Filename: eth.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.5705180168 seconds
Hash: 4394cc8b99b06f379db9ef2486286855
Uploaded: 1558344520

Logfiles


suricata-report-2019-05-20-T-09-29-07-05202019.0928-eth.pcap.txt - (17753 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4394cc8b99b06f379db9ef248628685556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05202019.0928-eth.pcap -vvv -k none
elapsedtime:25.605948
stderr:
stdout:
20/5/2019 -- 09:28:41 - <Info> - Configuration node 'rule-files' redefined.
20/5/2019 -- 09:28:41 - <Notice> - This is Suricata version 4.0.0 RELEASE
20/5/2019 -- 09:28:41 - <Info> - CPUs/cores online: 1
20/5/2019 -- 09:28:41 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31941 and 'request-body-inspect-window' set to 15725 after randomization.
20/5/2019 -- 09:28:41 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31160 and 'response-body-inspect-window' set to 16505 after randomization.
20/5/2019 -- 09:28:41 - <Config> - DNS request flood protection level: 500
20/5/2019 -- 09:28:41 - <Config> - DNS per flow memcap (state-memcap): 524288
20/5/2019 -- 09:28:41 - <Config> - DNS global memcap: 16777216
20/5/2019 -- 09:28:41 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
20/5/2019 -- 09:28:41 - <Config> - preallocated 1000 hosts of size 136
20/5/2019 -- 09:28:41 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
20/5/2019 -- 09:28:41 - <Config> - using magic-file /usr/share/file/magic
20/5/2019 -- 09:28:41 - <Config> - Core dump size is unlimited.
20/5/2019 -- 09:28:41 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
20/5/2019 -- 09:28:41 - <Config> - preallocated 1000 defrag trackers of size 168
20/5/2019 -- 09:28:41 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
20/5/2019 -- 09:28:41 - <Config> - stream "prealloc-sessions": 2048 (per thread)
20/5/2019 -- 09:28:41 - <Config> - stream "memcap": 33554432
20/5/2019 -- 09:28:41 - <Config> - stream "midstream" session pickups: disabled
20/5/2019 -- 09:28:41 - <Config> - stream "async-oneside": disabled
20/5/2019 -- 09:28:41 - <Config> - stream "checksum-validation": disabled
20/5/2019 -- 09:28:41 - <Config> - stream."inline": disabled
20/5/2019 -- 09:28:41 - <Config> - stream "bypass": disabled
20/5/2019 -- 09:28:41 - <Config> - stream "max-synack-queued": 5
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly "memcap": 134217728
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly "depth": 0
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly "toserver-chunk-size": 2627
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly "toclient-chunk-size": 2526
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly.raw: enabled
20/5/2019 -- 09:28:41 - <Config> - stream.reassembly "segment-prealloc": 2048
20/5/2019 -- 09:28:41 - <Config> - Delayed detect disabled
20/5/2019 -- 09:28:41 - <Config> - pattern matchers: MPM: ac, SPM: bm
20/5/2019 -- 09:28:41 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
20/5/2019 -- 09:28:41 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
20/5/2019 -- 09:28:41 - <Config> - prefilter engines: MPM
20/5/2019 -- 09:28:41 - <Config> - IP reputation disabled
20/5/2019 -- 09:28:41 - <Perf> - Registered 148 keyword profiling counters.
20/5/2019 -- 09:28:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
20/5/2019 -- 09:28:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
20/5/2019 -- 09:28:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
20/5/2019 -- 09:28:46 - <Config> - No rules loaded from ET-icmp.rules.
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
20/5/2019 -- 09:28:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
20/5/2019 -- 09:28:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
20/5/2019 -- 09:28:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
20/5/2019 -- 09:28:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
20/5/2019 -- 09:28:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
20/5/2019 -- 09:28:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
20/5/2019 -- 09:28:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
20/5/2019 -- 09:28:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
20/5/2019 -- 09:28:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
20/5/2019 -- 09:28:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
20/5/2019 -- 09:28:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
20/5/2019 -- 09:28:54 - <Config> - No rules loaded from local.rules.
20/5/2019 -- 09:28:54 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
20/5/2019 -- 09:28:54 - <Info> - Threshold config parsed: 0 rule(s) found
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tcp-packet
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tcp-stream
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for udp-packet
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for other-ip
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_uri
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_request_line
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_client_body
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_response_line
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_header
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_header
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_header_names
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_header_names
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_accept
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_accept_enc
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_accept_lang
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_referer
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_connection
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_content_len
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_content_len
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_content_type
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_content_type
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_protocol
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_protocol
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_start
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_start
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_raw_header
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_raw_header
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_method
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_cookie
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_cookie
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_raw_uri
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_user_agent
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_host
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_raw_host
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_stat_msg
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_stat_code
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for dns_query
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tls_sni
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tls_cert_issuer
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tls_cert_subject
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for tls_cert_serial
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for dce_stub_data
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for dce_stub_data
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for ssh_protocol
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for ssh_protocol
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for ssh_software
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for ssh_software
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for file_data
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for file_data
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_request_line
20/5/2019 -- 09:28:54 - <Perf> - using shared mpm ctx' for http_response_line
20/5/2019 -- 09:28:54 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
20/5/2019 -- 09:28:54 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
20/5/2019 -- 09:28:55 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
20/5/2019 -- 09:28:55 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
20/5/2019 -- 09:28:55 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
20/5/2019 -- 09:28:55 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
20/5/2019 -- 09:28:55 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
20/5/2019 -- 09:28:55 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
20/5/2019 -- 09:29:02 - <Perf> - Unique rule groups: 104
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toserver TCP packet": 35
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toclient TCP packet": 17
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toserver TCP stream": 33
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toclient TCP stream": 19
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toserver UDP packet": 27
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "toclient UDP packet": 17
20/5/2019 -- 09:29:02 - <Perf> - Builtin MPM "other IP packet": 3
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_uri": 14
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_request_line": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_client_body": 6
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_response_line": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_header": 10
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_header": 6
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_header_names": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_accept": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_referer": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_content_len": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_content_type": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_content_type": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_protocol": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_start": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_method": 5
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_cookie": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_cookie": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver http_host": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver dns_query": 4
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver tls_sni": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toserver file_data": 1
20/5/2019 -- 09:29:02 - <Perf> - AppLayer MPM "toclient file_data": 7
20/5/2019 -- 09:29:05 - <Perf> - Registered 39590 rule profiling counters.
20/5/2019 -- 09:29:05 - <Info> - fast output device (regular) initialized: alert
20/5/2019 -- 09:29:05 - <Info> - eve-log output device (regular) initialized: eve.json
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'alert'
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'http'
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'dns'
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'tls'
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'files'
20/5/2019 -- 09:29:05 - <Config> - enabling 'eve-log' module 'ssh'
20/5/2019 -- 09:29:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
20/5/2019 -- 09:29:05 - <Info> - stats output device (regular) initialized: stats.log
20/5/2019 -- 09:29:05 - <Config> - AutoFP mode using "Hash" flow load balancer
20/5/2019 -- 09:29:05 - <Info> - reading pcap file /var/pcap/05202019.0928-eth.pcap
20/5/2019 -- 09:29:05 - <Config> - using 1 flow manager threads
20/5/2019 -- 09:29:05 - <Config> - usin

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-05-20-T-09-29-07-05202019.0928-eth.pcap.txt - (4848 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
10/01/2018-19:01:10.784194  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.784245  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.992560  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.009700  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.012335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.022919  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.025328  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.051549  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.054326  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.088039  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.091481  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:36.119620  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:36.122134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.122555  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.337415  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.366571  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.369202  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.373114  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.376181  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.390335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.396271  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.470057  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.495886  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:54.720050  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:09:44.887134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62349 -> 10.1.75.4:445


packet_stats.log - (5785 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          2434          4094709      607376221     366020520        890.9b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          2434            66435       28251164        293646        714.7m   90.17
TMM_RECEIVEPCAPFILE         IPv4       6          2350             2536       30554113         24046         56.5m    7.13
TMM_DECODEPCAPFILE          IPv4       6          2350             2645        5301169          9108         21.4m    2.70

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          2350             2740         100462          3532          8.3m  1.25  
stream                  IPv4       6          2434             2722         133300          5612         13.7m  2.06  
detect                  IPv4       6          2434            44325       28209229        259589        631.8m  95.31 
tcp-prune               IPv4       6          2434             2536        1655874          3762          9.2m  1.38  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6            20             2612           6100          3037         60.8k  91.62 
smb2                    IPv4       6             2             2537           3023          2780          5.6k  8.38  
Proto detect            IPv4       6            33             2639          10213          3778        124.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            25            17006         323702         76537          1.9m  15.50 
LOGGER_UNIFIED2             IPv4       6            25            22863         161517         52177          1.3m  10.56 
LOGGER_JSON_ALERT           IPv4       6            25            41932        6861545        365227          9.1m  73.94 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1810             2529       27154494         40783        73.8m  49.03 
stream                            IPv4       6          1810             2526       27780551         42400        76.7m  50.97 
Total                             IPv4                  3620                                         41592       150.6m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            78            36299          89296         42890          3.3m  0.44  
PROF_DETECT_RULES           IPv4       6          2434             2524       16880274        118540        288.5m  38.15 
PROF_DETECT_STATEFUL_START    IPv4       6            14             8575          32027         13060        182.8k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6          2434             2507         120458         11559         28.1m  3.72  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2016             2540          30441          2715          5.5m  0.72  
PROF_DETECT_PREFILTER       IPv4       6          2434             7705       27851427         88752        216.0m  28.56 
PROF_DETECT_PF_PAYLOAD      IPv4       6          1810            13189       27827043         91548        165.7m  21.91 
PROF_DETECT_PF_TX           IPv4       6          2016             2619          36084          2936          5.9m  0.78  
PROF_DETECT_PF_SORT1        IPv4       6          1434             2518          36174          4309          6.2m  0.82  
PROF_DETECT_PF_SORT2        IPv4       6          2434             2509          86386          3065          7.5m  0.99  
PROF_DETECT_NONMPMLIST      IPv4       6          2434             2529          38744          3042          7.4m  0.98  
PROF_DETECT_ALERT           IPv4       6          2434             2518          72143          2969          7.2m  0.96  
PROF_DETECT_CLEANUP         IPv4       6          2434             2553          29347          2900          7.1m  0.93  
PROF_DETECT_GETSGH          IPv4       6          2434             2514          65733          3128          7.6m  1.01  


unified2.alert.1558344545 - (5521 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
4[²nö÷B Á	
K§
Kò½™[²nö[²nö÷B}„++ÓUsϋ2žEo
@€BÎ
K§
Kò½W§+êwÒV°Pý;~CÿSMBuHœÎžÎ {>àÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²nö÷u Á	
K§
Kò½™[²nö[²nö÷u}„++ÓUsϋ2žEo
@€BÇ
K§
Kò½W§,wÒWmPü–"CÿSMBuH@TV‚(ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²nö%0 Á	
K§
Kò½™[²nö[²nö%0}„++ÓUsϋ2žEoè@€@ô
K§
Kò½W§WwÒ~×Pþ„CÿSMBuH?2rí;ñxÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²nü%ä Á	
K§
Kò½™[²nü[²nü%ä}„++ÓUsϋ2žEo{@€@a
K§
Kò½W§pw҃tPÿÌ¢CÿSMBuH2þJÃɄQ¢ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²nü0/ Á	
K§
Kò½™[²nü[²nü0/}„++ÓUsϋ2žEo˜@€@D
K§
Kò½W§ˆŽwҘÓPý)‚CÿSMBuH½•VZ ‘Ù«ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oY‡ Á	
K§
Kò½™[²o[²oY‡}„++ÓUsϋ2žEof@€?v
K§
Kò½W§¡
wҜûPÿGaCÿSMBuHñ´ D{ýrÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²obð Á	
K§
Kò½™[²o[²obð}„++ÓUsϋ2žEoƒ@€?Y
K§
Kò½W§¹ŒwÒ²Pýž¨CÿSMBuHË¥k^eé±áÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oÉ] Á	
K§
Kò½™[²o[²oÉ]}„++ÓUsϋ2žEo²@€?*
K§
Kò½W§ÒwÒ¶‚PÿàÕCÿSMBuHÏF
²hðhÿÿ¼ÿ\\10.1.75.4\IPC$?????4	[²oÔ6 Á	
K§
Kò½™	[²o[²oÔ6}„++ÓUsϋ2žEoÏ@€?
K§
Kò½W§êŠwÒÌPý
…CÿSMBuH|¹ƒDªŒímÿÿ¼ÿ\\10.1.75.4\IPC$?????4
[²oWç Á	
K§
Kò½™
[²o[²oWç}„++ÓUsϋ2žEo÷@€>å
K§
Kò½W¨	wÒÐ	PÿN%CÿSMBuH–÷/¯b“ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oeY Á	
K§
Kò½™[²o[²oeY}„++ÓUsϋ2žEo@€>Ä
K§
Kò½W¨ˆwÒåÝPýº*CÿSMBuH%‘XRŸüÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oÓD Á	
K§
Kò½™[²o[²oÓD}„++ÓUsϋ2žEo>@€>ž
K§
Kò½W¨4wÒéPÿUÉCÿSMBuHŸ:‹‘%¦Áÿÿ¼ÿ\\10.1.75.4\IPC$?????4
[²oÝ Á	
K§
Kó„½™
[²o[²oÝ}„++ÓUsϋ2žEoG@€>•
K§
Kó„½u%tfÀ¨PýåäCÿSMBuH%|øñÞ3uæÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oÞ» Á	
K§
Kó„½™[²o[²oÞ»}„++ÓUsϋ2žEoI@€>“
K§
Kó„½u%ªtfÁePü¥ºCÿSMBuHÒæ‰gzÛÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o& Á	
K§
Kó„½™[²o[²o&}„++ÓUsϋ2žEoq@€>k
K§
Kó„½uP¯tféPý‹úCÿSMBuH«![û¦çÊNÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o—ë Á	
K§
Kó„½™[²o[²o—ë}„++ÓUsϋ2žEoš@€>B
K§
Kó„½ui0tfílPÿú˜CÿSMBuHÏ<è$©	Œwÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o¢2 Á	
K§
Kó„½™[²o[²o¢2}„++ÓUsϋ2žEo°@€>,
K§
Kó„½u±tg¤Pý‘CÿSMBuHs±Ù9¥ì6[ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o±z Á	
K§
Kó„½™[²o[²o±z}„++ÓUsϋ2žEoá@€=û
K§
Kó„½uš2tgóPÿL‡CÿSMBuH«èñ*͏åÇÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o½u Á	
K§
Kó„½™[²o[²o½u}„++ÓUsϋ2žEoþ@€=Þ
K§
Kó„½u²³tgîPý9"CÿSMBuH }‚Fþj5ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oô¿ Á	
K§
Kó„½™[²o[²oô¿}„++ÓUsϋ2žEo(@€=´
K§
Kó„½uË4tg zPÿGCÿSMBuHFt‰’Ú¦ÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²oï Ç
K§
Kó„½—[²o[²oï{„++ÓUsϋ2žEmg@€=w
K§
Kó„½uîtg:”Pÿ`iAÿSMBuHL
ÑBiîÿÿ¼ÿ\\10.1.75.4\C$?????4[²o,) Ç
K§
Kó„½—[²o[²o,){„++ÓUsϋ2žEm‹@€<S
K§
Kó„½uItgNÂPüOñAÿSMBuH}—÷å»â²
ÿÿ¼ÿ\\10.1.75.4\C$?????4[²o‘ Á	
K§
Kó„½™[²o[²o‘}„++ÓUsϋ2žEoä@€;ø
K§
Kó„½uÑÇtgU—PûVCÿSMBuHäå9R3Moÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²o"
ü² Á	
K§
Kó„½™[²o"[²o"
ü²}„++ÓUsϋ2žEoù@€;ã
K§
Kó„½uÚþtg[PûK/CÿSMBuH¹+|€ýµ‰hÿÿ¼ÿ\\10.1.75.4\IPC$?????4[²pø
‰^ Á	
K§
K󍽙[²pø[²pø
‰^}„++ÓUsϋ2žEo4@€:¨
K§
Kó½Æv„~2!áŸPÿ¸ÈCÿSMBuHÿÿÐ
ÿ\\10.1.75.4\IPC$?????


suricata-4.0.0-etpro-all-perf.txt-2019-05-20-T-09-29-07-05202019.0928-eth.pcap.txt - (61526 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/20/2019 -- 09:29:07. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2103040      1        5        9294783      4.80   124      0        6553209     74957.93    0.00        74957.93   
  2        2800993      1        1        7509518      3.88   204      0        164300      36811.36    0.00        36811.36   
  3        2008304      1        3        757887       0.39   205      0        150551      3697.01     0.00        3697.01    
  4        2018059      1        2        440464       0.23   27       0        96814       16313.48    0.00        16313.48   
  5        2018065      1        2        747393       0.39   11       0        96401       67944.82    0.00        67944.82   
  6        2800996      1        1        6065909      3.13   204      0        96056       29734.85    0.00        29734.85   
  7        2021716      1        1        94027        0.05   1        0        94027       94027.00    0.00        94027.00   
  8        2103231      1        4        116212       0.06   2        0        93524       58106.00    0.00        58106.00   
  9        2800546      1        3        824978       0.43   28       0        92437       29463.50    0.00        29463.50   
  10       2810020      1        2        14745087     7.61   642      0        89831       22967.43    0.00        22967.43   
  11       2102468      1        9        1511482      0.78   48       0        82316       31489.21    0.00        31489.21   
  12       2103019      1        5        1858739      0.96   642      0        81075       2895.23     0.00        2895.23    
  13       2102383      1        21       520986       0.27   12       0        80433       43415.50    0.00        43415.50   
  14       2018060      1        2        133731       0.07   2        0        80242       66865.50    0.00        66865.50   
  15       2018789      1        3        79581        0.04   1        0        79581       79581.00    0.00        79581.00   
  16       2802042      1        3        494576       0.26   11       0        79422       44961.45    0.00        44961.45   
  17       2018068      1        2        336334       0.17   5        0        78396       67266.80    0.00        67266.80   
  18       2019235      1        1        446439       0.23   128      0        78111       3487.80     0.00        3487.80    
  19       2018062      1        2        195561       0.10   3        0        72211       65187.00    0.00        65187.00   
  20       2018064      1        2        290020       0.15   5        0        70242       58004.00    0.00        58004.00   
  21       2102471      1        12       1580383      0.82   48       2        68410       32924.65    47310.50    32299.17   
  22       2102465      1        9        1764956      0.91   44       23       68263       40112.64    53140.48    25844.05   
  23       2018066      1        2        292780       0.15   5        0        67678       58556.00    0.00        58556.00   
  24       2018061      1        2        295376       0.15   5        0        65149       59075.20    0.00        59075.20   
  25       2018067      1        3        300339       0.16   10       0        63643       30033.90    0.00        30033.90   
  26       2102954      1        4        1358821      0.70   44       0        63204       30882.30    0.00        30882.30   
  27       2103003      1        7        312052       0.16   12       0        62773       26004.33    0.00        26004.33   
  28       2103022      1        4        3911332      2.02   124      0        61624       31543.00    0.00        31543.00   
  29       2018063      1        3        121785       0.06   2        0        61564       60892.50    0.00        60892.50   
  30       2020695      1        1        165293       0.09   5        0        60992       33058.60    0.00        33058.60   
  31       2805141      1        4        13814915     7.13   2439     0        60523       5664.17     0.00        5664.17    
  32       2103056      1        5        2960971      1.53   255      0        59338       11611.65    0.00        11611.65   
  33       2103038      1        5        3282010      1.69   124      0        59122       26467.82    0.00        26467.82   
  34       2018057      1        4        208196       0.11   5        0        56922       41639.20    0.00        41639.20   
  35       2103127      1        4        86145        0.04   2        0        56736       43072.50    0.00        43072.50   
  36       2103030      1        5        3133885      1.62   124      0        55334       25273.27    0.00        25273.27   
  37       2103048      1        5        2954118      1.52   255      0        53642       11584.78    0.00        11584.78   
  38       2022132      1        1        2037775      1.05   235      0        53452       8671.38     0.00        8671.38    
  39       2103054      1        5        3573319      1.84   255      0        52617       14013.02    0.00        14013.02   
  40       2020792      1        2        183810       0.09   6        0        51044       30635.00    0.00        30635.00   
  41       2804293      1        1        718613       0.37   236      0        50500       3044.97     0.00        3044.97    
  42       2020772      1        2        173884       0.09   5        0        50347       34776.80    0.00        34776.80   
  43       2800992      1        1        4212490      2.17   204      0        50070       20649.46    0.00        20649.46   
  44       2020696      1        1        292571       0.15   10       0        49788       29257.10    0.00        29257.10   
  45       2103024      1        3        2559351      1.32   124      0        49723       20639.93    0.00        20639.93   
  46       2103046      1        5        3444517      1.78   255      0        49608       13507.91    0.00        13507.91   
  47       2020794      1        2        1205341      0.62   44       0        49293       27394.11    0.00        27394.11   
  48       2020776      1        2        129792       0.07   4        0        48864       32448.00    0.00        32448.00   
  49       2020769      1        2        246672       0.13   8        0        48657       30834.00    0.00        30834.00   
  50       2102979      1        4        91568        0.05   4        0        48639       22892.00    0.00        22892.00   
  51       2020784      1        2        129867       0.07   4        0        48626       32466.75    0.00        32466.75   
  52       2816515      1        3        81810        0.04   2        0        48290       40905.00    0.00        40905.00   
  53       2018638      1        2        234250       0.12   8        0        48035       29281.25    0.00        29281.25   
  54       2020773      1        2        164891       0.09   6        0        47202       27481.83    0.00        27481.83   
  55       2020795      1        2        119959       0.06   4        0        46800       29989.75    0.00        29989.75   
  56       2020777      1        2        251893       0.13   8        0        46664       31486.62    0.00        31486.62   
  57       2800995      1        1        4129432      2.13   204      0        46084       20242.31    0.00        20242.31   
  58       2020800      1        2        275117       0.14   10       0        46012       27511.70    0.00        27511.70   
  59       2023832      1        3        970317       0.50   56       0        45954       17327.09    0.00        17327.09   
  60       2018013      1        3        123292       0.06   4        0        45902       30823.00    0.00        30823.00   
  61       2012084      1        2        263660       0.14   10       0        45752       26366.00    0.00        26366.00   
  62       2008297      1        5        300859       0.16   83       0        45645       3624.81     0.00        3624.81    
  63       2103184      1        4        70343        0.04   2        0        45505       35171.50    0.00        35171.50   
  64       2020790      1        2        148227       0.08   5        0        44647       29645.40    0.00        29645.40   
  65       2019083      1        2        220508       0.11   7        0        43826       31501.14    0.00        31501.14   
  66       2018077      1        5        182988       0.09   6        0        43406       30498.00    0.00        30498.00   
  67       2020766      1        2        197000       0.10   7        0        42692       28142.86    0.00        28142.86   
  68       2103434      1        4        73215        0.04   2        0        42365       36607.50    0.00        36607.50   
  69       2020608      1        4        112707       0.06   4        0        41980       28176.75    0.00        28176.75   
  70       2103029      1        6        1798619      0.93   642      0        41844       2801.59     0.00        2801.59    
  71       2016922      1        12       41513        0.02   1        0        41513       41513.00    0.00        41513.00   
  72       2020779      1        3        217449       0.11   8        0        41421       27181.12    0.00        27181.12   
  73       2103264      1        5        68914        0.04   2        0        41354       34457.00    0.00        34457.00   
  74       2018054      1        1        145880       0.08   5        0        41348       29176.00    0.00        29176.00   
  75       2020786      1        4        122425       0.06   4        0        41230       30606.25    0.00        30606.25   
  76       2800542      1        2        153364       0.08   5        0        40260       30672.80    0.00        30672.80   
  77       2020614      1        2        143373       0.07   5        0        40184       28674.60    0.00        28674.60   
  78       2103158      1        6        1171080      0.60   374      0        40037       3131.23     0.00        3131.23    
  79       2103230      1        4        75306        0.04   2        0        39879       37653.00    0.00        37653.00   
  80       2801471      1        8        882123       0.46   46       0        39871       19176.59    0.00        19176.59   
  81       2018166      1        3        214125       0.11   8        0        39862       26765.62    0.00        26765.62   
  82       2019602      1        1        306086       0.16   11       0        39827       27826.00    0.00        27826.00   
  83       2023611      1        3        292366       0.15   9        0        39814       32485.11    0.00        32485.11   
  84       2102996      1        6        76882        0.04   2        0        39774       38441.00    0.00        38441.00   
  85       2020785      1        3        120038       0.06   4        0        39719       30009.50    0.00        30009.50   
  86       2020797      1        2        120665       0.06   4        0        39492       30166.25    0.00        30166.25   
  87       2020610      1        3        140396       0.07   5        0        39433       28079.20    0.00        28079.20   
  88       2020606      1        4        90615        0.05   3        0        39365       30205.00    0.00        30205.00   
  89       2102965      1        5        41878        0.02   2        0        39099       20939.00    0.00        20939.00   
  90       2103268      1        5        69875        0.04   2        0        39065       34937.50    0.00        34937.50   
  91       2017707      1        4        60011        0.03   2        0        38820       30005.50    0.00        30005.50   
  92       2103002      1        5        1781762      0.92   642      0        38694       2775.33     0.00        2775.33    
  93       2001569      1        15       694464       0.36   42       42       38459       16534.86    16534.86    0.00       
  94       2102968      1        5        75548        0.04   2        0        38134       37774.00    0.00        37774.00   
  95       2014957      1        1        942097       0.49   77       0        37724       12235.03    0.00        12235.03   
  96       2017944      1        5        817891       0.42   45       0        37387       18175.36    0.00        18175.36   
  97       2103421      1        4        68025        0.04   2        0        37376       34012.50    0.00        34012.50   
  98       2103032      1        5        2461766      1.27   124      0        37350       19852.95    0.00        19852.95   
  99       2103269      1        5        59618        0.03   2        0        37269       29809.00    0.00        29809.00   
  100      2102969      1        5        72121        0.04   2        0        37238       36060.50    0.00        36060.50   
  101      2022773      1        2        139468       0.07   5        0        37199       27893.60    0.00        27893.60   
  102      2103188      1        4        59462        0.03   2        0        37136       29731.00    0.00        29731.00   
  103      2103126      1        4        68750        0.04   2        0        36543       34375.00    0.00        34375.00   
  104      2103189      1        4        58779        0.03   2        0        36521       29389.50    0.00        29389.50   
  105      2102997      1        6        68651        0.04   2        0        36324       34325.50    0.00        34325.50   
  106      2810018      1        3        1435705      0.74   58       0        36300       24753.53    0.00        24753.53   
  107      2102938      1        6        61160        0.03   2        0        36230       30580.00    0.00        30580.00   
  108      2103438      1        4        59762        0.03   2        0        36171       29881.00    0.00        29881.00   
  109      2807770      1        1        36029        0.02   1        0        36029       36029.00    0.00        36029.00   
  110      2103437      1        4        70398        0.04   2        0        35677       35199.00    0.00        35199.00   
  111      2811034      1        1        412947       0.21   128      0        35375       3226.15     0.00        3226.15    
  112      2103422      1        4        60523        0.03   2        0        35237       30261.50    0.00        30261.50   
  113      2017877      1        3        34880        0.02   1        0        34880       34880.00    0.00        34880.00   
  114      2828876      1        1        3183587      1.64   1121     0        34427       2839.95     0.00        2839.95    
  115      2815451      1        2        2985857      1.54   261      0        34321       11440.07    0.00        11440.07   
  116      2102483      1        9        59103        0.03   2        0        34202       29551.50    0.00        29551.50   
  117      2103018      1        5        378853       0.20   124      0        33814       3055.27     0.00        3055.27    
  118      2018372      1        2        243465       0.13   15       0        33791       16231.00    0.00        16231.00   
  119      2824996      1        1        203565       0.11   22       0        33524       9252.95     0.00        9252.95    
  120      2102402      1        6        230077       0.12   12       0        33460       19173.08    0.00        19173.08   
  121      2018558      1        5        1575218      0.81   549      0        33454       2869.25     0.00        2869.25    
  122      2020611      1        4        136824       0.07   5        0        33335       27364.80    0.00        27364.80   
  123      2018032      1        2        33315        0.02   1        0        33315       33315.00    0.00        33315.00   
  124      2020613      1        3        58684        0.03   2        0        32124       29342.00    0.00        29342.00   
  125      2103433      1        4        5

This file has been truncated. Go here to download in full.


stats.log - (2850 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 5/20/2019 -- 09:29:07 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2350
decoder.bytes                              | Total                     | 1016928
decoder.ipv4                               | Total                     | 2350
decoder.ethernet                           | Total                     | 2350
decoder.tcp                                | Total                     | 2350
decoder.avg_pkt_size                       | Total                     | 432
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 41
tcp.sessions                               | Total                     | 41
tcp.syn                                    | Total                     | 42
tcp.synack                                 | Total                     | 37
tcp.rst                                    | Total                     | 37
detect.alert                               | Total                     | 25
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.smb                         | Total                     | 8
flow_mgr.closed_pruned                     | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 4
flow.spare                                 | Total                     | 10010
flow_mgr.flows_checked                     | Total                     | 41
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 40
flow_mgr.flows_timeout_inuse               | Total                     | 30
flow_mgr.flows_removed                     | Total                     | 10
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65495
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7086112


eve.json - (9954 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{"timestamp":"2018-10-01T19:01:10.784194+0000","flow_id":1055578121496602,"pcap_cnt":129,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:10.784245+0000","flow_id":1055578121496602,"pcap_cnt":133,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:10.992560+0000","flow_id":1055578121496602,"pcap_cnt":203,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:16.009700+0000","flow_id":1055578121496602,"pcap_cnt":276,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:16.012335+0000","flow_id":1055578121496602,"pcap_cnt":331,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:21.022919+0000","flow_id":1055578121496602,"pcap_cnt":384,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:21.025328+0000","flow_id":1055578121496602,"pcap_cnt":438,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:26.051549+0000","flow_id":1055578121496602,"pcap_cnt":505,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:26.054326+0000","flow_id":1055578121496602,"pcap_cnt":561,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:31.088039+0000","flow_id":1055578121496602,"pcap_cnt":620,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:31.091481+0000","flow_id":1055578121496602,"pcap_cnt":682,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:36.119620+0000","flow_id":1055578121496602,"pcap_cnt":741,"event_type":"alert","src_ip":"10.1.75.167","src_port":62079,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:36.122134+0000","flow_id":1049758442510285,"pcap_cnt":759,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:36.122555+0000","flow_id":1049758442510285,"pcap_cnt":763,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:36.337415+0000","flow_id":1049758442510285,"pcap_cnt":829,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:41.366571+0000","flow_id":1049758442510285,"pcap_cnt":891,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:41.369202+0000","flow_id":1049758442510285,"pcap_cnt":938,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:46.373114+0000","flow_id":1049758442510285,"pcap_cnt":998,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:46.376181+0000","flow_id":1049758442510285,"pcap_cnt":1054,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:51.390335+0000","flow_id":1049758442510285,"pcap_cnt":1110,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:51.396271+0000","flow_id":1049758442510285,"pcap_cnt":1234,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102471,"rev":12,"signature":"GPL NETBIOS SMB-DS C$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:51.470057+0000","flow_id":1049758442510285,"pcap_cnt":1722,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102471,"rev":12,"signature":"GPL NETBIOS SMB-DS C$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:51.495886+0000","flow_id":1049758442510285,"pcap_cnt":1872,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:01:54.720050+0000","flow_id":1049758442510285,"pcap_cnt":1910,"event_type":"alert","src_ip":"10.1.75.167","src_port":62340,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-01T19:09:44.887134+0000","flow_id":489185785448186,"pcap_cnt":2014,"event_type":"alert","src_ip":"10.1.75.167","src_port":62349,"dest_ip":"10.1.75.4","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}


keyword_perf.log - (6602 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/20/2019 -- 09:29:07
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            125375          42              42              4767            2985.00         2985.00         0.00           
  flow             363101          88              88              16796           4126.00         4126.00         0.00           
  threshold        227491          42              0               49406           5416.00         0.00            5416.00        
  content          34137185        9877            6578            74028           3456.00         3556.00         3257.00        
  pcre             1388924         274             104             46176           5069.00         3782.00         5855.00        
  byte_test        9279325         3161            1302            25912           2935.00         2939.00         2932.00        
  byte_jump        4396361         1468            719             32939           2994.00         2969.00         3019.00        
  isdataat         2601            1               0               2601            2601.00         0.00            2601.00        
  flowbits         110188          23              23              11764           4790.00         4790.00         0.00           
  byte_extract     191057          46              46              12596           4153.00         4153.00         0.00           
  dce_iface        3162021         1095            0               34191           2887.00         0.00            2887.00        
  asn1             151903          7               0               37018           21700.00        0.00            21700.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            125375          42              42              4767            2985.00         2985.00         0.00           
  flow             363101          88              88              16796           4126.00         4126.00         0.00           
  asn1             151903          7               0               37018           21700.00        0.00            21700.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          34137185        9877            6578            74028           3456.00         3556.00         3257.00        
  pcre             1388924         274             104             46176           5069.00         3782.00         5855.00        
  byte_test        9279325         3161            1302            25912           2935.00         2939.00         2932.00        
  byte_jump        4396361         1468            719             32939           2994.00         2969.00         3019.00        
  isdataat         2601            1               0               2601            2601.00         0.00            2601.00        
  byte_extract     191057          46              46              12596           4153.00         4153.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         110188          23              23              11764           4790.00         4790.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        227491          42              0               49406           5416.00         0.00            5416.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        3162021         1095            0               34191           2887.00         0.00            2887.00        


IDSDeathBlossom.py.log - (1143 bytes) - download
1
2
3
4
5
6
7
8
2019-05-20 09:28:41,022 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-20 09:28:41,759 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-20 09:28:41,759 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-20 09:28:41,760 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-20 09:28:41,760 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-20 09:28:41,761 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4394cc8b99b06f379db9ef248628685556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05202019.0928-eth.pcap -vvv -k none
2019-05-20 09:29:07,369 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-20 09:29:07,370 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.3559370041