Filename: pcap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.6291918755 seconds
Hash: 40afe28da396d813813f6d1aef387372
Uploaded: 1559744821

Logfiles


packet_stats.log - (16408 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1          4093471        4093471       4093471          4.1m    0.04
 IPv4       2            14          1940485       69089477      26819412        375.5m    4.04
 IPv4       6            47          1980693       55573552      47034320          2.2b   23.78
 IPv4      17           152          2441769       75436808      44117981          6.7b   72.14
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1           148101         148101        148101        148.1k    0.15
TMM_FLOWWORKER              IPv4       2            14            88816         150996        101504          1.4m    1.41
TMM_FLOWWORKER              IPv4       6            47            68051        4905127        285158         13.4m   13.27
TMM_FLOWWORKER              IPv4      17           152           118159       16434214        480406         73.0m   72.28
TMM_RECEIVEPCAPFILE         IPv4       1             1             3126           3126          3126          3.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            14             2553           3229          2891         40.5k    0.04
TMM_RECEIVEPCAPFILE         IPv4       6            43             2546           3520          2839        122.1k    0.12
TMM_RECEIVEPCAPFILE         IPv4      17           152             2544       11682780         79780         12.1m   12.00
TMM_DECODEPCAPFILE          IPv4       1             1            20959          20959         20959         21.0k    0.02
TMM_DECODEPCAPFILE          IPv4       2            14             2675          11593          3624         50.7k    0.05
TMM_DECODEPCAPFILE          IPv4       6            43             2658          18647          3290        141.5k    0.14
TMM_DECODEPCAPFILE          IPv4      17           152             2670          42738          3465        526.7k    0.52

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             3409           3409          3409          3.4k  0.01  
flow                    IPv4       6            43             2863          18884          3745        161.1k  0.24  
flow                    IPv4      17           152             2702          27295          4502        684.4k  1.03  
stream                  IPv4       6            47             3041         426491         24591          1.2m  1.75  
app-layer               IPv4      17           152             2536         384109         10959          1.7m  2.52  
detect                  IPv4       1             1           136134         136134        136134        136.1k  0.21  
detect                  IPv4       2            14            83333         145246         95741          1.3m  2.03  
detect                  IPv4       6            47            44583        4592456        231693         10.9m  16.47 
detect                  IPv4      17           152           101703        9268225        328601         49.9m  75.53 
tcp-prune               IPv4       6            47             2551          11748          3163        148.7k  0.22  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            11887          13278         12582         25.2k  6.75  
tls                     IPv4       6             6             2650           4942          3211         19.3k  5.17  
dns                     IPv4      17            68             3422          24794          4825        328.2k  88.07 
Proto detect            IPv4       6             1            10900          10900         10900         10.9k
Proto detect            IPv4      17            75             2810          26145          4483        336.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            62            27141       15696447        295157         18.3m  98.32 
LOGGER_JSON_HTTP            IPv4       6             1           151044         151044        151044        151.0k  0.81  
LOGGER_JSON_TLS             IPv4       6             3             2597           3262          2890          8.7k  0.05  
LOGGER_JSON_FILE            IPv4       6             1           153286         153286        153286        153.3k  0.82  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            17047          17047         17047        17.0k  0.45  
payload                           IPv4       6            17             2584         160314         32723       556.3k  14.77 
payload                           IPv4      17           152             3135          50532         11551         1.8m  46.61 
stream                            IPv4       6            17             2551         265274         37165       631.8k  16.77 
http_uri                          IPv4       6             1            28849          28849         28849        28.8k  0.77  
http_request_line                 IPv4       6             1             9220           9220          9220         9.2k  0.24  
http_client_body                  IPv4       6             1             4231           4231          4231         4.2k  0.11  
http_header (request)             IPv4       6             1           147550         147550        147550       147.6k  3.92  
http_header (request trailer)     IPv4       6             1             2978           2978          2978         3.0k  0.08  
http_header_names (request)       IPv4       6             1            42774          42774         42774        42.8k  1.14  
http_accept (request)             IPv4       6             1             7916           7916          7916         7.9k  0.21  
http_referer (request)            IPv4       6             1             3436           3436          3436         3.4k  0.09  
http_content_len (request)        IPv4       6             1             4080           4080          4080         4.1k  0.11  
http_content_type (request)       IPv4       6             1             3514           3514          3514         3.5k  0.09  
http_protocol (request)           IPv4       6             1             8088           8088          8088         8.1k  0.21  
http_start (request)              IPv4       6             1            21458          21458         21458        21.5k  0.57  
http_raw_header (request)         IPv4       6             1            20633          20633         20633        20.6k  0.55  
http_method                       IPv4       6             1             7331           7331          7331         7.3k  0.19  
http_cookie (request)             IPv4       6             1             4235           4235          4235         4.2k  0.11  
http_raw_uri                      IPv4       6             1             6975           6975          6975         7.0k  0.19  
http_user_agent                   IPv4       6             1            53141          53141         53141        53.1k  1.41  
http_host                         IPv4       6             1            10184          10184         10184        10.2k  0.27  
dns_query                         IPv4      17            31             3109          69091          8778       272.1k  7.22  
tls_sni                           IPv4       6             6             2591           8992          4157        24.9k  0.66  
http_response_line                IPv4       6             1             8654           8654          8654         8.7k  0.23  
http_header (response)            IPv4       6             1            50737          50737         50737        50.7k  1.35  
http_header (response trailer)    IPv4       6             1             2647           2647          2647         2.6k  0.07  
http_content_type (response)      IPv4       6             1            12928          12928         12928        12.9k  0.34  
http_raw_header (response)        IPv4       6             1            10071          10071         10071        10.1k  0.27  
http_cookie (response)            IPv4       6             1             4671           4671          4671         4.7k  0.12  
http_stat_code                    IPv4       6             1             7128           7128          7128         7.1k  0.19  
tls_cert_issuer                   IPv4       6             3             2802           3551          3083         9.2k  0.25  
tls_cert_subject                  IPv4       6             3             2565           2899          2689         8.1k  0.21  
tls_cert_serial                   IPv4       6             3             2588           2623          2609         7.8k  0.21  
Total                             IPv4                   258                                         14599         3.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             1            36810          36810         36810         36.8k  0.06  
PROF_DETECT_IPONLY          IPv4       2            14            36398          93456         44847        627.9k  0.96  
PROF_DETECT_IPONLY          IPv4       6            10            10273          66477         43019        430.2k  0.66  
PROF_DETECT_IPONLY          IPv4      17            75            36775         445092         48621          3.6m  5.57  
PROF_DETECT_RULES           IPv4       1             1            22755          22755         22755         22.8k  0.03  
PROF_DETECT_RULES           IPv4       2            14             2538           3232          2658         37.2k  0.06  
PROF_DETECT_RULES           IPv4       6            47             2540        3862528        117935          5.5m  8.47  
PROF_DETECT_RULES           IPv4      17           152            44115         552629        140262         21.3m  32.58 
PROF_DETECT_STATEFUL_START    IPv4       6             5             4104        2072806        447684          2.2m  3.42  
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             2525           2525          2525          2.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2522           2980          2656         37.2k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv4       6            47             2733          26022          5895        277.1k  0.42  
PROF_DETECT_STATEFUL_CONT    IPv4      17           152             2518          59434          5261        799.7k  1.22  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            24             2571           3229          2715         65.2k  0.10  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            62             2584          23180          3148        195.2k  0.30  
PROF_DETECT_PREFILTER       IPv4       1             1            38805          38805         38805         38.8k  0.06  
PROF_DETECT_PREFILTER       IPv4       2            14             7780          11670          8874        124.2k  0.19  
PROF_DETECT_PREFILTER       IPv4       6            47             7719         681764         57564          2.7m  4.13  
PROF_DETECT_PREFILTER       IPv4      17           152            24103        9141258        107489         16.3m  24.97 
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            22353          22353         22353         22.4k  0.03  
PROF_DETECT_PF_PAYLOAD      IPv4       6            17            13741         277176         77858          1.3m  2.02  
PROF_DETECT_PF_PAYLOAD      IPv4      17           152             8370         397273         19583          3.0m  4.55  
PROF_DETECT_PF_TX           IPv4       6            24             2661         441523         30703        736.9k  1.13  
PROF_DETECT_PF_TX           IPv4      17            31             8316          75409         15154        469.8k  0.72  
PROF_DETECT_PF_SORT1        IPv4       1             1             2619           2619          2619          2.6k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6            14             2597          12779          3971         55.6k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17           152             2602           5369          3706        563.3k  0.86  
PROF_DETECT_PF_SORT2        IPv4       1             1             3245           3245          3245          3.2k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            14             2529           3170          2739         38.4k  0.06  
PROF_DETECT_PF_SORT2        IPv4       6            47             2528           6023          2992        140.6k  0.21  
PROF_DETECT_PF_SORT2        IPv4      17           152             2555         385319          5767        876.7k  1.34  
PROF_DETECT_NONMPMLIST      IPv4       1             1             2549           2549          2549          2.5k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2547           3973          2809         39.3k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       6            47             2583           4380          3016        141.8k  0.22  
PROF_DETECT_NONMPMLIST      IPv4      17           152             2531          19574          3050        463.7k  0.71  
PROF_DETECT_ALERT           IPv4       1             1             2571           2571          2571          2.6k  0.00  
PROF_DETECT_ALERT           IPv4       2            14             2534           3094          2655         37.2k  0.06  
PROF_DETECT_ALERT           IPv4       6            47             2531          48954          3697        173.8k  0.27  
PROF_DETECT_ALERT           IPv4      17           152             2531         389276          5386        818.7k  1.25  
PROF_DETECT_CLEANUP         IPv4       1             1             2647           2647          2647          2.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            14             2527           2885          2612         36.6k  0.06  
PROF_DETECT_CLEANUP         IPv4       6            47             2577          19386          3599        169.2k  0.26  
PROF_DETECT_CLEANUP         IPv4      17           152             2527          14561          3092        470.0k  0.72  
PROF_DETECT_GETSGH          IPv4       1             1             2822           2822          2822          2.8k  0.00  
PROF_DETECT_GETSGH          IPv4       2            14             2557          21777          4179         58.5k  0.09  
PROF_DETECT_GETSGH          IPv4       6            47             2546          12847          3671        172.6k  0.26  
PROF_DETECT_GETSGH          IPv4      17           152             2527         386185          753

This file has been truncated. Go here to download in full.


suricata-report-2019-06-05-T-14-27-27-06052019.1427-pcap.pcap.txt - (17429 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/40afe28da396d813813f6d1aef38737256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06052019.1427-pcap.pcap -vvv -k none
elapsedtime:24.335158
stderr:
stdout:
5/6/2019 -- 14:27:02 - <Info> - Configuration node 'rule-files' redefined.
5/6/2019 -- 14:27:02 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/6/2019 -- 14:27:02 - <Info> - CPUs/cores online: 1
5/6/2019 -- 14:27:02 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33998 and 'request-body-inspect-window' set to 16987 after randomization.
5/6/2019 -- 14:27:02 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31195 and 'response-body-inspect-window' set to 16913 after randomization.
5/6/2019 -- 14:27:02 - <Config> - DNS request flood protection level: 500
5/6/2019 -- 14:27:02 - <Config> - DNS per flow memcap (state-memcap): 524288
5/6/2019 -- 14:27:02 - <Config> - DNS global memcap: 16777216
5/6/2019 -- 14:27:02 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/6/2019 -- 14:27:02 - <Config> - preallocated 1000 hosts of size 136
5/6/2019 -- 14:27:02 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/6/2019 -- 14:27:02 - <Config> - using magic-file /usr/share/file/magic
5/6/2019 -- 14:27:02 - <Config> - Core dump size is unlimited.
5/6/2019 -- 14:27:03 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/6/2019 -- 14:27:03 - <Config> - preallocated 1000 defrag trackers of size 168
5/6/2019 -- 14:27:03 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/6/2019 -- 14:27:03 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/6/2019 -- 14:27:03 - <Config> - stream "memcap": 33554432
5/6/2019 -- 14:27:03 - <Config> - stream "midstream" session pickups: disabled
5/6/2019 -- 14:27:03 - <Config> - stream "async-oneside": disabled
5/6/2019 -- 14:27:03 - <Config> - stream "checksum-validation": disabled
5/6/2019 -- 14:27:03 - <Config> - stream."inline": disabled
5/6/2019 -- 14:27:03 - <Config> - stream "bypass": disabled
5/6/2019 -- 14:27:03 - <Config> - stream "max-synack-queued": 5
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly "memcap": 134217728
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly "depth": 0
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly "toserver-chunk-size": 2542
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly "toclient-chunk-size": 2532
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly.raw: enabled
5/6/2019 -- 14:27:03 - <Config> - stream.reassembly "segment-prealloc": 2048
5/6/2019 -- 14:27:03 - <Config> - Delayed detect disabled
5/6/2019 -- 14:27:03 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/6/2019 -- 14:27:03 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/6/2019 -- 14:27:03 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/6/2019 -- 14:27:03 - <Config> - prefilter engines: MPM
5/6/2019 -- 14:27:03 - <Config> - IP reputation disabled
5/6/2019 -- 14:27:03 - <Perf> - Registered 148 keyword profiling counters.
5/6/2019 -- 14:27:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/6/2019 -- 14:27:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/6/2019 -- 14:27:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/6/2019 -- 14:27:08 - <Config> - No rules loaded from ET-icmp.rules.
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/6/2019 -- 14:27:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/6/2019 -- 14:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/6/2019 -- 14:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/6/2019 -- 14:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/6/2019 -- 14:27:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/6/2019 -- 14:27:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/6/2019 -- 14:27:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/6/2019 -- 14:27:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/6/2019 -- 14:27:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/6/2019 -- 14:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/6/2019 -- 14:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/6/2019 -- 14:27:16 - <Config> - No rules loaded from local.rules.
5/6/2019 -- 14:27:16 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/6/2019 -- 14:27:16 - <Info> - Threshold config parsed: 0 rule(s) found
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tcp-packet
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tcp-stream
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for udp-packet
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for other-ip
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_uri
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_request_line
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_client_body
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_response_line
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_header
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_header
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_header_names
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_header_names
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_accept
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_accept_enc
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_accept_lang
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_referer
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_connection
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_content_len
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_content_len
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_content_type
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_content_type
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_protocol
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_protocol
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_start
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_start
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_raw_header
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_raw_header
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_method
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_cookie
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_cookie
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_raw_uri
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_user_agent
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_host
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_raw_host
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_stat_msg
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_stat_code
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for dns_query
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tls_sni
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for dce_stub_data
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for dce_stub_data
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for ssh_protocol
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for ssh_protocol
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for ssh_software
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for ssh_software
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for file_data
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for file_data
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_request_line
5/6/2019 -- 14:27:16 - <Perf> - using shared mpm ctx' for http_response_line
5/6/2019 -- 14:27:17 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/6/2019 -- 14:27:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/6/2019 -- 14:27:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/6/2019 -- 14:27:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/6/2019 -- 14:27:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/6/2019 -- 14:27:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/6/2019 -- 14:27:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/6/2019 -- 14:27:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/6/2019 -- 14:27:23 - <Perf> - Unique rule groups: 104
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/6/2019 -- 14:27:23 - <Perf> - Builtin MPM "other IP packet": 3
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_header": 10
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_header": 6
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_start": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_method": 5
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver http_host": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toserver file_data": 1
5/6/2019 -- 14:27:23 - <Perf> - AppLayer MPM "toclient file_data": 7
5/6/2019 -- 14:27:26 - <Perf> - Registered 39590 rule profiling counters.
5/6/2019 -- 14:27:26 - <Info> - fast output device (regular) initialized: alert
5/6/2019 -- 14:27:26 - <Info> - eve-log output device (regular) initialized: eve.json
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'alert'
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'http'
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'dns'
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'tls'
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'files'
5/6/2019 -- 14:27:26 - <Config> - enabling 'eve-log' module 'ssh'
5/6/2019 -- 14:27:26 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/6/2019 -- 14:27:26 - <Info> - stats output device (regular) initialized: stats.log
5/6/2019 -- 14:27:26 - <Config> - AutoFP mode using "Hash" flow load balancer
5/6/2019 -- 14:27:26 - <Info> - reading pcap file /var/pcap/06052019.1427-pcap.pcap
5/6/2019 -- 14:27:26 - <Config> - using 1 flow manager threads
5/6/2019 -- 14:27:26 - <Config> - using 1 flow recycler threads
5/6/2019 -- 14:27:26 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
5/6/2019 -- 14:27:26 - <Info> - pcap file end of file

This file has been truncated. Go here to download in full.


stats.log - (2987 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 6/5/2019 -- 14:27:27 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 236
decoder.bytes                              | Total                     | 24333
decoder.ipv4                               | Total                     | 210
decoder.ethernet                           | Total                     | 236
decoder.tcp                                | Total                     | 43
decoder.udp                                | Total                     | 152
decoder.icmpv4                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 103
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 44
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 5
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 3
app_layer.flow.dns_udp                     | Total                     | 31
app_layer.tx.dns_udp                       | Total                     | 31
app_layer.flow.failed_udp                  | Total                     | 13
flow.spare                                 | Total                     | 9994
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076320


eve.json - (22250 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2019-05-18T08:46:03.712242+0000","flow_id":761668532166194,"pcap_cnt":48,"event_type":"dns","src_ip":"192.168.56.104","src_port":59436,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60444,"rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:03.733127+0000","flow_id":1590446896394183,"pcap_cnt":53,"event_type":"dns","src_ip":"192.168.56.104","src_port":53355,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27884,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:03.733548+0000","flow_id":824606982877548,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.56.104","src_port":51353,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49838,"rrname":"e.2.6.8.0.e.b.7.c.e.7.8.7.0.d.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:03.733723+0000","flow_id":1084564173435419,"pcap_cnt":55,"event_type":"dns","src_ip":"192.168.56.104","src_port":54557,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42366,"rrname":"120.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:03.959729+0000","flow_id":761668532166194,"pcap_cnt":60,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":59436,"proto":"UDP","dns":{"type":"answer","id":60444,"rcode":"NOERROR","rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:03.960343+0000","flow_id":1084564173435419,"pcap_cnt":63,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":54557,"proto":"UDP","dns":{"type":"answer","id":42366,"rcode":"NOERROR","rrname":"120.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:03.960831+0000","flow_id":1590446896394183,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":53355,"proto":"UDP","dns":{"type":"answer","id":27884,"rcode":"NOERROR","rrname":"113.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:03.979398+0000","flow_id":824606982877548,"pcap_cnt":65,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":51353,"proto":"UDP","dns":{"type":"answer","id":49838,"rcode":"NOERROR","rrname":"e.2.6.8.0.e.b.7.c.e.7.8.7.0.d.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:10.465885+0000","flow_id":844140494592989,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.56.104","src_port":63866,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37706,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:10.466718+0000","flow_id":1038290196242206,"pcap_cnt":118,"event_type":"dns","src_ip":"192.168.56.104","src_port":59556,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31557,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:10.691637+0000","flow_id":1038290196242206,"pcap_cnt":119,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":59556,"proto":"UDP","dns":{"type":"answer","id":31557,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:10.692319+0000","flow_id":844140494592989,"pcap_cnt":120,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":63866,"proto":"UDP","dns":{"type":"answer","id":37706,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:11.087126+0000","flow_id":1730789248291926,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.56.104","src_port":50901,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20502,"rrname":"google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-18T08:46:11.208352+0000","flow_id":1730789248291926,"pcap_cnt":122,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":50901,"proto":"UDP","dns":{"type":"answer","id":20502,"rcode":"NOERROR","rrname":"google.com","rrtype":"A","ttl":0,"rdata":"172.217.21.142"}}
{"timestamp":"2019-05-18T08:46:11.335805+0000","flow_id":1336206307843049,"pcap_cnt":130,"event_type":"http","src_ip":"192.168.56.104","src_port":49168,"dest_ip":"172.217.21.142","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"google.com","url":"\/switch\/?fzVf=JZkBMQ&t=rCwRNBBgBfmd86","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-18T08:46:11.835318+0000","flow_id":29020126428918,"pcap_cnt":132,"event_type":"dns","src_ip":"192.168.56.104","src_port":64601,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28119,"rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:11.871355+0000","flow_id":1630514646830011,"pcap_cnt":133,"event_type":"dns","src_ip":"192.168.56.104","src_port":56266,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40699,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:11.915999+0000","flow_id":1036602274216479,"pcap_cnt":134,"event_type":"dns","src_ip":"192.168.56.104","src_port":49871,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19147,"rrname":"142.21.217.172.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:12.042285+0000","flow_id":1036602274216479,"pcap_cnt":135,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":49871,"proto":"UDP","dns":{"type":"answer","id":19147,"rcode":"NOERROR","rrname":"142.21.217.172.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:12.084399+0000","flow_id":29020126428918,"pcap_cnt":136,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":64601,"proto":"UDP","dns":{"type":"answer","id":28119,"rcode":"NOERROR","rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:12.105262+0000","flow_id":1630514646830011,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":56266,"proto":"UDP","dns":{"type":"answer","id":40699,"rcode":"NOERROR","rrname":"110.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:12.175101+0000","flow_id":601333108616189,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.56.104","src_port":58700,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36833,"rrname":"webcom-live.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-18T08:46:12.433084+0000","flow_id":601333108616189,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":58700,"proto":"UDP","dns":{"type":"answer","id":36833,"rcode":"NOERROR","rrname":"webcom-live.com","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:19.462133+0000","flow_id":869390607912245,"pcap_cnt":174,"event_type":"dns","src_ip":"192.168.56.104","src_port":59575,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49922,"rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:19.462557+0000","flow_id":815935444946653,"pcap_cnt":175,"event_type":"dns","src_ip":"192.168.56.104","src_port":61430,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14384,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:19.689917+0000","flow_id":815935444946653,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":61430,"proto":"UDP","dns":{"type":"answer","id":14384,"rcode":"NOERROR","rrname":"112.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:19.709683+0000","flow_id":869390607912245,"pcap_cnt":177,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":59575,"proto":"UDP","dns":{"type":"answer","id":49922,"rcode":"NOERROR","rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:28.464905+0000","flow_id":2024702451390473,"pcap_cnt":178,"event_type":"dns","src_ip":"192.168.56.104","src_port":57346,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2133,"rrname":"a.2.9.f.0.b.a.e.8.b.7.2.c.8.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:28.469264+0000","flow_id":268911230855440,"pcap_cnt":179,"event_type":"dns","src_ip":"192.168.56.104","src_port":58591,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23996,"rrname":"115.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:28.694085+0000","flow_id":268911230855440,"pcap_cnt":180,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":58591,"proto":"UDP","dns":{"type":"answer","id":23996,"rcode":"NOERROR","rrname":"115.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:28.713308+0000","flow_id":2024702451390473,"pcap_cnt":181,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":57346,"proto":"UDP","dns":{"type":"answer","id":2133,"rcode":"NOERROR","rrname":"a.2.9.f.0.b.a.e.8.b.7.2.c.8.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:38.461929+0000","flow_id":108640231885929,"pcap_cnt":182,"event_type":"dns","src_ip":"192.168.56.104","src_port":63811,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54385,"rrname":"4.8.3.9.8.2.4.e.f.7.e.8.1.6.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:38.462476+0000","flow_id":1415006074572428,"pcap_cnt":183,"event_type":"dns","src_ip":"192.168.56.104","src_port":57993,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28034,"rrname":"116.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:38.688911+0000","flow_id":1415006074572428,"pcap_cnt":184,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":57993,"proto":"UDP","dns":{"type":"answer","id":28034,"rcode":"NOERROR","rrname":"116.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:38.705863+0000","flow_id":108640231885929,"pcap_cnt":185,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":63811,"proto":"UDP","dns":{"type":"answer","id":54385,"rcode":"NOERROR","rrname":"4.8.3.9.8.2.4.e.f.7.e.8.1.6.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:46.462149+0000","flow_id":2091575093366085,"pcap_cnt":186,"event_type":"dns","src_ip":"192.168.56.104","src_port":53564,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46228,"rrname":"b.2.b.e.d.6.1.7.4.d.7.b.c.9.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:46.708879+0000","flow_id":2091575093366085,"pcap_cnt":187,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":53564,"proto":"UDP","dns":{"type":"answer","id":46228,"rcode":"NOERROR","rrname":"b.2.b.e.d.6.1.7.4.d.7.b.c.9.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:53.976833+0000","flow_id":168177069582273,"pcap_cnt":188,"event_type":"dns","src_ip":"192.168.56.104","src_port":51865,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12830,"rrname":"9.9.8.2.b.d.8.f.d.f.f.8.a.f.4.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:53.977104+0000","flow_id":1311969810180304,"pcap_cnt":189,"event_type":"dns","src_ip":"192.168.56.104","src_port":49366,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41705,"rrname":"117.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:46:54.203935+0000","flow_id":1311969810180304,"pcap_cnt":190,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":49366,"proto":"UDP","dns":{"type":"answer","id":41705,"rcode":"NOERROR","rrname":"117.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:46:54.222535+0000","flow_id":168177069582273,"pcap_cnt":191,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":51865,"proto":"UDP","dns":{"type":"answer","id":12830,"rcode":"NOERROR","rrname":"9.9.8.2.b.d.8.f.d.f.f.8.a.f.4.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:47:03.492654+0000","flow_id":398078079632494,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.56.104","src_port":60001,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47666,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:47:03.738531+0000","flow_id":398078079632494,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":60001,"proto":"UDP","dns":{"type":"answer","id":47666,"rcode":"NOERROR","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:47:06.493465+0000","flow_id":2035998217897881,"pcap_cnt":194,"event_type":"dns","src_ip":"192.168.56.104","src_port":55622,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":175,"rrname":"109.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:47:06.493708+0000","flow_id":2216176390932620,"pcap_cnt":195,"event_type":"dns","src_ip":"192.168.56.104","src_port":60824,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55438,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-18T08:47:06.723056+0000","flow_id":2216176390932620,"pcap_cnt":196,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":60824,"proto":"UDP","dns":{"type":"answer","id":55438,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:47:06.724233+0000","flow_id":2035998217897881,"pcap_cnt":197,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":55622,"proto":"UDP","dns":{"type":"answer","id":175,"rcode":"NOERROR","rrname":"109.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-18T08:47:09.494635+0000","flow_id":810351990770731,"pcap_cnt":198,"event_type":"dns","src_ip":"192.168.56.104","src_port":59066,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44741,"rrname":"107.56.168.192.in-addr.arpa"

This file has been truncated. Go here to download in full.


keyword_perf.log - (13135 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/5/2019 -- 14:27:27
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             372708          104             104             12952           3583.00         3583.00         0.00           
  threshold        15676           1               0               15676           15676.00        0.00            15676.00       
  content          1923701         519             323             30316           3706.00         3683.00         3743.00        
  pcre             545512          47              5               61543           11606.00        11350.00        11637.00       
  byte_test        778470          263             117             24683           2959.00         3199.00         2768.00        
  byte_jump        40083           9               9               14871           4453.00         4453.00         0.00           
  isdataat         11400           4               1               2921            2850.00         2772.00         2876.00        
  flowbits         27915           7               2               8309            3987.00         6584.00         2949.00        
  urilen           102195          32              15              4085            3193.00         3222.00         3168.00        
  ssl_version      7841            1               1               7841            7841.00         7841.00         0.00           
  byte_extract     14224           4               4               5896            3556.00         3556.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             372708          104             104             12952           3583.00         3583.00         0.00           
  flowbits         19606           6               1               4859            3267.00         4859.00         2949.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1265931         379             234             17815           3340.00         3325.00         3364.00        
  pcre             185285          21              0               61543           8823.00         0.00            8823.00        
  byte_test        778470          263             117             24683           2959.00         3199.00         2768.00        
  byte_jump        40083           9               9               14871           4453.00         4453.00         0.00           
  isdataat         8479            3               1               2903            2826.00         2772.00         2853.00        
  byte_extract     14224           4               4               5896            3556.00         3556.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         8309            1               1               8309            8309.00         8309.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        15676           1               0               15676           15676.00        0.00            15676.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          138621          29              12              30316           4780.00         4005.00         5326.00        
  pcre             215673          16              0               34852           13479.00        0.00            13479.00       
  isdataat         2921            1               0               2921            2921.00         0.00            2921.00        
  urilen           102195          32              15              4085            3193.00         3222.00         3168.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6852            2               0               3618            3426.00         0.00            3426.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          311534          63              46              27849           4944.00         5189.00         4283.00        
  pcre             120214          8               3               26256           15026.00        10803.00        17560.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          47053           12              7               5202            3921.00         3874.00         3986.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7587            2               2               3824            3793.00         3793.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4415            1               1               4415            4415.00         4415.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          130949          28              18              25480           4676.00         4172.00         5584.00        
  pcre             24340           2               2               12784           12170.00        12170.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3528            1               1               3528            3528.00         3528.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7231            2               2               3857            3615.00         3615.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ssl_version      7841            1               1               7841            7841.00         7841.00         0.00           


suricata-4.0.0-etpro-all-perf.txt-2019-06-05-T-14-27-27-06052019.1427-pcap.pcap.txt - (26837 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/5/2019 -- 14:27:27. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010140      1        7        1092084      6.43   136      0        386865      8030.03     0.00        8030.03    
  2        2023620      1        3        643340       3.79   99       0        386551      6498.38     0.00        6498.38    
  3        2023627      1        3        614102       3.61   86       0        385247      7140.72     0.00        7140.72    
  4        2805348      1        4        432136       2.54   6        0        147609      72022.67    0.00        72022.67   
  5        2816940      1        2        88776        0.52   1        0        88776       88776.00    0.00        88776.00   
  6        2022339      1        2        74341        0.44   1        0        74341       74341.00    0.00        74341.00   
  7        2816925      1        3        73655        0.43   1        0        73655       73655.00    0.00        73655.00   
  8        2816909      1        2        70343        0.41   1        0        70343       70343.00    0.00        70343.00   
  9        2816895      1        2        66205        0.39   1        0        66205       66205.00    0.00        66205.00   
  10       2816927      1        3        64687        0.38   1        0        64687       64687.00    0.00        64687.00   
  11       2816910      1        2        64463        0.38   1        0        64463       64463.00    0.00        64463.00   
  12       2025064      1        5        62550        0.37   1        0        62550       62550.00    0.00        62550.00   
  13       2809850      1        2        313359       1.84   17       0        60968       18432.88    0.00        18432.88   
  14       2816525      1        10       58489        0.34   1        0        58489       58489.00    0.00        58489.00   
  15       2023315      1        2        54903        0.32   1        0        54903       54903.00    0.00        54903.00   
  16       2019418      1        5        73073        0.43   2        1        54680       36536.50    54680.00    18393.00   
  17       2828986      1        2        53356        0.31   1        0        53356       53356.00    0.00        53356.00   
  18       2816928      1        3        51514        0.30   1        0        51514       51514.00    0.00        51514.00   
  19       2827279      1        5        49735        0.29   1        0        49735       49735.00    0.00        49735.00   
  20       2023670      1        3        49020        0.29   1        1        49020       49020.00    49020.00    0.00       
  21       2011894      1        19       48645        0.29   1        0        48645       48645.00    0.00        48645.00   
  22       2819673      1        4        47644        0.28   1        0        47644       47644.00    0.00        47644.00   
  23       2009702      1        5        739060       4.35   62       0        47538       11920.32    0.00        11920.32   
  24       2816922      1        5        46830        0.28   1        0        46830       46830.00    0.00        46830.00   
  25       2815817      1        5        46451        0.27   1        0        46451       46451.00    0.00        46451.00   
  26       2816327      1        4        45091        0.27   1        0        45091       45091.00    0.00        45091.00   
  27       2816929      1        4        44472        0.26   1        0        44472       44472.00    0.00        44472.00   
  28       2816930      1        4        44365        0.26   1        0        44365       44365.00    0.00        44365.00   
  29       2016726      1        6        44190        0.26   1        0        44190       44190.00    0.00        44190.00   
  30       2805260      1        4        43878        0.26   1        0        43878       43878.00    0.00        43878.00   
  31       2828122      1        2        43719        0.26   1        0        43719       43719.00    0.00        43719.00   
  32       2018452      1        15       42469        0.25   1        0        42469       42469.00    0.00        42469.00   
  33       2803760      1        3        507339       2.99   31       0        41423       16365.77    0.00        16365.77   
  34       2017567      1        3        41203        0.24   1        0        41203       41203.00    0.00        41203.00   
  35       2022503      1        2        41194        0.24   1        0        41194       41194.00    0.00        41194.00   
  36       2828060      1        4        41162        0.24   1        0        41162       41162.00    0.00        41162.00   
  37       2022502      1        4        40682        0.24   1        0        40682       40682.00    0.00        40682.00   
  38       2820851      1        5        40104        0.24   1        0        40104       40104.00    0.00        40104.00   
  39       2826281      1        2        498711       2.93   31       0        39400       16087.45    0.00        16087.45   
  40       2023875      1        2        38150        0.22   1        0        38150       38150.00    0.00        38150.00   
  41       2019344      1        5        37558        0.22   1        0        37558       37558.00    0.00        37558.00   
  42       2010142      1        4        394677       2.32   136      0        37516       2902.04     0.00        2902.04    
  43       2018358      1        7        37135        0.22   1        0        37135       37135.00    0.00        37135.00   
  44       2014635      1        1        69900        0.41   2        0        36453       34950.00    0.00        34950.00   
  45       2816831      1        2        36411        0.21   1        0        36411       36411.00    0.00        36411.00   
  46       2821839      1        2        36235        0.21   1        0        36235       36235.00    0.00        36235.00   
  47       2022207      1        4        36126        0.21   1        0        36126       36126.00    0.00        36126.00   
  48       2019881      1        3        35858        0.21   1        0        35858       35858.00    0.00        35858.00   
  49       2829848      1        2        35681        0.21   1        0        35681       35681.00    0.00        35681.00   
  50       2830035      1        2        35585        0.21   1        0        35585       35585.00    0.00        35585.00   
  51       2809255      1        3        35328        0.21   1        0        35328       35328.00    0.00        35328.00   
  52       2022049      1        3        35313        0.21   1        0        35313       35313.00    0.00        35313.00   
  53       2830124      1        1        35230        0.21   1        0        35230       35230.00    0.00        35230.00   
  54       2020505      1        2        35228        0.21   1        0        35228       35228.00    0.00        35228.00   
  55       2022262      1        3        34827        0.20   1        0        34827       34827.00    0.00        34827.00   
  56       2017694      1        6        34417        0.20   1        0        34417       34417.00    0.00        34417.00   
  57       2823855      1        7        34256        0.20   1        0        34256       34256.00    0.00        34256.00   
  58       2014701      1        12       722819       4.25   62       0        33587       11658.37    0.00        11658.37   
  59       2022220      1        2        33239        0.20   1        0        33239       33239.00    0.00        33239.00   
  60       2816931      1        3        32993        0.19   1        0        32993       32993.00    0.00        32993.00   
  61       2014634      1        1        63322        0.37   2        0        32658       31661.00    0.00        31661.00   
  62       2024771      1        1        31300        0.18   1        0        31300       31300.00    0.00        31300.00   
  63       2017613      1        9        31099        0.18   1        0        31099       31099.00    0.00        31099.00   
  64       2816526      1        13       30800        0.18   1        0        30800       30800.00    0.00        30800.00   
  65       2015781      1        2        30689        0.18   1        0        30689       30689.00    0.00        30689.00   
  66       2018981      1        4        30041        0.18   1        0        30041       30041.00    0.00        30041.00   
  67       2016858      1        10       30006        0.18   1        0        30006       30006.00    0.00        30006.00   
  68       2812916      1        6        29710        0.17   1        0        29710       29710.00    0.00        29710.00   
  69       2014703      1        9        530093       3.12   62       0        29200       8549.89     0.00        8549.89    
  70       2821615      1        2        29193        0.17   1        0        29193       29193.00    0.00        29193.00   
  71       2008120      1        4        426096       2.51   140      0        28906       3043.54     0.00        3043.54    
  72       2024767      1        2        28684        0.17   1        0        28684       28684.00    0.00        28684.00   
  73       2820031      1        2        28629        0.17   1        0        28629       28629.00    0.00        28629.00   
  74       2815324      1        2        28556        0.17   1        0        28556       28556.00    0.00        28556.00   
  75       2018983      1        7        28453        0.17   1        0        28453       28453.00    0.00        28453.00   
  76       2829644      1        1        28327        0.17   1        0        28327       28327.00    0.00        28327.00   
  77       2826256      1        2        28245        0.17   1        0        28245       28245.00    0.00        28245.00   
  78       2018496      1        9        28179        0.17   1        0        28179       28179.00    0.00        28179.00   
  79       2018242      1        5        28007        0.16   1        0        28007       28007.00    0.00        28007.00   
  80       2025162      1        2        27995        0.16   1        0        27995       27995.00    0.00        27995.00   
  81       2820592      1        3        27914        0.16   1        0        27914       27914.00    0.00        27914.00   
  82       2021337      1        3        27790        0.16   1        0        27790       27790.00    0.00        27790.00   
  83       2019693      1        5        27623        0.16   1        0        27623       27623.00    0.00        27623.00   
  84       2816924      1        4        27536        0.16   1        0        27536       27536.00    0.00        27536.00   
  85       2816328      1        5        27522        0.16   1        0        27522       27522.00    0.00        27522.00   
  86       2823663      1        3        27378        0.16   1        0        27378       27378.00    0.00        27378.00   
  87       2014702      1        9        519866       3.06   62       0        26920       8384.94     0.00        8384.94    
  88       2023316      1        2        26915        0.16   1        0        26915       26915.00    0.00        26915.00   
  89       2816802      1        2        26230        0.15   1        0        26230       26230.00    0.00        26230.00   
  90       2812624      1        2        26174        0.15   1        0        26174       26174.00    0.00        26174.00   
  91       2012612      1        16       26046        0.15   1        0        26046       26046.00    0.00        26046.00   
  92       2016223      1        10       25497        0.15   1        0        25497       25497.00    0.00        25497.00   
  93       2809267      1        8        25488        0.15   1        0        25488       25488.00    0.00        25488.00   
  94       2021267      1        2        29288        0.17   2        0        25239       14644.00    0.00        14644.00   
  95       2809547      1        5        24709        0.15   1        0        24709       24709.00    0.00        24709.00   
  96       2021248      1        7        27745        0.16   2        0        24505       13872.50    0.00        13872.50   
  97       2802026      1        1        128686       0.76   36       0        24503       3574.61     0.00        3574.61    
  98       2809682      1        5        24420        0.14   1        0        24420       24420.00    0.00        24420.00   
  99       2023622      1        3        392378       2.31   140      0        23464       2802.70     0.00        2802.70    
  100      2802880      1        3        23316        0.14   1        0        23316       23316.00    0.00        23316.00   
  101      2815201      1        2        23193        0.14   1        0        23193       23193.00    0.00        23193.00   
  102      2024178      1        2        23088        0.14   1        0        23088       23088.00    0.00        23088.00   
  103      2829607      1        1        22783        0.13   1        0        22783       22783.00    0.00        22783.00   
  104      2003657      1        18       22633        0.13   1        0        22633       22633.00    0.00        22633.00   
  105      2809256      1        3        43682        0.26   2        0        22631       21841.00    0.00        21841.00   
  106      2018958      1        18       22344        0.13   1        0        22344       22344.00    0.00        22344.00   
  107      2018010      1        5        22338        0.13   1        0        22338       22338.00    0.00        22338.00   
  108      2020705      1        4        22217        0.13   1        0        22217       22217.00    0.00        22217.00   
  109      2003492      1        30       22136        0.13   1        0        22136       22136.00    0.00        22136.00   
  110      2825027      1        3        22080        0.13   1        0        22080       22080.00    0.00        22080.00   
  111      2021266      1        2        25111        0.15   2        0        21990       12555.50    0.00        12555.50   
  112      2017552      1        6        35734        0.21   2        0        21732       17867.00    0.00        17867.00   
  113      2816165      1        5        21345        0.13   1        0        21345       21345.00    0.00        21345.00   
  114      2804626      1        9        21344        0.13   1        0        21344       21344.00    0.00        21344.00   
  115      2816832      1        2        21167        0.12   1        0        21167       21167.00    0.00        21167.00   
  116      2828008      1        2        21120        0.12   1        0        21120       21120.00    0.00        21120.00   
  117      2010143      1        3        582686       3.43   136      0        20974       4284.46     0.00        4284.46    
  118      2814653      1        2        20542        0.12   1        0        20542       20542.00    0.00        20542.00   
  119      2025200      1        1        190111       1.12   62       0        18233       3066.31     0.00        3066.31    
  120      2009243      1        2        211233       1.24   71       0        17933       2975.11     0.00        2975.11    
  121      2019230      1        2        38845        0.23   4        0        17901       9711.25     0.00        9711.25    
  122      2023619      1        3        82247        0.48   26       0        17821       3163.35     0.00        3163.35    
  123      2023621      1        4        170721       1.00   60       0        17709       2845.35     0.00        2845.35    
  124      2023624      1        3        230085       1.35   82       0        17643       2805.91     0.00        2805.91    
  125      2802822      1        1        13

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-06-05 14:27:01,966 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-05 14:27:02,963 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-05 14:27:02,963 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-06-05 14:27:02,964 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-05 14:27:02,964 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-05 14:27:02,964 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/40afe28da396d813813f6d1aef38737256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06052019.1427-pcap.pcap -vvv -k none
2019-06-05 14:27:27,303 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-05 14:27:27,303 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.3498439789