             6             5352           8961          6662         40.0k  0.02  
PROF_DETECT_MPM_HUAD        IPv4       6             3            10032          38805         21649         64.9k  0.04  
PROF_DETECT_MPM_DNSQUERY    IPv4      17             6             7119          43962         15723         94.3k  0.06  
PROF_DETECT_IPONLY          IPv4       6            95             5907         943239         64682          6.1m  3.74  
PROF_DETECT_IPONLY          IPv4      17            30             7011         477501        113225          3.4m  2.06  
PROF_DETECT_RULES           IPv4       6           473             3030        1396416         33886         16.0m  9.74  
PROF_DETECT_RULES           IPv4      17           194            11304         716418        126434         24.5m  14.91 
PROF_DETECT_STATEFUL        IPv4       6           473             3204         431211          7054          3.3m  2.03  
PROF_DETECT_STATEFUL        IPv4      17           194             3366          43869          4971        964.6k  0.59  
PROF_DETECT_PREFILTER       IPv4       6           473             3009         285723          5071          2.4m  1.46  
PROF_DETECT_PREFILTER       IPv4      17           194             3456          38583          4810        933.3k  0.57  
PROF_DETECT_NONMPMLIST      IPv4       6           473             3333         463032          6027          2.9m  1.73  
PROF_DETECT_NONMPMLIST      IPv4      17           194             3240          34566          4390        851.8k  0.52  
PROF_DETECT_ALERT           IPv4       6           473             3216         435795          5096          2.4m  1.47  
PROF_DETECT_ALERT           IPv4      17           194             3321          76131          4928        956.1k  0.58  
PROF_DETECT_CLEANUP         IPv4       6           473             3504       20605875         49420         23.4m  14.21 
PROF_DETECT_CLEANUP         IPv4      17           194             3393         132675          5750          1.1m  0.68  
PROF_DETECT_GETSGH          IPv4       6           473             3207         367008          6468          3.1m  1.86  
PROF_DETECT_GETSGH          IPv4      17           194             3303         428766          9879          1.9m  1.16  


unified2.alert.1516523165 - (269 bytes) - download
1
2
3
4ZdI
E€µè!¬jÿÿÿÿD\D\ÉZdIZdI
E€­ÿÿÿÿÿÿô–4uEŸ¾Q@@ς¬jÿÿÿÿD\D\‹ÿd{"host_int": 99507181220345182811749233267297423191, "version": [2, 0], "displayname": "", "port": 17500, "namespaces": [46731833]}


suricata-3.1-etopen-all-perf.txt-2018-01-21-T-08-26-06-01212018.0804-test.pcap.txt - (23487 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/21/2018 -- 08:26:06
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024650      1        1        430782       1.97   1        0        430782      430782.00   0.00        430782.00  
  2        2022197      1        3        479961       2.19   3        0        435888      159987.00   0.00        159987.00  
  3        2021749      1        6        287745       1.31   2        0        165069      143872.50   0.00        143872.50  
  4        2017695      1        4        117084       0.53   1        0        117084      117084.00   0.00        117084.00  
  5        2020029      1        2        94722        0.43   1        0        94722       94722.00    0.00        94722.00   
  6        2017552      1        6        1105203      5.05   12       0        822843      92100.25    0.00        92100.25   
  7        2007703      1        11       524112       2.39   6        0        430836      87352.00    0.00        87352.00   
  8        2020610      1        3        84174        0.38   1        0        84174       84174.00    0.00        84174.00   
  9        2018457      1        1        77628        0.35   1        0        77628       77628.00    0.00        77628.00   
  10       2016537      1        2        636627       2.91   9        0        428877      70736.33    0.00        70736.33   
  11       2007670      1        9        412923       1.89   6        6        146994      68820.50    68820.50    0.00       
  12       2022873      1        3        66270        0.30   1        0        66270       66270.00    0.00        66270.00   
  13       2021067      1        2        193860       0.89   3        0        77793       64620.00    0.00        64620.00   
  14       2008456      1        5        61275        0.28   1        0        61275       61275.00    0.00        61275.00   
  15       2020774      1        2        57975        0.26   1        0        57975       57975.00    0.00        57975.00   
  16       2018005      1        6        114879       0.52   2        0        61545       57439.50    0.00        57439.50   
  17       2022480      1        2        103797       0.47   2        0        66522       51898.50    0.00        51898.50   
  18       2022073      1        2        51117        0.23   1        0        51117       51117.00    0.00        51117.00   
  19       2012648      1        3        279936       1.28   6        6        63411       46656.00    46656.00    0.00       
  20       2008119      1        3        456759       2.09   11       0        416073      41523.55    0.00        41523.55   
  21       2010150      1        6        41217        0.19   1        0        41217       41217.00    0.00        41217.00   
  22       2020777      1        2        38514        0.18   1        0        38514       38514.00    0.00        38514.00   
  23       2020786      1        4        36888        0.17   1        0        36888       36888.00    0.00        36888.00   
  24       2020586      1        3        36099        0.16   1        0        36099       36099.00    0.00        36099.00   
  25       2020612      1        3        71853        0.33   2        0        35964       35926.50    0.00        35926.50   
  26       2020794      1        2        35286        0.16   1        0        35286       35286.00    0.00        35286.00   
  27       2021038      1        4        33387        0.15   1        0        33387       33387.00    0.00        33387.00   
  28       2018054      1        1        32967        0.15   1        0        32967       32967.00    0.00        32967.00   
  29       2023083      1        2        96903        0.44   3        0        34836       32301.00    0.00        32301.00   
  30       2017259      1        11       31806        0.15   1        0        31806       31806.00    0.00        31806.00   
  31       2014704      1        7        63516        0.29   2        0        33066       31758.00    0.00        31758.00   
  32       2018287      1        2        31074        0.14   1        0        31074       31074.00    0.00        31074.00   
  33       2018389      1        3        60336        0.28   2        0        54867       30168.00    0.00        30168.00   
  34       2018637      1        2        28752        0.13   1        0        28752       28752.00    0.00        28752.00   
  35       2020765      1        2        28677        0.13   1        0        28677       28677.00    0.00        28677.00   
  36       2022543      1        1        109428       0.50   5        0        22317       21885.60    0.00        21885.60   
  37       2016948      1        2        21294        0.10   1        0        21294       21294.00    0.00        21294.00   
  38       2023619      1        3        1100682      5.03   52       0        522966      21166.96    0.00        21166.96   
  39       2022544      1        1        20907        0.10   1        0        20907       20907.00    0.00        20907.00   
  40       2020773      1        2        40254        0.18   2        0        35634       20127.00    0.00        20127.00   
  41       2018372      1        2        35391        0.16   2        0        20460       17695.50    0.00        17695.50   
  42       2001263      1        5        68640        0.31   4        0        35889       17160.00    0.00        17160.00   
  43       2022836      1        3        57543        0.26   4        0        15582       14385.75    0.00        14385.75   
  44       2018376      1        4        26298        0.12   2        0        13377       13149.00    0.00        13149.00   
  45       2018374      1        2        26208        0.12   2        0        13488       13104.00    0.00        13104.00   
  46       2019230      1        2        152820       0.70   12       0        22539       12735.00    0.00        12735.00   
  47       2023615      1        3        797730       3.64   79       0        414081      10097.85    0.00        10097.85   
  48       2009702      1        5        433266       1.98   49       0        38493       8842.16     0.00        8842.16    
  49       2016323      1        1        260415       1.19   31       0        95196       8400.48     0.00        8400.48    
  50       2023626      1        3        1028820      4.70   142      0        427635      7245.21     0.00        7245.21    
  51       2014701      1        12       347355       1.59   49       0        31614       7088.88     0.00        7088.88    
  52       2023622      1        3        1062837      4.85   155      0        418899      6857.01     0.00        6857.01    
  53       2014702      1        9        332607       1.52   49       0        59010       6787.90     0.00        6787.90    
  54       2010486      1        2        170850       0.78   26       0        76953       6571.15     0.00        6571.15    
  55       2014703      1        9        320433       1.46   49       0        34938       6539.45     0.00        6539.45    
  56       2001330      1        8        211134       0.96   33       0        43191       6398.00     0.00        6398.00    
  57       2011732      1        2        545397       2.49   86       0        76023       6341.83     0.00        6341.83    
  58       2008118      1        3        85200        0.39   15       0        25428       5680.00     0.00        5680.00    
  59       2018789      1        3        11124        0.05   2        0        6258        5562.00     0.00        5562.00    
  60       2018153      1        4        10758        0.05   2        0        5619        5379.00     0.00        5379.00    
  61       2023623      1        3        343827       1.57   64       0        106257      5372.30     0.00        5372.30    
  62       2017938      1        6        10548        0.05   2        0        5295        5274.00     0.00        5274.00    
  63       2018383      1        8        10386        0.05   2        0        5400        5193.00     0.00        5193.00    
  64       2020607      1        3        5184         0.02   1        0        5184        5184.00     0.00        5184.00    
  65       2019102      1        1        41247        0.19   8        0        5889        5155.88     0.00        5155.88    
  66       2020764      1        2        15204        0.07   3        0        5163        5068.00     0.00        5068.00    
  67       2021702      1        1        10110        0.05   2        0        5319        5055.00     0.00        5055.00    
  68       2020787      1        2        5004         0.02   1        0        5004        5004.00     0.00        5004.00    
  69       2018076      1        3        4986         0.02   1        0        4986        4986.00     0.00        4986.00    
  70       2017652      1        8        4959         0.02   1        0        4959        4959.00     0.00        4959.00    
  71       2020693      1        1        4941         0.02   1        0        4941        4941.00     0.00        4941.00    
  72       2019011      1        3        4926         0.02   1        0        4926        4926.00     0.00        4926.00    
  73       2019016      1        3        4869         0.02   1        0        4869        4869.00     0.00        4869.00    
  74       2023627      1        3        338346       1.55   70       0        35673       4833.51     0.00        4833.51    
  75       2021248      1        7        4827         0.02   1        0        4827        4827.00     0.00        4827.00    
  76       2012647      1        4        4827         0.02   1        0        4827        4827.00     0.00        4827.00    
  77       2023616      1        3        279327       1.28   58       0        35841       4815.98     0.00        4815.98    
  78       2020696      1        1        4794         0.02   1        0        4794        4794.00     0.00        4794.00    
  79       2018487      1        4        4788         0.02   1        0        4788        4788.00     0.00        4788.00    
  80       2019778      1        2        4767         0.02   1        0        4767        4767.00     0.00        4767.00    
  81       2020784      1        2        9525         0.04   2        0        5034        4762.50     0.00        4762.50    
  82       2018636      1        2        9465         0.04   2        0        4764        4732.50     0.00        4732.50    
  83       2020766      1        2        4719         0.02   1        0        4719        4719.00     0.00        4719.00    
  84       2018485      1        3        4716         0.02   1        0        4716        4716.00     0.00        4716.00    
  85       2019602      1        1        4692         0.02   1        0        4692        4692.00     0.00        4692.00    
  86       2020770      1        2        4680         0.02   1        0        4680        4680.00     0.00        4680.00    
  87       2020780      1        2        4677         0.02   1        0        4677        4677.00     0.00        4677.00    
  88       2023611      1        3        9330         0.04   2        0        4836        4665.00     0.00        4665.00    
  89       2018069      1        1        13971        0.06   3        0        4944        4657.00     0.00        4657.00    
  90       2018638      1        2        4653         0.02   1        0        4653        4653.00     0.00        4653.00    
  91       2011037      1        4        4626         0.02   1        0        4626        4626.00     0.00        4626.00    
  92       2008777      1        3        9213         0.04   2        0        4707        4606.50     0.00        4606.50    
  93       2020799      1        2        4605         0.02   1        0        4605        4605.00     0.00        4605.00    
  94       2009387      1        4        9129         0.04   2        0        4569        4564.50     0.00        4564.50    
  95       2021977      1        6        4527         0.02   1        0        4527        4527.00     0.00        4527.00    
  96       2024771      1        1        27021        0.12   6        0        5106        4503.50     0.00        4503.50    
  97       2020797      1        2        9003         0.04   2        0        4542        4501.50     0.00        4501.50    
  98       2102190      1        5        397758       1.82   89       0        40173       4469.19     0.00        4469.19    
  99       2019083      1        2        13344        0.06   3        0        4554        4448.00     0.00        4448.00    
  100      2021701      1        1        8886         0.04   2        0        4530        4443.00     0.00        4443.00    
  101      2020789      1        2        8883         0.04   2        0        4455        4441.50     0.00        4441.50    
  102      2019312      1        2        4434         0.02   1        0        4434        4434.00     0.00        4434.00    
  103      2020606      1        4        8850         0.04   2        0        4536        4425.00     0.00        4425.00    
  104      2019010      1        3        26514        0.12   6        0        5049        4419.00     0.00        4419.00    
  105      2020214      1        1        4410         0.02   1        0        4410        4410.00     0.00        4410.00    
  106      2020768      1        2        8757         0.04   2        0        4830        4378.50     0.00        4378.50    
  107      2018085      1        2        4362         0.02   1        0        4362        4362.00     0.00        4362.00    
  108      2012051      1        2        43578        0.20   10       0        5097        4357.80     0.00        4357.80    
  109      2024777      1        2        8706         0.04   2        0        4785        4353.00     0.00        4353.00    
  110      2008120      1        4        95406        0.44   22       0        8772        4336.64     0.00        4336.64    
  111      2008420      1        4        25992        0.12   6        0        5028        4332.00     0.00        4332.00    
  112      2103195      1        5        436713       1.99   101      0        26004       4323.89     0.00        4323.89    
  113      2008297      1        4        4320         0.02   1        0        4320        4320.00     0.00        4320.00    
  114      2018486      1        5        4314         0.02   1        0        4314        4314.00     0.00        4314.00    
  115      2017120      1        2        4290         0.02   1        0        4290        4290.00     0.00        4290.00    
  116      2101941      1        10       94236        0.43   22       0        4764        4283.45     0.00        4283.45    
  117      2100540      1        12       34254        0.16   8        0        4797        4281.75     0.00        4281.75    
  118      2100518      1        8        42642        0.19   10       0        4797        4264.20     0.00        4264.20    
  119      2008116      1        4        42543        0.19   10       0        5184        4254.30     0.00        4254.30    
  120      2103158      1        6        16980        0.08   4        0        4425        4245.00     0.00        4245.00    
  121      2008117      1        3        33945        0.16   8        0        5073        4243.12     0.00        4243.12    
  122      2018067      1        3        4221         0.02   1        0        4221        4221.00     0.00        4221.00    
  123      2016363      1        2        299298       1.37   71       0        6054        4215.46     0.00        4215.46    
  124      2020694      1        1        8430         0.04   2        0        4311        4215.00     0.00        4215.00    
  125      2020767      1        2        8427         0.04   2   

This file has been truncated. Go here to download in full.


suricata-3.1-etopen-all-alert-2018-01-21-T-08-26-06-01212018.0804-test.pcap.txt - (210 bytes) - download
1
01/21/2018-08:02:25.673152  [**] [1:2012648:3] ET POLICY Dropbox Client Broadcasting [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.0.106:17500 -> 255.255.255.255:17500


stats.log - (1930 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
------------------------------------------------------------------------------------
Date: 1/21/2018 -- 08:26:06 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 673
decoder.bytes                              | Total                     | 140273
decoder.ipv4                               | Total                     | 667
decoder.ethernet                           | Total                     | 673
decoder.tcp                                | Total                     | 473
decoder.udp                                | Total                     | 194
decoder.avg_pkt_size                       | Total                     | 208
decoder.max_pkt_size                       | Total                     | 1514
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 14
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
flow.spare                                 | Total                     | 9971
tcp.memuse                                 | Total                     | 393216
tcp.reassembly_memuse                      | Total                     | 12320544
flow.memuse                                | Total                     | 7155192


eve.json - (8822 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{"timestamp":"2018-01-21T08:02:25.673152+0000","flow_id":1543980597,"pcap_cnt":8,"event_type":"alert","src_ip":"172.16.0.106","src_port":17500,"dest_ip":"255.255.255.255","dest_port":17500,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2012648,"rev":3,"signature":"ET POLICY Dropbox Client Broadcasting","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2018-01-21T08:02:32.330505+0000","flow_id":2787246270,"pcap_cnt":85,"event_type":"http","src_ip":"172.16.0.106","src_port":42014,"dest_ip":"172.16.0.103","dest_port":52390,"proto":"TCP","tx_id":0,"http":{"hostname":"172.16.0.103","url":"\/zc\/0?action=getInfo&version=2.5.1","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/json"}}
{"timestamp":"2018-01-21T08:02:32.338636+0000","flow_id":2787246270,"pcap_cnt":87,"event_type":"fileinfo","src_ip":"172.16.0.103","src_port":52390,"dest_ip":"172.16.0.106","dest_port":42014,"proto":"TCP","http":{"hostname":"172.16.0.103","url":"\/zc\/0?action=getInfo&version=2.5.1","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/json","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":563},"app_proto":"http","fileinfo":{"filename":"\/zc\/0","state":"CLOSED","stored":false,"size":563,"tx_id":0}}
{"timestamp":"2018-01-21T08:02:33.019967+0000","flow_id":2074823715,"pcap_cnt":106,"event_type":"http","src_ip":"172.16.0.106","src_port":44596,"dest_ip":"172.16.0.103","dest_port":54625,"proto":"TCP","tx_id":0,"http":{"hostname":"172.16.0.103","url":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/xml"}}
{"timestamp":"2018-01-21T08:02:33.036432+0000","flow_id":477820768,"pcap_cnt":110,"event_type":"http","src_ip":"172.16.0.106","src_port":44598,"dest_ip":"172.16.0.103","dest_port":54625,"proto":"TCP","tx_id":0,"http":{"hostname":"172.16.0.103","url":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/xml"}}
{"timestamp":"2018-01-21T08:02:33.042250+0000","flow_id":2074823715,"pcap_cnt":113,"event_type":"fileinfo","src_ip":"172.16.0.103","src_port":54625,"dest_ip":"172.16.0.106","dest_port":44596,"proto":"TCP","http":{"hostname":"172.16.0.103","url":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":897},"app_proto":"http","fileinfo":{"filename":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","state":"CLOSED","stored":false,"size":897,"tx_id":0}}
{"timestamp":"2018-01-21T08:02:33.043534+0000","flow_id":477820768,"pcap_cnt":115,"event_type":"fileinfo","src_ip":"172.16.0.103","src_port":54625,"dest_ip":"172.16.0.106","dest_port":44598,"proto":"TCP","http":{"hostname":"172.16.0.103","url":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","http_user_agent":"Spotify\/106900336 Linux\/0 (PC desktop)","http_content_type":"application\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":897},"app_proto":"http","fileinfo":{"filename":"\/upnp\/dev\/cd58dcd2-c2b4-882f-ffff-ffff96434915\/desc","state":"CLOSED","stored":false,"size":897,"tx_id":0}}
{"timestamp":"2018-01-21T08:02:39.599835+0000","flow_id":3765696810,"pcap_cnt":166,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65524,"rrname":"play.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-01-21T08:02:39.599835+0000","flow_id":3765696810,"pcap_cnt":166,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":65524,"rcode":"NOERROR","rrname":"play.google.com","rrtype":"CNAME","ttl":280,"rdata":"play.l.google.com"}}
{"timestamp":"2018-01-21T08:02:39.599835+0000","flow_id":3765696810,"pcap_cnt":166,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":65524,"rcode":"NOERROR","rrname":"play.l.google.com","rrtype":"A","ttl":72,"rdata":"172.217.11.238"}}
{"timestamp":"2018-01-21T08:02:39.746912+0000","flow_id":3765696810,"pcap_cnt":183,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8787,"rrname":"beacons.gcp.gvt2.com","rrtype":"A","tx_id":1}}
{"timestamp":"2018-01-21T08:02:39.746912+0000","flow_id":3765696810,"pcap_cnt":183,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":8787,"rcode":"NOERROR","rrname":"beacons.gcp.gvt2.com","rrtype":"CNAME","ttl":95,"rdata":"beacons-handoff.gcp.gvt2.com"}}
{"timestamp":"2018-01-21T08:02:39.746912+0000","flow_id":3765696810,"pcap_cnt":183,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":8787,"rcode":"NOERROR","rrname":"beacons-handoff.gcp.gvt2.com","rrtype":"A","ttl":28,"rdata":"172.217.3.195"}}
{"timestamp":"2018-01-21T08:02:39.889209+0000","flow_id":3765696810,"pcap_cnt":206,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11946,"rrname":"beacons-blackholed.gcp.gvt2.com","rrtype":"A","tx_id":2}}
{"timestamp":"2018-01-21T08:02:39.889209+0000","flow_id":3765696810,"pcap_cnt":206,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":11946,"rcode":"NOERROR","rrname":"beacons-blackholed.gcp.gvt2.com","rrtype":"A","ttl":5975,"rdata":"216.58.214.131"}}
{"timestamp":"2018-01-21T08:02:51.599951+0000","flow_id":3765696810,"pcap_cnt":309,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8859,"rrname":"clients6.google.com","rrtype":"A","tx_id":3}}
{"timestamp":"2018-01-21T08:02:51.599951+0000","flow_id":3765696810,"pcap_cnt":309,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":8859,"rcode":"NOERROR","rrname":"clients6.google.com","rrtype":"CNAME","ttl":97,"rdata":"clients.l.google.com"}}
{"timestamp":"2018-01-21T08:02:51.599951+0000","flow_id":3765696810,"pcap_cnt":309,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":8859,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":263,"rdata":"172.217.11.238"}}
{"timestamp":"2018-01-21T08:03:33.495856+0000","flow_id":3765696810,"pcap_cnt":581,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45357,"rrname":"d.dropbox.com","rrtype":"A","tx_id":4}}
{"timestamp":"2018-01-21T08:03:33.519598+0000","flow_id":3765696810,"pcap_cnt":583,"event_type":"dns","src_ip":"172.16.0.106","src_port":33378,"dest_ip":"172.16.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44231,"rrname":"d.dropbox.com","rrtype":"AAAA","tx_id":5}}
{"timestamp":"2018-01-21T08:03:33.519598+0000","flow_id":3765696810,"pcap_cnt":583,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":44231,"rcode":"NOERROR","rrname":"d.dropbox.com","rrtype":"CNAME","ttl":130,"rdata":"d.v.dropbox.com"}}
{"timestamp":"2018-01-21T08:03:33.519598+0000","flow_id":3765696810,"pcap_cnt":583,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":44231,"rcode":"NOERROR","rrname":"d.v.dropbox.com","rrtype":"CNAME","ttl":53,"rdata":"d-sjc.v.dropbox.com"}}
{"timestamp":"2018-01-21T08:03:33.519598+0000","flow_id":3765696810,"pcap_cnt":583,"event_type":"dns","src_ip":"172.16.0.1","src_port":53,"dest_ip":"172.16.0.106","dest_port":33378,"proto":"UDP","dns":{"type":"answer","id":44231,"rcode":"NOERROR","rrname":"v.dropbox.com","rrtype":"SOA","ttl":72}}
{"timestamp":"2018-01-21T08:03:33.671241+0000","flow_id":2808144109,"pcap_cnt":595,"event_type":"tls","src_ip":"172.16.0.106","src_port":46406,"dest_ip":"162.125.32.135","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=San Francisco, O=Dropbox, Inc, OU=Dropbox Ops, CN=*.dropbox.com","issuerdn":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA"}}


suricata-report-2018-01-21-T-08-26-06-01212018.0804-test.pcap.txt - (16082 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
lastcmd:ulimit -c unlimited; /opt/suricata31/bin/suricata -c /opt/suricata31/etc/etopen/suricata31-etopen-all.yaml -l /var/www/html/3dc60c47daead95c4038b969010cd134ca353d31ae2111baa5fb0a0933888020 -r /var/pcap/01212018.0804-test.pcap -vvv -k none
elapsedtime:15.266233
stderr:
stdout:
21/1/2018 -- 08:25:51 - <Info> - Configuration node 'rule-files' redefined.
21/1/2018 -- 08:25:51 - <Notice> - This is Suricata version 3.1 RELEASE
21/1/2018 -- 08:25:51 - <Info> - CPUs/cores online: 1
21/1/2018 -- 08:25:51 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
21/1/2018 -- 08:25:51 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
21/1/2018 -- 08:25:51 - <Config> - DNS request flood protection level: 500
21/1/2018 -- 08:25:51 - <Config> - DNS per flow memcap (state-memcap): 524288
21/1/2018 -- 08:25:51 - <Config> - DNS global memcap: 16777216
21/1/2018 -- 08:25:51 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 defrag trackers of size 168
21/1/2018 -- 08:25:51 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/1/2018 -- 08:25:51 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 hosts of size 136
21/1/2018 -- 08:25:51 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:25:51 - <Config> - using magic-file /usr/share/file/magic
21/1/2018 -- 08:25:51 - <Config> - Core dump size is unlimited.
21/1/2018 -- 08:25:51 - <Config> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 10000 flows of size 296
21/1/2018 -- 08:25:51 - <Config> - flow memory usage: 7154304 bytes, maximum: 67108864
21/1/2018 -- 08:25:51 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/1/2018 -- 08:25:51 - <Config> - stream "memcap": 33554432
21/1/2018 -- 08:25:51 - <Config> - stream "midstream" session pickups: disabled
21/1/2018 -- 08:25:51 - <Config> - stream "async-oneside": disabled
21/1/2018 -- 08:25:51 - <Config> - stream "checksum-validation": disabled
21/1/2018 -- 08:25:51 - <Config> - stream."inline": disabled
21/1/2018 -- 08:25:51 - <Config> - stream "max-synack-queued": 5
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "memcap": 134217728
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "depth": 0
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "toserver-chunk-size": 2665
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "toclient-chunk-size": 2529
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly.raw: enabled
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 4, prealloc 256
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 16, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 112, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 248, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 512, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 768, prealloc 1024
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 1448, prealloc 1024
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 65535, prealloc 128
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "chunk-prealloc": 250
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "zero-copy-size": 128
21/1/2018 -- 08:25:51 - <Config> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 ippairs of size 136
21/1/2018 -- 08:25:51 - <Config> - ippair memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:25:51 - <Config> - Delayed detect disabled
21/1/2018 -- 08:25:51 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/1/2018 -- 08:25:51 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/1/2018 -- 08:25:51 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/1/2018 -- 08:25:51 - <Config> - IP reputation disabled
21/1/2018 -- 08:25:51 - <Perf> - Registered 114 keyword profiling counters.
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-ftp.rules
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-policy.rules
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-trojan.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-games.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-pop3.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-user_agents.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-activex.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-rpc.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-attack_response.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
21/1/2018 -- 08:25:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-scan.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-voip.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-chat.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-icmp_info.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-info.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-shellcode.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_client.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-imap.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_server.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-current_events.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-inappropriate.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-smtp.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_specific_apps.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-deleted.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-malware.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-snmp.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-worm.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-dns.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-misc.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-sql.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-dos.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-netbios.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-telnet.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-exploit.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-p2p.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-tftp.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-mobile_malware.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-botcc.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-compromised.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-drop.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-dshield.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-tor.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-ciarmy.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/local.rules
21/1/2018 -- 08:26:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/local.rules
21/1/2018 -- 08:26:02 - <Info> - 44 rule files processed. 19033 rules successfully loaded, 0 rules failed
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tcp-packet
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tcp-stream
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for udp-packet
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for other-ip
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_uri
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_uri
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_user_agent
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_method
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for file_data
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for file_data
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_stat_msg
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_stat_code
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_client_body
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_host
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_host
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_cookie
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_cookie
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for dns_query
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tls_sni
21/1/2018 -- 08:26:03 - <Info> - 19038 signatures processed. 1150 are IP-only rules, 6600 are inspecting packet payload, 13718 inspect application layer, 0 are decoder event only
21/1/2018 -- 08:26:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/1/2018 -- 08:26:03 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/1/2018 -- 08:26:03 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/1/2018 -- 08:26:03 - <Perf> - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
21/1/2018 -- 08:26:03 - <Perf> - UDP toclient: 21 port groups, 14 unique SGH's, 7 copies
21/1/2018 -- 08:26:03 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/1/2018 -- 08:26:03 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/1/2018 -- 08:26:04 - <Perf> - Unique rule groups: 107
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver UDP packet": 30
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient UDP packet": 14
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "other IP packet": 2
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_header": 7
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_header": 4
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_method": 4
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient file_data": 5
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_cookie": 2
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_cookie": 3
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver dns_query": 1
21/1/2018 -- 08:26:05 - <Perf> - Registered 19038 rule profiling counters.
21/1/2018 -- 08:26:05 - <Info> - Threshold config parsed: 0 rule(s) found
21/1/2018 -- 08:26:05 - <Info> - fast output device (regular) initialized: alert
21/1/2018 -- 08:26:05 - <Info> - eve-log output device (regular) initialized: eve.json
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'alert'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'http'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'dns'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'tls'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'files'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'ssh'
21/1/2018 -- 08:26:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/1/2018 -- 08:26:05 - <Info> - http-log output device (regular) initialized: http.log
21/1/2018 -- 08:26:05 - <Info> - stats output device (regular) initialized: stats.log
21/1/2018 -- 08:26:05 - <Config> - AutoFP mode using "Hash" flow load balancer
21/1/2018 -- 08:26:05 - <Info> - reading pcap file /var/pcap/01212018.0804-test.pcap
21/1/2018 -- 08:26:05 - <Config> - using 1 flow manager threads
21/1/2018 -- 08:26:05 - <Config> - using 1 flow recycler threads
21/1/2018 -- 08:26:05 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
21/1/2018 -- 08:26:05 - <Info> - pcap file end of file reached (pcap err code 0)
21/1/2018 -- 08:26:05 - <Notice> - Signal Received.  Stopping engine.
21/1/2018 -- 08:26:05 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
21/1/2018 -- 08:26:05 - <Info> - time elapsed 0.123s
21/1/2018 -- 08:26:06 - <Perf> - 72 flows processed
21/1/2018 -- 08:26:06 - <Notice> - Pcap-file module read 673 packets, 140273 bytes
21/1/2018 -- 08:26:06 - <Perf> - AutoFP - Total flow handler queues - 1
21/1/2018 -- 08:26:06 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:26:06 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:26:06 - <Perf> - Dumping profiling data for 19038 rules.
21/1/2018 -- 08:26:06 - <Perf> - Done dumping profiling data.
21/1/2018 -- 08:26:06 - <Perf> - Done dumping keyword profiling data.
21/1/2018 -- 08:26:06 - <Info> - cleaning up signature grouping structure... complete
21/1/2018 -- 08:26:06 - <Perf> - Done dumping profiling data.
returncode:
0errors:
warnings:
- 21/1/2018 -- 08:25:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
- 21/1/2018 -- 08:26:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/local.rules


keyword_perf.log - (7019 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/21/2018 -- 08:26:06
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        99486           6               1               57288           16581.00        57288.00        8439.00        
  content          998781          158             91              36792           6321.00         7250.00         5059.00        
  pcre             275322          15              0               98481           18354.00        0.00            18354.00       
  byte_test        227844          54              24              6813            4219.00         4536.00         3966.00        
  byte_jump        98100           13              0               39096           7546.00         0.00            7546.00        
  flow             1429656         41              41              804486          34869.00        34869.00        0.00           
  isdataat         23730           6               0               4134            3955.00         0.00            3955.00        
  flowbits         141801          8               6               103107          17725.00        22292.00        4024.00        
  urilen           4080            1               0               4080            4080.00         0.00            4080.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1429656         41              41              804486          34869.00        34869.00        0.00           
  flowbits         8049            2               0               4167            4024.00         0.00            4024.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          901704          141             83              36792           6395.00         7444.00         4893.00        
  pcre             167382          10              0               98481           16738.00        0.00            16738.00       
  byte_test        227844          54              24              6813            4219.00         4536.00         3966.00        
  byte_jump        98100           13              0               39096           7546.00         0.00            7546.00        
  isdataat         23730           6               0               4134            3955.00         0.00            3955.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          83064           14              5               11379           5933.00         5576.00         6131.00        
  pcre             33642           2               0               18843           16821.00        0.00            16821.00       
  urilen           4080            1               0               4080            4080.00         0.00            4080.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http headers
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14013           3               3               5124            4671.00         4671.00         0.00           
  pcre             74298           3               0               39564           24766.00        0.00            24766.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         133752          6               6               103107          22292.00        22292.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        99486           6               1               57288           16581.00        57288.00        8439.00        


suricata-3.1-etopen-all-http.log-2018-01-21-T-08-26-06-01212018.0804-test.pcap.txt - (544 bytes) - download
1
2
3
01/21/2018-08:02:32.330505 172.16.0.103 [**] /zc/0?action=getInfo&version=2.5.1 [**] Spotify/106900336 Linux/0 (PC desktop) [**] 172.16.0.106:42014 -> 172.16.0.103:52390
01/21/2018-08:02:33.019967 172.16.0.103 [**] /upnp/dev/cd58dcd2-c2b4-882f-ffff-ffff96434915/desc [**] Spotify/106900336 Linux/0 (PC desktop) [**] 172.16.0.106:44596 -> 172.16.0.103:54625
01/21/2018-08:02:33.036432 172.16.0.103 [**] /upnp/dev/cd58dcd2-c2b4-882f-ffff-ffff96434915/desc [**] Spotify/106900336 Linux/0 (PC desktop) [**] 172.16.0.106:44598 -> 172.16.0.103:54625


IDSDeathBlossom.py.log - (17880 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
2018-01-21 08:25:48,657 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-01-21 08:25:50,998 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-01-21 08:25:50,999 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.1-etopen-all
2018-01-21 08:25:51,001 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-01-21 08:25:51,001 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-01-21 08:25:51,002 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata31/bin/suricata -c /opt/suricata31/etc/etopen/suricata31-etopen-all.yaml -l /var/www/html/3dc60c47daead95c4038b969010cd134ca353d31ae2111baa5fb0a0933888020 -r /var/pcap/01212018.0804-test.pcap -vvv -k none
2018-01-21 08:26:06,295 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
21/1/2018 -- 08:25:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
2018-01-21 08:26:06,298 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
21/1/2018 -- 08:26:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/local.rules
2018-01-21 08:26:06,300 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-01-21 08:26:06,301 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata31/bin/suricata -c /opt/suricata31/etc/etopen/suricata31-etopen-all.yaml -l /var/www/html/3dc60c47daead95c4038b969010cd134ca353d31ae2111baa5fb0a0933888020 -r /var/pcap/01212018.0804-test.pcap -vvv -k none; returncode:0; elapsed:15.266233; Errors:
None
 Warnings:
- 21/1/2018 -- 08:25:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
- 21/1/2018 -- 08:26:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/local.rules

 stderr:

 stdout:
21/1/2018 -- 08:25:51 - <Info> - Configuration node 'rule-files' redefined.
21/1/2018 -- 08:25:51 - <Notice> - This is Suricata version 3.1 RELEASE
21/1/2018 -- 08:25:51 - <Info> - CPUs/cores online: 1
21/1/2018 -- 08:25:51 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
21/1/2018 -- 08:25:51 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
21/1/2018 -- 08:25:51 - <Config> - DNS request flood protection level: 500
21/1/2018 -- 08:25:51 - <Config> - DNS per flow memcap (state-memcap): 524288
21/1/2018 -- 08:25:51 - <Config> - DNS global memcap: 16777216
21/1/2018 -- 08:25:51 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 defrag trackers of size 168
21/1/2018 -- 08:25:51 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/1/2018 -- 08:25:51 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 hosts of size 136
21/1/2018 -- 08:25:51 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:25:51 - <Config> - using magic-file /usr/share/file/magic
21/1/2018 -- 08:25:51 - <Config> - Core dump size is unlimited.
21/1/2018 -- 08:25:51 - <Config> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 10000 flows of size 296
21/1/2018 -- 08:25:51 - <Config> - flow memory usage: 7154304 bytes, maximum: 67108864
21/1/2018 -- 08:25:51 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/1/2018 -- 08:25:51 - <Config> - stream "memcap": 33554432
21/1/2018 -- 08:25:51 - <Config> - stream "midstream" session pickups: disabled
21/1/2018 -- 08:25:51 - <Config> - stream "async-oneside": disabled
21/1/2018 -- 08:25:51 - <Config> - stream "checksum-validation": disabled
21/1/2018 -- 08:25:51 - <Config> - stream."inline": disabled
21/1/2018 -- 08:25:51 - <Config> - stream "max-synack-queued": 5
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "memcap": 134217728
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "depth": 0
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "toserver-chunk-size": 2665
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "toclient-chunk-size": 2529
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly.raw: enabled
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 4, prealloc 256
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 16, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 112, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 248, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 512, prealloc 512
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 768, prealloc 1024
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 1448, prealloc 1024
21/1/2018 -- 08:25:51 - <Config> - segment pool: pktsize 65535, prealloc 128
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "chunk-prealloc": 250
21/1/2018 -- 08:25:51 - <Config> - stream.reassembly "zero-copy-size": 128
21/1/2018 -- 08:25:51 - <Config> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
21/1/2018 -- 08:25:51 - <Config> - preallocated 1000 ippairs of size 136
21/1/2018 -- 08:25:51 - <Config> - ippair memory usage: 398144 bytes, maximum: 16777216
21/1/2018 -- 08:25:51 - <Config> - Delayed detect disabled
21/1/2018 -- 08:25:51 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/1/2018 -- 08:25:51 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/1/2018 -- 08:25:51 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/1/2018 -- 08:25:51 - <Config> - IP reputation disabled
21/1/2018 -- 08:25:51 - <Perf> - Registered 114 keyword profiling counters.
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-ftp.rules
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-policy.rules
21/1/2018 -- 08:25:51 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-trojan.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-games.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-pop3.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-user_agents.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-activex.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-rpc.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-attack_response.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
21/1/2018 -- 08:25:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/ET-emerging-icmp.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-scan.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-voip.rules
21/1/2018 -- 08:25:54 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-chat.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-icmp_info.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-info.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-shellcode.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_client.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-imap.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_server.rules
21/1/2018 -- 08:25:55 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-current_events.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-inappropriate.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-smtp.rules
21/1/2018 -- 08:25:57 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-web_specific_apps.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-deleted.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-malware.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-snmp.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-worm.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-dns.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-misc.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-sql.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-dos.rules
21/1/2018 -- 08:26:01 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-netbios.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-telnet.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-exploit.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-p2p.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-tftp.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-emerging-mobile_malware.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-botcc.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-compromised.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-drop.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-dshield.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-tor.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/ET-ciarmy.rules
21/1/2018 -- 08:26:02 - <Info> - Loading rule file: /opt/suricata31/etc/etopen/local.rules
21/1/2018 -- 08:26:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata31/etc/etopen/local.rules
21/1/2018 -- 08:26:02 - <Info> - 44 rule files processed. 19033 rules successfully loaded, 0 rules failed
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tcp-packet
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tcp-stream
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for udp-packet
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for other-ip
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_uri
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_uri
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_user_agent
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_header
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_method
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for file_data
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for file_data
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_stat_msg
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_stat_code
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_client_body
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_host
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_raw_host
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_cookie
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for http_cookie
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for dns_query
21/1/2018 -- 08:26:03 - <Perf> - using shared mpm ctx' for tls_sni
21/1/2018 -- 08:26:03 - <Info> - 19038 signatures processed. 1150 are IP-only rules, 6600 are inspecting packet payload, 13718 inspect application layer, 0 are decoder event only
21/1/2018 -- 08:26:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/1/2018 -- 08:26:03 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/1/2018 -- 08:26:03 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/1/2018 -- 08:26:03 - <Perf> - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
21/1/2018 -- 08:26:03 - <Perf> - UDP toclient: 21 port groups, 14 unique SGH's, 7 copies
21/1/2018 -- 08:26:03 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/1/2018 -- 08:26:03 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/1/2018 -- 08:26:04 - <Perf> - Unique rule groups: 107
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toserver UDP packet": 30
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "toclient UDP packet": 14
21/1/2018 -- 08:26:04 - <Perf> - Builtin MPM "other IP packet": 2
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_header": 7
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_header": 4
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_method": 4
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient file_data": 5
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver http_cookie": 2
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toclient http_cookie": 3
21/1/2018 -- 08:26:04 - <Perf> - AppLayer MPM "toserver dns_query": 1
21/1/2018 -- 08:26:05 - <Perf> - Registered 19038 rule profiling counters.
21/1/2018 -- 08:26:05 - <Info> - Threshold config parsed: 0 rule(s) found
21/1/2018 -- 08:26:05 - <Info> - fast output device (regular) initialized: alert
21/1/2018 -- 08:26:05 - <Info> - eve-log output device (regular) initialized: eve.json
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'alert'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'http'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'dns'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'tls'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'files'
21/1/2018 -- 08:26:05 - <Config> - enabling 'eve-log' module 'ssh'
21/1/2018 -- 08:26:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/1/2018 -- 08:26:05 - <Info> - http-log output device (regular) initialized: http.log
21/1/2018 -- 08:26:05 - <Info> - stats output device (regular) initialized: stats.log
21/1/2018 -- 08:26:05 - <Config> - AutoFP mode using "Hash" flow load balancer
21/1/2018 -

This file has been truncated. Go here to download in full.