Filename: eternalblue.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.0433061123 seconds
Hash: 4056e7e10cebd32c99d694f6a6a649f3
Uploaded: 1558019073

Logfiles


suricata-4.0.0-etpro-all-alert-2019-05-16-T-15-05-01-05162019.1504-eternalblue.pcap.txt - (2339 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
04/14/2017-17:30:36.157874  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50927 -> 10.128.0.243:445
04/14/2017-17:30:38.261434  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50927
04/14/2017-17:30:38.385102  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50927 -> 10.128.0.243:445
04/14/2017-17:30:55.455943  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50948 -> 10.128.0.243:445
04/14/2017-17:30:57.629856  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50948
04/14/2017-17:30:57.753580  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50948 -> 10.128.0.243:445
04/14/2017-17:31:14.864951  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50974 -> 10.128.0.243:445
04/14/2017-17:31:15.820482  [**] [1:2001569:15] ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 172.16.156.130:50996 -> 10.128.0.243:445
04/14/2017-17:31:17.183525  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50974
04/14/2017-17:31:17.302534  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50974 -> 10.128.0.243:445
04/14/2017-17:31:32.372713  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50974


packet_stats.log - (5666 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1438           137175      271196179     183954518        264.5b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1438            65684       13120009        229628        330.2m   90.29
TMM_RECEIVEPCAPFILE         IPv4       6          1420             2532       17393045         22027         31.3m    8.55
TMM_DECODEPCAPFILE          IPv4       6          1420             2641          37958          2981          4.2m    1.16

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1420             2822          49920          3694          5.2m  1.76  
stream                  IPv4       6          1438             2695         108605          7983         11.5m  3.86  
detect                  IPv4       6          1438            44234       13078187        192383        276.6m  92.90 
tcp-prune               IPv4       6          1438             2531          48273          3073          4.4m  1.48  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6            26             2624           6028          3049         79.3k  100.00
Proto detect            IPv4       6            69             2673           9004          3036        209.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            11            76200         235824        103539          1.1m  12.23 
LOGGER_UNIFIED2             IPv4       6            11            41735         127419         61589        677.5k  7.27  
LOGGER_JSON_ALERT           IPv4       6            11            82953        6422343        681768          7.5m  80.50 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           584             2551         177280         30533        17.8m  42.27 
stream                            IPv4       6           584             2534        3056737         41699        24.4m  57.73 
Total                             IPv4                  1168                                         36116        42.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           156            36434        4810604         74515         11.6m  3.77  
PROF_DETECT_RULES           IPv4       6          1438             2518        9352568         79055        113.7m  36.89 
PROF_DETECT_STATEFUL_START    IPv4       6             9            10147          17078         14145        127.3k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1438             2505          89336          6207          8.9m  2.90  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           436             2548          18681          2784          1.2m  0.39  
PROF_DETECT_PREFILTER       IPv4       6          1438             7677       12306490         60944         87.6m  28.44 
PROF_DETECT_PF_PAYLOAD      IPv4       6           584            14825        3068529         80645         47.1m  15.28 
PROF_DETECT_PF_TX           IPv4       6           436             2640       11035643         29476         12.9m  4.17  
PROF_DETECT_PF_SORT1        IPv4       6           546             2559          42081          3712          2.0m  0.66  
PROF_DETECT_PF_SORT2        IPv4       6          1438             2508          56957          3076          4.4m  1.44  
PROF_DETECT_NONMPMLIST      IPv4       6          1438             2516          99672          3145          4.5m  1.47  
PROF_DETECT_ALERT           IPv4       6          1438             2516          60616          3354          4.8m  1.57  
PROF_DETECT_CLEANUP         IPv4       6          1438             2543          52831          2975          4.3m  1.39  
PROF_DETECT_GETSGH          IPv4       6          1438             2510          39667          3404          4.9m  1.59  


stats.log - (2470 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 5/16/2019 -- 15:05:01 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1420
decoder.bytes                              | Total                     | 577766
decoder.ipv4                               | Total                     | 1420
decoder.ethernet                           | Total                     | 1420
decoder.tcp                                | Total                     | 1420
decoder.avg_pkt_size                       | Total                     | 406
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 78
tcp.sessions                               | Total                     | 78
tcp.syn                                    | Total                     | 78
tcp.synack                                 | Total                     | 78
tcp.rst                                    | Total                     | 78
detect.alert                               | Total                     | 11
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 5
app_layer.flow.smb                         | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 78
flow_mgr.flows_notimeout                   | Total                     | 78
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65458
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7096768


eve.json - (4561 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{"timestamp":"2017-04-14T17:30:36.157874+0000","flow_id":1819782059717412,"pcap_cnt":10,"event_type":"alert","src_ip":"172.16.156.130","src_port":50927,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:38.261434+0000","flow_id":1819782059717412,"pcap_cnt":225,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50927,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:38.385102+0000","flow_id":1819782059717412,"pcap_cnt":341,"event_type":"alert","src_ip":"172.16.156.130","src_port":50927,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:55.455943+0000","flow_id":879117651122727,"pcap_cnt":410,"event_type":"alert","src_ip":"172.16.156.130","src_port":50948,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:57.629856+0000","flow_id":879117651122727,"pcap_cnt":652,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50948,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:57.753580+0000","flow_id":879117651122727,"pcap_cnt":798,"event_type":"alert","src_ip":"172.16.156.130","src_port":50948,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:14.864951+0000","flow_id":128539905147776,"pcap_cnt":882,"event_type":"alert","src_ip":"172.16.156.130","src_port":50974,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:15.820482+0000","flow_id":1301849808536834,"pcap_cnt":1089,"event_type":"alert","src_ip":"172.16.156.130","src_port":50996,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001569,"rev":15,"signature":"ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection","category":"Misc activity","severity":3}}
{"timestamp":"2017-04-14T17:31:17.183525+0000","flow_id":128539905147776,"pcap_cnt":1147,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50974,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:17.302534+0000","flow_id":128539905147776,"pcap_cnt":1323,"event_type":"alert","src_ip":"172.16.156.130","src_port":50974,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:32.372713+0000","flow_id":128539905147776,"pcap_cnt":1410,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50974,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}


unified2.alert.1558019099 - (15570 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
4Xñ<h² Â	¬œ‚
€óÆï½°Xñ<Xñ<h²”PVè
±)ïjE†ԀΘ¬œ‚
€óÆï½ÒÛix›|MPù¾uûZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4Xñ>ý:ã
€ó¬œ‚½Æï‡Xñ>Xñ>ý:k)ïjPVè
±E]q‰€u
€ó¬œ‚½Æï›|ÒÜb%PúðÇW1ÿSMB+˜ÀÿþAJlJmIhClBsr4Xñ>àNãi¬œ‚
€óÆgXñ>Xñ>àNkE]f–¬œ‚
€óÆï½P¯k1ÿSMB+ÀÿþAJlJmIhClBsrXñ>Xñ>àNêEÜa¬œ‚
€óÆï½P±o5ÿSMB3ÀÿþA	5ÐónMMmL4Fh9Uz0/K53I+m4rfdSIoXNNp7eIvIY+VYa4msL29l3kH6DZ61W7O9XXoYq6F6XXtVNv62IEpWUOwL17bYurc/fMdbgclfEvddMjomJBpXyp05WVfZkD9sODwqmf4dFRuohf2bM/U2bXfQbTizIn5f6SywejR0EOIYu/2U6E1VcgPJmeQcqG55kZMCRUd6fkxB4k4JkiRr/O8C44bhadEVXPXE64yB6+STHAC/dFDMoVxGKv55B1xvFX6vM4IXAImv6GZP4C2Lu5hY3oTjk7r1k4tBeBf5ZrLmSc9itACsLPW/3D0NpEFFFJ0qfmtzazEwOxfPDIN3bjaccncdrPbhVi8AP3IrEZUaELSOJXzEaYiRKWjEIsl/KICeI2emteI49tXcN5OQV5sMn7nXeaabVaOMGcyLdIfIR5v10vWKacDVYQHD0DAdDS8H+6hclqpqNoPcpgNnffvkM3p8qPohxar0SHDE0EL+Yck3AgYk0VpQTlxlB05Uxw4q1EStQ5QXqo962jGgjxqBDsj7YxCyZ0ptRfORSHg8ZjCtT/KdJ4TpBFg/CNRNCqZjzFi6Cu23jtYOqMH2MHBNDUXXFjt/QVy37G+229Q4btrmWY+iCLqZJQxtRRx3nKK3hw+FL+DxgBsCB3dtX7B1sbFckxSjBh5Jw2/LYXgSF9zgKakkRaoB2AXH0ISVivtwdsAF7lrbvxz5Odt8n/+BWicRhkL+b5pPkas41yMMCHMX7I4N8SKRLK90oueOSIkPVJ1bJ8ONVphX1EqAAbQgk3neykugrBEmqifijiY394uGHBnEhDM21oPemJ2TtosMhzN4vGUZMigSt5cVGaQ0VDicLV2dp8qejUEnUXp2yaD5fOdX9bypefYWLcDnWxGd/5m3qhv9UC0XdEQe3BZ6laSnFfkj5LQp6MF49l/Pa8HMvWvPceBuASDfPjlXSyZEPLChZwy9vjODO7JNH3t15tUFkpauchk1b9IAJA7UsL2T9rI9RDd7nNAH1adIVjrGAvHMQ9zBzuCTFbaOzIstyoMC42gcQML4RvcwlzzG6TWIpjFddNgg2hbsHVmcL8eswKVYQAGmpflKNpOcwaaniHferYhOpRH7LoImywM+GjRYKlgJRgtocwgG382WxLA+JEQZPxY2ZpxXxTOXu/oiDXXowFczTlX0sHi0D0Z6TUYPS66HEMKIB16A+5u6TF0a23nAefz5d15/y6Ul3upGH12XoZ2j7QyUSK3LuXWS6bu+oPJ0acwo7ewYQR0pNQjvNobF4XfrWlC4ACZs4UQNPh8yn6c6brLpBVR/6S8yYUpPsOXp/tW5A1fGYIiQXGFMZJ8nRF8GGFPGiVex32FZBLizyjo0rp98yeB27IechVsfsGnJFpgkdja/JXHTXñ>Xñ>àNêEÜa¬œ‚
€óÆï½PùdO8DdUesH/hzZskuuBOOu3gosq5jq+splYi48fbDzUD6Qxy97yB6jIKhGGNXrXaMIZMtf3JieFu6RJZ6HiQTD8eTp5pkFzx3hf73rmTrRDGzmL3VWaVygkFYGePneffW+5eke27BdbygHPUe7tGawowo4Dydj90VgFS0/eI0ptGyS+g03W2U78m7uhEO+zfaXUtyOMDoc/0FqMSFvAh5ZlSIgVo9vuby/znjZhio53i7mEH+PlfpJ7/3HTRInN7RolciRGRoWGdS3c/twkTyCSX/Il6Y6mNlSmcjBLfloY12X1iBVoZz0hLTyk5Gu4Lb/dsZic8NCLGvxCSN5KEWk19dTZDS4bGcCNHekt2oNOlzq95VwgQEGmwRMCq9YgSJuxE9k4ZOu4kS2CcD/PyZ6uCx8FfKQuQxSmACC/o6wY1emNz8BWuqXIXhRLT9AE/ekOzuTzKwGIm97l8OZea6QofB4stjFze4WGPveE5bb/Kd6h4nu4Xy1B0qaNnRh1HJpJP89CiLmNPEuAtLCb/oSNxXwZ0nP/9keV6XU7C+fqyICZ+4uXWSy44q+HSNnbOXGTDeN92p6cxGiY2t0T44iPgn/E7iSvQc3zPxsEyNd5MZ6Av+myhDNPQhYix0xvYmUQvMr4vIw2cUN/TJj/u7IKWEqYaiVUzv9Ec4PgIgD0duGBqE70mfcZgkiU9DOBUIx0SUxCVb68o6388LRBdpIB96EomiZ/Gkg6tK79x7uR46MQPnOWcWZ4PlN/UwqsAdnIy47rg5Eqlxa6KXxQiUKoNALK2NnXHfFt9A4hKga7QrfRG3GhEivah+ejsjDDtJuShmYjb+OIeoE4Umo1gZggJbBtpZhMqcXpNkBMqf57Q1y+DJ6pxBUdE/9LBk5piAoqsvEQCTo6eUJ23LiboYK44kPQ8WGB640rtG/eQkJFngpx2M8MNUXAWm94hzKRfQmPRwqrp7/HdAkHZQ0ESJu76h0piuoSh491BeragETAMBdcYt65xf+6wo3LhmpuNDcXPVz+QMcdXbQW549kTTUucjLu56iqapBAcpgXEZ6ziO3WNx68WOai027fnhoSOZyTNtZutHum+PBuYSziruW2Ot6thHEzVUS97RbS8L93Ha7u7gxV84lEiHsK6WsMXfcYivhvVIBn2QP6cDj/85NbfD/bSVB5f4oB4sN/VWt+qV1MEOhWQn2dwsSpJ03hFlzllRsZmQVZf+p0JUmFKSTNYzRdqjSpVV286myjlFrqIyvF/Pbg+Xr+kugQgVbpzDCWn5oCfLtR/EvNVm92yvDZyyOGpgcJtpP5HcQt6NZkRhBVZrJd9JMCMZSDEct70w807/hBaMDuNyC/9Wok5iC4fmMAeEOrH82q1tT+q1a6PWB4QaNDQxZc9frjzt7TCge/TbKJ7Amc7H/FGi9Rf/rNOt97ss0NoTI+2krT0Se8YeA6Ulaf8T#Xñ>Xñ>àNEùaú¬œ‚
€óÆï½P,ãrKefI3L0LwRLntqWTAZBE4jYd+ArM2Anth6Wsz2gRTGYOUfxlEx9V00HEjNHhqzaCFgaUQtvMLepgbak4fm2BsKan8wF1k€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€q»nv5dWOEq3ZQl2PcTyBNRBdxN2R1xY7nCHOyEtLoGXrFaG0cuUjZJb4ZBqEChlSQRBDnmKEgirfjr+WL7oSGfAA8UrgqFZVk4zRrPVhLjz91eJy+MwGXWKzpfYpKa7pNjlXiwouz2B5ky+aXLuz0KuQsEIwObxx/KaH+8Te19zynp05XqU6wcYz5UjfWSoLxXrj8ilhzBhtaDiILtmNxvhJy1D/PGmrHEC+M9PsROCbI1TKi2mCEX61VPDOyatr5JaYctiihEfaYY7WDGIOePPIJDwg2maX92jn19Jv2hMzDxJsoEBtROQ7mewmJEBILIrXQZ5F1Ds2Js36+7yXqVJ5KDpWu4A8pKZpuTzxNzp1JwEc8XD7Bu9pznKwS3I8FXaIc2VCK4r7SrVILtNKOupuiMBUYPMATL6IzE66M7iQaZaUajt1ao+1QxQ9NMI80h68st/17fpXbeUv6RCEL2CpuGga8y6cIx20cPYzY8qbhfjVtq4nH9fWkbIDaH2J8Yaqn2w+ei2h89RTydjJX/5Sm2exME+ublN75osC0CFxkKS8ABM0xym4jhrpVwJD1wTlEeFPvHZr06oep8lN2R9TdKzpXzhG15iC3n/mXAKJfXAjwi3kILSeOKGTn1SCbgScKsZ3Mpft3cgEk1skcQDrT49cnjlmYznpVkyx3vWpOAo6QUFxyD+6LV8sWKh8nLPOdGEMXlSS4EbQmTJAvfDsNZZ54HvKhMOaC6sdGiSQLQ4MNuO50d1UlNrSLKQO4krUXfYjcpv4ziFEYDzRNu9YWHTebrA/4Jc48zMXUS6y0qLiGpdDLxcSu/u9xAbat8HIc6Hft8bX4qtcKhYBs8PT/uPi1TXQYw+2GIrQxPOlHllmxYcl9XghMuHmr3ivvj0H9PeUtoXPlQ/INULcfBz1Z4GwGK7vY7OPLSon1cNpwpk+Q2+n3CdSCBBq3p5m5ngLz==4XñOõ Â	¬œ‚
€óǽ°XñOXñOõ”PVè
±)ïjE†€ÍϬœ‚
€óǽß›¿œüiPù¾¹ÑZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4XñQ	œ`ã
€ó¬œ‚½Ç‡XñQXñQ	œ`k)ïjPVè
±E]su€s 
€ó¬œ‚½Ç¿œý(‘ØHPúð.1ÿSMB+˜ÀÿþAJlJmIhClBsr4XñQ¬ãi¬œ‚
€óǽ‡XñQXñQ¬kE]f–¬œ‚
€óǽP¯V1ÿSMB+ÀÿþAJlJmIhClBsrXñQXñQ¬êEÜa¬œ‚
€óǽPlK5ÿSMB3ÀÿþA	5Ðó5ysKoeTgwe314oEN9Fcv8bOZLyS8OLnJiRpCill5cWH3ojJZfhsuBo5B1t+eADNXWR6Emi9vtehx44nIVLJmVPMw25NCcuwxRHzDa/Ac0BHi++YOBNOjI/ZFx7i4oTPd50+vPuAQ5CdmKRTRvOUVBPUlJVzNpOao6ZpiC2+OO5OTcOC19EXRsRUeW2yd0MhRQRirSAECT9k7LvVS+rTDFE+GE027AEJY+lE7CA62/3kT14X8zpHgyPFAXA3XbF0FOdlKL+ZNOpKBBCp5mA8p0XkG0QDGFTiyyImNXVnTU0xiIAatAJ9g0MLaYEXJQivpW2u9U3nPmY3w0I6OIHAMOUMo5VB4W4HLwLJwo2KVc5UZDGeWIBpXaWfN5a0Fj3Si/VphDjyYIbjyXGwK/QIsRVC+hbdEegCWV3DL9SHnYRT/8RaJGNbNzJ+Tul3ifLH09WPrIN5QTXsyseX2KdcqFdY4AigIXQvwckHbZT1AsljAy4xXn+b9YfGlR7QVizE4ep78O81kqJian/ud/es9kEQGKjGD+XasTRGl8TcD6G2QbIMw2bR+Sz5LhaTDHDBzCdMWl7dkzCX6zGbz3dpEbv1+IqEjmKIkGPC0KH4nD9HBTHJIzCi6FV/YT61eGsyM1mSKncvV+jZY4u4wCtNVItIPHVkLMBHyuolDqL2iyUbvbaDZCY5yIBSvWWh5BrBw/H+kh396eJej4fP273pY4brciG1ZLw1TFQHtjSguT5luvNDl86i+u6DySePPVIQ7p0/eaPiFO9ZPil0r0sJBPbHjFgaa2S7SpNN29G1yMeK/m4770amIhcuhInhencia+vuD3uZdlem+3NGeBLSzU0ZPR+41ai/IcawHQSukhDVVD1Ut2VBO8oXuly/bCyVeX6AKPHbRwZqNJUKOs0pQ4XE1/fZN0Am4aeCvqwCt246XnZRE18pHtnXuR2Sb5JrxZ/ygSjM1NUBx+lLKOjC8odBI78sx2bKmm2LMBk9HKnywIXqcDsxddWfz4ZEGVeo8ES5mmDtZG74guuEk6YkQT9r21rHNRSd0ULwQ5gr8C/d2Z9aJGbKbKgNTlRoM7lo11DLikK5VOIyy50HGQtTz6s3QM2OQ3S0YWlxy48WOPG0XfsQbxFdpd48tmgEp4afZ3L2wglFFxQsg/FbSuaoVW2g321CiuslsIIC9AqZlQ3qZGXIhXfi765u51LoquDFVE+79/lRB+LrY93KB7KTf/LoraIxI47Y9bjbP7fbDGu6Q9TKdIOf9Do09TtAOxUc943NjV5fVH9/OKo6uCKy2wRLp+LO/aAJ8O2p3Wo7/7eey0NuRTaXPoVF5KkYZJoUiEh2encmAta1v0w0YEZsVVvG99fsaznI/hfGBM6opKQarYSIbidn00uinladXñQXñQ¬êEÜa¬œ‚
€óǽP±ñ5DXOrUXSriR1L5J5yIpS6IhSEL0MgRKF0U1pUM+bWVRt17KsRh3Yx36ebFMiEOSHOLJKQX9DgQEDoFKgHfY2yRcTn94RyZiMSWYkhd+2baWXjZSz3TuzJ6sOWonVE9IfQYSVHOYUyeXi7h4dZEC5CqQblAV7b3wpdJgjLHaZW++YItSEoqvVWyrt21BYkI1nDPZ4v8e3ADlwIlajp58H5zq1g0yS1lG401F0VcBqNUhhA5hT6sAsSENeuhpHNbSc4pPobMTDb7YV9UwNIqZmoofFJrRvdD98NFiyRCQJgxRbhEBut1RBAPn+hVMUmTsS912a0OnwFz0O1pF4VdmLZsDYc+12SDylR0ZBuJq48ygw73xC2Qmn/AwzBJk6Mp2h1Ngm2C7NNqMg506PMK5M7BmnVwnZXxzifg4rj5PzFXU0QdoHkLumqxRZytzXF5lLxVEEuW+RZQhsJpehQIfLgC2B0FT6rrSc36aWbbnZ/MgaEy79/2+9JVYCgUGaAHNx2NGkC6bJ4jog4zewFRf97M8bJmK0OWkpeB9WRJw21pLIhTOFwcKF05fFY0/yF5RhRP+fNHB8lqocuhnh2S6VEm8tg4GnHUF9GNZGc9Ow1Oa4PCR+KOjAibZ9Zd6KE0Yl3q0HJr9TDJx+GUq0mGH3Y2Zf+uYnyCwVcBezN58w3DWW9YGaAB3ryZmQanGQd8tBq1ofJXbr8har8Dpf1warD8ZNa4dJRrfP3Wp7j0lcAIrI7S+hALsJVujh7ZKpyaKFqHycFsyWff77CCQL1PTI/EA2SJdaPlN/N/PDEm6xB5BbF3tqXa4aElS3KL6Zy+xLSR23Ej9QguZMlnZ+OJW8bC0520BH2uXYtj8BZrq/3ASH1N7H6GzzdYPlPYF9p0A6MKF/YOzNWrCkf8Bd9MmBpvs54N1IAYi3b5KMP+Tx52kTGneu9wTU/b5FMWhx3gzOcmfu5UoNtvdx+8uZgiM0VxjWh22d9mpIPlYaqOKwJZ285ITx1JoTjPD6L11JEPCXNoiBhYlxR3QOg/q5EzBPok89YCj7xohEC/MC4v54be4MbqjJhm066s4DKr2WE766QIkqKklBHhtkcNtKu/ZJPQgozHDxAtqA8NgzPlMcEmT6LCAlJEgC402NcbCLhyrZql9eUcxES8Pon8O1Z4u4kc2JGfk5pyfRwm7EroFSzwDhCksgkUGKflf/L+6cqVtqZCpgv+vRABH63XmMz1gpHAkFWfopNwg1NHoP7I42lAfWa6yB5/lOYwlhpZJnEd5KAfxpuU2+/qIdIb2c82TEGf6FoDx1f8a65tpi8Mek6BfE1fwuIINzMdNpdmSR2P1OFjU6971BvuyWtrYyQEsV/lhWWnk4tS+u/qv/kPcdoM49zyZxjEPIzfyyToXN0OeJno7feje2/0kJQW5/9eUDdFs496lJBlfyXuEtjs5s3VaiHu6tGFji#XñQXñQ¬Eùaú¬œ‚
€óǽPMVTvtyiOcC1AII5VG+F5cPjfHJR0guSXWmxVFZSE/EKhN00VkxN1Wd3MLvJYtG1m6VxwgLsJmyUTIROt80+2r5LY/6XZ0rT€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€H»66hCvqZc0cTkw0+IB6ExkbgeKYOFEQYu8ScE91Crx3jiubd1hWWp/Iprd0OB1BTxD86itXWI6vV8dSoySvihpc87rCTVb31HNlmw8IRALnj6ETKt91Ua7fJaijXarBjZBx2t2xefRZjc0X6s9z6+yTItjYCW5vQ+Dom3NjbM2imGWjqT35rUs5IRso59qwj0wBueEqM0kOPeQkCWde3ewH6T8f+ujme0VYyw1XqhxnQXZB3n+bH+J4yzwJN9brLZKmM9KUX+yCjkmKttaE5En95r8FPXjqPxKw8CwtnMrEeQI8cjL3do0mkKDFHwGOzmQSrD6UyyltzwSY1FfVwDQwX01drHdW0SeQAA3WJ2hQMgoiqob1PQfG070xT0jvUFHtCyqrCorNCuIBAaEifWYBNxFBWi6TxRi0Rszo1U5B2ln7IEL+pKqXMgNI0+cYJo900VHnglAzWVrlpAzZvDrrYctcFEWFYmZGn/YBFdvHbKm5uM7zLmL6PQ2Sg4b8EkW4hslxeQ7qOdyWJPn9Wn5W0KQPWXGL0/Pf1fg4QwyLaL19y0F3DEeyGeHwJiTQcTYQ7Rpkk+Olkp67J9vY6iCJ3ABuLEri2Cv+0XeIg9L3vNIGnbLaW7Los8vOfoZVjq8ntyjkRkKzqFiHKjt1ILk9RZoXPM/tsCWcNvfqP6lRtGOg0K9o+J5J6Elb9BNOW+Y3ZX/ctddHzNuZrXZQEMs7nZZ3Slorf5xnaQCsQ3Wfb/CkHctqwv7lmwf6Q9JMKEAJr3A6WUS5YrANnyp4cX/tZtrgfmlx4BqBI+ibN0W+Kpp3q1IVbz3SRLyZoyj3tjRyJJ8EFuwZ98oQGTEtj3WHub3XLoy+uSZ2T4sof5E7u6UHp8plEmAYi/SfsJIz0hvp7Nh0pYQ4NZ0wukfIKKq/y4KInMvlw6sF9qxQspU8LIbGZNdkHlIBW0w4cLzkeC9VW==4Xñb
2· Â	¬œ‚
€óǽ°XñbXñb
2·”PVè
±)ïjE†ˆ€Ì䬜‚
€óǽ¢î¼Ÿ?ØAðPù¾‡“ZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4Xñc…Š¡¬œ‚
€óÇ4½^XñcXñc…BPVè
±)ïjE4ý@€ŒÁ¬œ‚
€óÇ4½s!`€ 1—´4	XñeÌåã
€ó¬œ‚½Ç‡	XñeXñeÌåk)ïjPVè
±E]t¸€qÝ
€ó¬œ‚½Ç?ØB¯¢ïµLPúðØï1ÿSMB+˜ÀÿþAJlJmIhClBsr4
XñeÆãi¬œ‚
€óǽ‡
XñeXñeÆkE]f–¬œ‚
€óǽP¯<1ÿSMB+ÀÿþAJlJmIhClBsr
XñeXñeÆêEÜa¬œ‚
€óǽPôâ5ÿSMB3ÀÿþA	5ÐóUl5wW8a5vWwpYE9xrx8N4xssEYvc/z08jh9WcmMydpPYcTxZbfct+jYzFP+3xyQB/QYTlJYMerhPXedrsdcmbNkzE19Z275EgXQfGRu2suufAOp7uitqYxg9jy4fOt50/WCiRWrkfwYU4DjixLXEVKH1ZiYuMPu0owJLifleL/evnranFlFJ4R1XPxgpzPdhEHN4u985vHbo2BoZTd1NUh14VHGPHx4WN3VNcmBXCHiJbEmgu77KDrVLdZ7iAlMrbZ4al3MWKw5Y0z30dtRtutWP39AhEnXhSDeNiYDdBxYY8qWjI8IEowIGxBJZ3EyflJBPCX3kgn2OKydgR/8NHZXiYDo20AQ9WWMBQ19jjfiPEMw8eCQqfDDjN69YE0TqJXGeGuY0iMWV9ryesIl5TYZeqxPqObINZ2sOQhIfjT53LOPvmKveFBGF8mS5y0zPSE2Jr/zgwn7A9JTPOsujFWZJ8yUuoQiYUjqar0oKNHx8T15UDriVsfoxSn+hpDP5YZJAQgLgZBSI6dvVSqKO4m2coFP2MvN+mugsK2T3eTo7cASgs0oal6zBoMlw5pML15AFJoNWhvkoJ4nf3Mb06dBpEZXsZ9CaYUDKZGkuGINn4s2udJTZloIkfrY9kUxIyJZG6c/Mcar0zvPDveQUp4W1lW29EwCbL6GpMluKaW0jVhIbYUcfIuSCINGce6pCsNhIDAg+McrVS9dTqTvjKCCu9s7vBLKOlLTWitpm/lc57ZXV+kDj0NFlwi/tz/2LB93cjr0GLPJokIy2BhFfVXPwH22PHBtePp+04TYWl2V7GqitLLbFI5z+hP6h5vVzwEKZKyg253hEdxVTlQuFdqpXT2PTjBM+BXvlwFMy610tWcO1wbCkHCMXWneR34IurgQlXNgh2kpp6PjIpv2YPU3IIsc+0s9SzPpmiiPJ1uifkLwoCuvp3URfgcv4/H9FVlj7BFQ9DAG8NZCs9wOjOfmRLxPxmTSnE7eo7O7x0+MDl9kjcCAC1Yb59Vo7fO/cUjpYpxJ20PpwZyZDALQi9uIHBcFo5Cq1LISPo2vdq8uWx3FnKDyWpiu9NhVxK3zAKl5yPcm2F54hvUY1NGiwhq/k7d9TxNLQrMn4uT0bFzB5/dWY1l6nnjCFeQZef69/4KzGPnLgWExrvasqfPDB/YyrJNhnv5kF1fDls+J73Xek2hFIO1+ZxXG32uU0t4jMcMmPElCGgc2t/15MRKRDdvvtzpd1jdeYkdts4tnNRmkW5Yd7s4TSK/liJsKQUu1ZsgciGyk0Cf5bYC7ollQnyI5j5ue/IJRQsfEKLIVu2Rr86j/twQCihMRsB+pd+6z9oHoM1WizqABs0w7ivTIzEFsok/qdMsU5TlACRxrdGUB1Npbug+1h2KqpGqS
XñeXñeÆêEÜa¬œ‚
€óǽP¨]uxzT/Kr0h7XRYS2d3Au6HK1Xxpy+gO+LMC7KKdwnT+lX8xMndegoJzU7YZRxVQqfIDFEquis6bE0VF8okUVGQ1tGNtQwCTmyP5A+VaawxX2SxtYdwO2oydBogwaQZSkexubUrXfoeAPd4TzkubtXPMI25Zv1EYxDRG+gHnE5E+1XYK1JTbhVlM6cDGfhhhs/bV9MpiiriJGrdFA0VKgMGwZZpYkkYAroJ9CylVndhXcJpe6sLp3jbTYA9HgkiiPRsmnSZz64YUPPsBx3Q5S/IetM+LbEUrPTAqgS6RUQzT6qvsblh2NQmmKN0B0HOk0i6mZYfgyJmOPc6iNCqXiKm28G5rSZ8pPqiUZqMBBauIuHlDGRbeg4UIOHLqsznsdvTC/nofPaPHcsoo3nstrt2NsYacIC4c1AFD2t1sZO2Njwd5S5Jzg5xTxic8EcPh33OSiQ2bWV+fd7VlhgFOOyLnVlryNDMP39u2yI2vgb5rR6EdfoH5sbctn1IvMqsHRBuTqPUCpuS9B7VMEoJ6nLkg5cyedb7oS3Sx/V4Fxt4JtHU00O53aVTKo6HfGRX51CBh1P7r4Jkqnh6fDE3DgCLWk4a/ZBWTMW95GD7Yu30lBOiojHryWG4McX1lwPiOm5aI9doxmZ680eZqa+vj1C/97jMnfo2HOSbpY18MyB3PPCbTNraPy//7Zw+mwDaplhYGjf9+lAv2aWJ5SBwoPp4JfbiW4+bJCmR9IV4Z4hLxykPTd0OChRxPTrZKnSiKjQiWWvtRsavPFv6XdAtSRviEDHgggXALnTZFuD5ONwjepXtiTPn7p+DwCwHedbZTAM0XWjyfFiVk4OoxrdBhXSfg4xhPTZcI1X1iXUg9qlL7aeWVFl+IskEwhyM8vCf7CUebUeug/8moI/+HZdtCN4huVD9NI+qtWp8ZisX/wiDjxfGAR1AYyvKK4uvGQ9DMflM4dJ5OZYneGJCxUae2no4I9sHMoqrZ78sv89JverMscmmK/El+2IV6kZruuZSveEGc4NbPVGa7QOm9L8A0nR0Hb945zPohwXiaWzeswDHDYf6uBspE8cBtEQ1fSyp/sZ0P7mZ+eHxO4ScpIOmoIb3OC9eq1Z4/9zCo+Qdj3FglmDQco6PLkpIss9YBbSOlbfNR9HBbIDK6jJ1wdOtAzDQFekDR8xeASTEDnJQRtu/bPdrq5s0wh5PW86jDVKJE7qWElAmFhHMHTNYUp5fchncpuklllV2nzYwLkkwJuF5IIaqC5Cyc6Cu3m5u5kA3sIyOSrQc+UBlfi8gt2gAh544yguV3XaN8kuZOQ9LHz8PBddKGtYMt0m4uYLuUV6cH+Gto7N1QohObD3BauqHS0zHp4lIyA1UIO4+dI5dVbeK47cpL6jr3ublTAtTqZZdEYXOo1J3jtcWzrpUKPO8cPJxnyYK4AxGwcchA6WAIP/0MugsQWBl86f#
XñeXñeÆEùaú¬œ‚
€óǽP‰
woi+ZG8Q04Q4cl1fAHqVADpohcPYRG4/HeD6zAdkW8j1B7H8ns6GxqjQ0NtLpfJV9sC9ypmvhaN7GAYTdTuhh20ZEJKbmd€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€q»anADdLeoTkGhKwrvbC2pqBtnZx8oPD7FE+egCZLp4yG0oovvBNP94Z7Boydajfkh99T3Hs0KB+EBtfrMnOy+6VnmcJ7j7x9Q1aoRso+hgkTCPCkwvpirDe+WbtYYEcS073+yLTcgXN9vMpOPzp6ZPMKsCY9HXmLlSjtUyC+qeeZoCYKZIr3uNWUeTuyVh2H7cr9JLvdbQT2mk1LvSbjaKK4qujqEhvKHE06W4yEU1Wf+kpDc9Vzc2FIHMaKNpRRv57096hMwLsNfjSi7HxYDx9SbyWEwMgZtmkfOYUk5lEwTa354sqBLblIWtgP11UcuwhjhFnhbfSkayhAgPsZ6o1uh3NgKg6TQfWXFXNL34Ar9iZpDeixP7aL5X2+yB+VxsTdF0u6KabteuzoC4AQG9Eksw+4JLyg3aKDY5/SlCPx9LexxzKIRPBG2jHjH2ciAVnFWT8JLqh78T9d8+baK6RKd+MAn31zZfVCPbYENVVLzXazxyagwqtlRORSd9neRwr54B6LKkjCn6Dpqtm7Y6t5Xu/QPbiUXZG9vZ+wgFymEx4rdWlEhaCI7aNipKrknQwfsAmEu8we7xu42mbMf7iEbz7MG2xc6HE8/xexBZdwzlRKUmrqFSSAOsg7RMqWuEu8tA9dMuNOG+bEuLGVhBRHtQThqDDRAeLj4Hezc0rpdrLUtGjl9XCF+af7VE1bW0wpqAWG6MRLwFScNH+0dvnfyA9rvLJdN3wzBicW0VC9s9ElQ2p0d0rlGrgN/3s0e3qepXkpxBUzNnMh+BJQvTdvVamynEbNzpX7WOTRkYFq+zn/ZyeeZI8/8I0A6UnE4X8uIlGXPFIozdDUdPd5+j/hH9Wbo1nZ55ZBvA8s+zUW/76fCBmTBRPRdi2Uux7ypFnkdqMU7LepdC/cKTvHx1j3ecMiXUHB1z/gEmVao5log9Ma+xPH8ja3gMsRWGiQUNTK==4Xñt¯éã
€ó¬œ‚½ÇyXñtXñt¯é])ïjPVè
±EOv(€p{
€ó¬œ‚½Ç?ØC@¢ïÅ×Púðùƒ#ÿSMB2À˜ÀVKÂÿþR


keyword_perf.log - (6471 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/16/2019 -- 15:05:01
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            222070          78              78              5609            2847.00         2847.00         0.00           
  flow             989997          340             340             6518            2911.00         2911.00         0.00           
  threshold        411477          93              1               36469           4424.00         3152.00         4438.00        
  content          16365530        2261            1081            4732290         7238.00         11373.00        3450.00        
  pcre             1800042         436             13              43782           4128.00         10741.00        3925.00        
  byte_test        1169561         345             87              76799           3390.00         3530.00         3342.00        
  byte_jump        1020730         344             181             24980           2967.00         2989.00         2942.00        
  flowbits         98733           21              18              8328            4701.00         4671.00         4879.00        
  byte_extract     236705          69              69              17992           3430.00         3430.00         0.00           
  dce_iface        601394          196             0               30395           3068.00         0.00            3068.00        
  asn1             118173          6               0               30181           19695.00        0.00            19695.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            222070          78              78              5609            2847.00         2847.00         0.00           
  flow             989997          340             340             6518            2911.00         2911.00         0.00           
  flowbits         24018           6               3               5091            4003.00         3126.00         4879.00        
  asn1             118173          6               0               30181           19695.00        0.00            19695.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16365530        2261            1081            4732290         7238.00         11373.00        3450.00        
  pcre             1800042         436             13              43782           4128.00         10741.00        3925.00        
  byte_test        1169561         345             87              76799           3390.00         3530.00         3342.00        
  byte_jump        1020730         344             181             24980           2967.00         2989.00         2942.00        
  byte_extract     236705          69              69              17992           3430.00         3430.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         74715           15              15              8328            4981.00         4981.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        411477          93              1               36469           4424.00         3152.00         4438.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        601394          196             0               30395           3068.00         0.00            3068.00        


suricata-4.0.0-etpro-all-perf.txt-2019-05-16-T-15-05-01-05162019.1504-eternalblue.pcap.txt - (20566 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/16/2019 -- 15:05:01. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2012084      1        2        9729471      11.29  18       0        9275313     540526.17   0.00        540526.17  
  2        2018064      1        2        8108160      9.41   17       0        6572549     476950.59   0.00        476950.59  
  3        2102402      1        6        5177727      6.01   18       0        4780902     287651.50   0.00        287651.50  
  4        2103027      1        6        709263       0.82   109      0        389979      6507.00     0.00        6507.00    
  5        2018067      1        3        1732763      2.01   14       0        351279      123768.79   0.00        123768.79  
  6        2018059      1        2        2224159      2.58   94       0        349983      23661.27    0.00        23661.27   
  7        2018061      1        2        1569320      1.82   14       0        332933      112094.29   0.00        112094.29  
  8        2018060      1        2        1860020      2.16   16       0        327090      116251.25   0.00        116251.25  
  9        2018068      1        2        1760864      2.04   15       0        325506      117390.93   0.00        117390.93  
  10       2018062      1        2        1778748      2.06   15       0        325401      118583.20   0.00        118583.20  
  11       2018063      1        3        1730478      2.01   15       0        321513      115365.20   0.00        115365.20  
  12       2018065      1        2        1713195      1.99   15       0        311158      114213.00   0.00        114213.00  
  13       2018066      1        2        1965789      2.28   19       0        298272      103462.58   0.00        103462.58  
  14       2802042      1        3        2644746      3.07   69       0        108930      38329.65    0.00        38329.65   
  15       2820646      1        1        265646       0.31   6        3        96821       44274.33    60687.33    27861.33   
  16       2810018      1        3        3254171      3.78   138      0        85694       23580.95    0.00        23580.95   
  17       2102383      1        21       546282       0.63   18       0        74814       30349.00    0.00        30349.00   
  18       2024217      1        2        1385241      1.61   80       9        73392       17315.51    58012.89    12156.69   
  19       2103003      1        7        519889       0.60   18       0        72270       28882.72    0.00        28882.72   
  20       2012094      1        2        403144       0.47   12       0        62110       33595.33    0.00        33595.33   
  21       2024220      1        2        322132       0.37   12       6        54972       26844.33    39758.83    13929.83   
  22       2102955      1        4        211720       0.25   6        0        49552       35286.67    0.00        35286.67   
  23       2815451      1        2        2033118      2.36   168      0        49541       12101.89    0.00        12101.89   
  24       2810020      1        2        1920206      2.23   109      0        48826       17616.57    0.00        17616.57   
  25       2103030      1        5        168154       0.20   6        0        48460       28025.67    0.00        28025.67   
  26       2800546      1        3        518338       0.60   18       6        47779       28796.56    33216.33    26586.67   
  27       2800542      1        2        226611       0.26   9        0        46377       25179.00    0.00        25179.00   
  28       2102466      1        9        217968       0.25   6        3        45759       36328.00    44784.00    27872.00   
  29       2102472      1        11       200588       0.23   6        0        45722       33431.33    0.00        33431.33   
  30       2103024      1        3        204667       0.24   6        0        45559       34111.17    0.00        34111.17   
  31       2102979      1        4        200337       0.23   6        0        45073       33389.50    0.00        33389.50   
  32       2024216      1        1        409721       0.48   26       1        44859       15758.50    44098.00    14624.92   
  33       2800794      1        5        298741       0.35   12       0        44657       24895.08    0.00        24895.08   
  34       2024219      1        1        945875       1.10   82       0        44475       11535.06    0.00        11535.06   
  35       2819805      1        3        747608       0.87   230      0        44207       3250.47     0.00        3250.47    
  36       2103001      1        5        390702       0.45   109      0        42953       3584.42     0.00        3584.42    
  37       2101919      1        24       52131        0.06   4        0        41471       13032.75    0.00        13032.75   
  38       2025090      1        1        205249       0.24   6        3        40748       34208.17    39960.33    28456.00   
  39       2102471      1        12       154351       0.18   6        0        39406       25725.17    0.00        25725.17   
  40       2008307      1        3        446941       0.52   147      0        39385       3040.41     0.00        3040.41    
  41       2103040      1        5        172560       0.20   6        0        39383       28760.00    0.00        28760.00   
  42       2024430      1        3        1005088      1.17   80       0        37825       12563.60    0.00        12563.60   
  43       2024218      1        2        233064       0.27   9        3        37711       25896.00    28897.33    24395.33   
  44       2001569      1        15       1144485      1.33   78       78       36247       14672.88    14672.88    0.00       
  45       2805141      1        4        5105569      5.92   893      0        36077       5717.32     0.00        5717.32    
  46       2828876      1        1        1517300      1.76   534      0        34458       2841.39     0.00        2841.39    
  47       2103046      1        5        171561       0.20   12       0        33959       14296.75    0.00        14296.75   
  48       2103022      1        4        147722       0.17   6        0        33530       24620.33    0.00        24620.33   
  49       2816380      1        1        114127       0.13   31       0        32436       3681.52     0.00        3681.52    
  50       2014958      1        1        244034       0.28   18       0        30515       13557.44    0.00        13557.44   
  51       2103056      1        5        188672       0.22   12       0        30428       15722.67    0.00        15722.67   
  52       2103032      1        5        159282       0.18   6        0        30110       26547.00    0.00        26547.00   
  53       2015986      1        5        848962       0.99   294      0        29688       2887.63     0.00        2887.63    
  54       2017944      1        5        998537       1.16   69       0        29170       14471.55    0.00        14471.55   
  55       2103038      1        5        141794       0.16   6        0        28716       23632.33    0.00        23632.33   
  56       2103048      1        5        173123       0.20   12       0        27988       14426.92    0.00        14426.92   
  57       2807546      1        6        278687       0.32   87       0        27137       3203.30     0.00        3203.30    
  58       2102468      1        9        141406       0.16   6        0        26971       23567.67    0.00        23567.67   
  59       2800796      1        5        258610       0.30   12       0        26858       21550.83    0.00        21550.83   
  60       2102511      1        10       418260       0.49   109      0        26739       3837.25     0.00        3837.25    
  61       2103054      1        5        154257       0.18   12       0        26416       12854.75    0.00        12854.75   
  62       2102523      1        8        255988       0.30   78       0        24515       3281.90     0.00        3281.90    
  63       2008302      1        3        396043       0.46   138      0        24213       2869.88     0.00        2869.88    
  64       2008303      1        3        70687        0.08   12       0        23766       5890.58     0.00        5890.58    
  65       2024297      1        2        61310        0.07   3        3        22954       20436.67    20436.67    0.00       
  66       2025019      1        1        380186       0.44   138      0        21974       2754.97     0.00        2754.97    
  67       2102190      1        5        591258       0.69   207      0        21762       2856.32     0.00        2856.32    
  68       2022547      1        1        125455       0.15   28       0        21456       4480.54     0.00        4480.54    
  69       2100538      1        17       36071        0.04   6        0        20244       6011.83     0.00        6011.83    
  70       2025018      1        2        205091       0.24   72       0        19640       2848.49     0.00        2848.49    
  71       2018558      1        5        830888       0.96   300      0        18603       2769.63     0.00        2769.63    
  72       2017935      1        3        1050882      1.22   370      0        18241       2840.22     0.00        2840.22    
  73       2100327      1        10       205908       0.24   69       0        18121       2984.17     0.00        2984.17    
  74       2811034      1        1        257375       0.30   81       0        17591       3177.47     0.00        3177.47    
  75       2809487      1        2        395529       0.46   138      0        17562       2866.15     0.00        2866.15    
  76       2008306      1        3        470428       0.55   168      0        17310       2800.17     0.00        2800.17    
  77       2103035      1        9        333548       0.39   109      0        17303       3060.07     0.00        3060.07    
  78       2103019      1        5        327969       0.38   109      0        16209       3008.89     0.00        3008.89    
  79       2014956      1        1        222964       0.26   18       0        16192       12386.89    0.00        12386.89   
  80       2821015      1        1        209724       0.24   69       0        16030       3039.48     0.00        3039.48    
  81       2103002      1        5        320588       0.37   109      0        15870       2941.17     0.00        2941.17    
  82       2024774      1        2        740441       0.86   276      0        15732       2682.76     0.00        2682.76    
  83       2103159      1        4        256855       0.30   87       0        15536       2952.36     0.00        2952.36    
  84       2103239      1        4        194403       0.23   69       0        15516       2817.43     0.00        2817.43    
  85       2102523      1        8        226086       0.26   78       0        6179        2898.54     0.00        2898.54    
  86       2103238      1        4        211044       0.24   79       0        5117        2671.44     0.00        2671.44    
  87       2021976      1        2        54402        0.06   18       0        5028        3022.33     0.00        3022.33    
  88       2024777      1        2        29818        0.03   9        0        4796        3313.11     0.00        3313.11    
  89       2001330      1        8        86720        0.10   27       0        4731        3211.85     0.00        3211.85    
  90       2022546      1        1        61058        0.07   18       0        4686        3392.11     0.00        3392.11    
  91       2101229      1        8        15499        0.02   4        0        4658        3874.75     0.00        3874.75    
  92       2826236      1        2        44850        0.05   13       0        4614        3450.00     0.00        3450.00    
  93       2003089      1        4        181108       0.21   69       0        4487        2624.75     0.00        2624.75    
  94       2018281      1        4        232916       0.27   87       0        4485        2677.20     0.00        2677.20    
  95       2101973      1        11       19829        0.02   6        0        4428        3304.83     0.00        3304.83    
  96       2102470      1        12       19542        0.02   6        0        4404        3257.00     0.00        3257.00    
  97       2810452      1        3        195709       0.23   72       0        4341        2718.18     0.00        2718.18    
  98       2800795      1        5        40844        0.05   12       0        4340        3403.67     0.00        3403.67    
  99       2009387      1        4        222190       0.26   80       0        4310        2777.38     0.00        2777.38    
  100      2103026      1        5        20044        0.02   6        0        4289        3340.67     0.00        3340.67    
  101      2809271      1        2        314502       0.36   117      0        4275        2688.05     0.00        2688.05    
  102      2810650      1        1        318742       0.37   117      0        4262        2724.29     0.00        2724.29    
  103      2103158      1        6        861489       1.00   321      0        4181        2683.77     0.00        2683.77    
  104      2811637      1        1        102721       0.12   37       0        4148        2776.24     0.00        2776.24    
  105      2805446      1        5        41789        0.05   12       0        4146        3482.42     0.00        3482.42    
  106      2102401      1        5        56126        0.07   18       0        4108        3118.11     0.00        3118.11    
  107      2102103      1        10       41981        0.05   12       0        4104        3498.42     0.00        3498.42    
  108      2806162      1        2        11081        0.01   3        0        4068        3693.67     0.00        3693.67    
  109      2800797      1        5        41908        0.05   12       0        4016        3492.33     0.00        3492.33    
  110      2821020      1        2        11112        0.01   3        0        4015        3704.00     0.00        3704.00    
  111      2804982      1        2        37859        0.04   12       0        3991        3154.92     0.00        3154.92    
  112      2802161      1        1        192420       0.22   72       0        3990        2672.50     0.00        2672.50    
  113      2827604      1        2        18829        0.02   6        0        3960        3138.17     0.00        3138.17    
  114      2101904      1        8        3938         0.00   1        0        3938        3938.00     0.00        3938.00    
  115      2816381      1        1        105004       0.12   39       0        3884        2692.41     0.00        2692.41    
  116      2103029      1        6        306249       0.36   109      0        3814        2809.62     0.00        2809.62    
  117      2018283      1        5        34026        0.04   10       0        3798        3402.60     0.00        3402.60    
  118      2021977      1        6        32856        0.04   10       0        3798        3285.60     0.00        3285.60    
  119      2103050      1        5        36135        0.04   12       0        3779        3011.25     0.00        3011.25    
  120      2018291      1        1        153266       0.18   57       0        3715        2688.88     0.00        2688.88    
  121      2103018      1        5        19286        0.02   6        0        3672        3214.33     0.00        3214.33    
  122      2823334      1        2        187613       0.22   72       0        3634        2605.74     0.00        2605.74    
  123      2101621      1        12       13277        0.02   4        0        3562        3319.25     0.00        3319.25    
  124      2024435      1        1        181697       0.21   69       0        3541        2633.29     0.00        2633.29    
  125      2021978      1        6        5

This file has been truncated. Go here to download in full.


suricata-report-2019-05-16-T-15-05-01-05162019.1504-eternalblue.pcap.txt - (17768 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4056e7e10cebd32c99d694f6a6a649f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05162019.1504-eternalblue.pcap -vvv -k none
elapsedtime:26.928474
stderr:
stdout:
16/5/2019 -- 15:04:34 - <Info> - Configuration node 'rule-files' redefined.
16/5/2019 -- 15:04:34 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/5/2019 -- 15:04:34 - <Info> - CPUs/cores online: 1
16/5/2019 -- 15:04:34 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33512 and 'request-body-inspect-window' set to 16406 after randomization.
16/5/2019 -- 15:04:34 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31607 and 'response-body-inspect-window' set to 15689 after randomization.
16/5/2019 -- 15:04:34 - <Config> - DNS request flood protection level: 500
16/5/2019 -- 15:04:34 - <Config> - DNS per flow memcap (state-memcap): 524288
16/5/2019 -- 15:04:34 - <Config> - DNS global memcap: 16777216
16/5/2019 -- 15:04:34 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/5/2019 -- 15:04:34 - <Config> - preallocated 1000 hosts of size 136
16/5/2019 -- 15:04:34 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/5/2019 -- 15:04:34 - <Config> - using magic-file /usr/share/file/magic
16/5/2019 -- 15:04:34 - <Config> - Core dump size is unlimited.
16/5/2019 -- 15:04:34 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/5/2019 -- 15:04:34 - <Config> - preallocated 1000 defrag trackers of size 168
16/5/2019 -- 15:04:34 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/5/2019 -- 15:04:34 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/5/2019 -- 15:04:34 - <Config> - stream "memcap": 33554432
16/5/2019 -- 15:04:34 - <Config> - stream "midstream" session pickups: disabled
16/5/2019 -- 15:04:34 - <Config> - stream "async-oneside": disabled
16/5/2019 -- 15:04:34 - <Config> - stream "checksum-validation": disabled
16/5/2019 -- 15:04:34 - <Config> - stream."inline": disabled
16/5/2019 -- 15:04:34 - <Config> - stream "bypass": disabled
16/5/2019 -- 15:04:34 - <Config> - stream "max-synack-queued": 5
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly "memcap": 134217728
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly "depth": 0
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly "toserver-chunk-size": 2552
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly "toclient-chunk-size": 2485
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly.raw: enabled
16/5/2019 -- 15:04:34 - <Config> - stream.reassembly "segment-prealloc": 2048
16/5/2019 -- 15:04:34 - <Config> - Delayed detect disabled
16/5/2019 -- 15:04:34 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/5/2019 -- 15:04:34 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/5/2019 -- 15:04:34 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/5/2019 -- 15:04:34 - <Config> - prefilter engines: MPM
16/5/2019 -- 15:04:34 - <Config> - IP reputation disabled
16/5/2019 -- 15:04:34 - <Perf> - Registered 148 keyword profiling counters.
16/5/2019 -- 15:04:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/5/2019 -- 15:04:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/5/2019 -- 15:04:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/5/2019 -- 15:04:40 - <Config> - No rules loaded from ET-icmp.rules.
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/5/2019 -- 15:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/5/2019 -- 15:04:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/5/2019 -- 15:04:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/5/2019 -- 15:04:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/5/2019 -- 15:04:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/5/2019 -- 15:04:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/5/2019 -- 15:04:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/5/2019 -- 15:04:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/5/2019 -- 15:04:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/5/2019 -- 15:04:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/5/2019 -- 15:04:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/5/2019 -- 15:04:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/5/2019 -- 15:04:48 - <Config> - No rules loaded from local.rules.
16/5/2019 -- 15:04:48 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/5/2019 -- 15:04:48 - <Info> - Threshold config parsed: 0 rule(s) found
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tcp-packet
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tcp-stream
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for udp-packet
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for other-ip
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_uri
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_request_line
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_client_body
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_response_line
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_header
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_header
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_header_names
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_header_names
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_accept
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_accept_enc
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_accept_lang
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_referer
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_connection
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_content_len
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_content_len
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_content_type
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_content_type
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_protocol
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_protocol
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_start
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_start
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_raw_header
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_raw_header
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_method
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_cookie
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_cookie
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_raw_uri
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_user_agent
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_host
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_raw_host
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_stat_msg
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_stat_code
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for dns_query
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tls_sni
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for dce_stub_data
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for dce_stub_data
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for ssh_protocol
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for ssh_protocol
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for ssh_software
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for ssh_software
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for file_data
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for file_data
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_request_line
16/5/2019 -- 15:04:48 - <Perf> - using shared mpm ctx' for http_response_line
16/5/2019 -- 15:04:48 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/5/2019 -- 15:04:48 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/5/2019 -- 15:04:49 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/5/2019 -- 15:04:49 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/5/2019 -- 15:04:49 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/5/2019 -- 15:04:49 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/5/2019 -- 15:04:49 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/5/2019 -- 15:04:49 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/5/2019 -- 15:04:56 - <Perf> - Unique rule groups: 104
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/5/2019 -- 15:04:56 - <Perf> - Builtin MPM "other IP packet": 3
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_header": 10
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_header": 6
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_start": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_method": 5
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver http_host": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toserver file_data": 1
16/5/2019 -- 15:04:56 - <Perf> - AppLayer MPM "toclient file_data": 7
16/5/2019 -- 15:04:59 - <Perf> - Registered 39590 rule profiling counters.
16/5/2019 -- 15:04:59 - <Info> - fast output device (regular) initialized: alert
16/5/2019 -- 15:04:59 - <Info> - eve-log output device (regular) initialized: eve.json
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'alert'
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'http'
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'dns'
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'tls'
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'files'
16/5/2019 -- 15:04:59 - <Config> - enabling 'eve-log' module 'ssh'
16/5/2019 -- 15:04:59 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/5/2019 -- 15:04:59 - <Info> - stats output device (regular) initialized: stats.log
16/5/2019 -- 15:04:59 - <Config> - AutoFP mode using "Hash" flow load balancer
16/5/2019 -- 15:04:59 - <Info> - reading pcap file /var/pcap/05162019.1504-eternalblue.pcap
16/5/2019 -- 15:04:59 - <Config> - using 1 flow manager threads
16/5/2019 -- 15:04:59 -

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1151 bytes) - download
1
2
3
4
5
6
7
8
2019-05-16 15:04:33,720 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-16 15:04:34,522 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-16 15:04:34,522 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-16 15:04:34,523 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-16 15:04:34,523 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-16 15:04:34,523 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4056e7e10cebd32c99d694f6a6a649f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05162019.1504-eternalblue.pcap -vvv -k none
2019-05-16 15:05:01,455 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-16 15:05:01,456 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.7462601662