Filename: network (5).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.2110300064 seconds
Hash: 4601f60325e509e01abfde9e62bda328
Uploaded: 1547125526

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-01-10-T-13-05-50-01102019.1305-network_5.pcap.txt - (36438 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/10/2019 -- 13:05:50. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816940      1        2        3607732      5.71   11       0        3061255     327975.64   0.00        327975.64  
  2        2815453      1        4        7631426      12.08  22       0        443568      346883.00   0.00        346883.00  
  3        2819930      1        2        1606132      2.54   11       0        195000      146012.00   0.00        146012.00  
  4        2021749      1        6        480257       0.76   3        0        178718      160085.67   0.00        160085.67  
  5        2819664      1        2        1656989      2.62   11       0        177628      150635.36   0.00        150635.36  
  6        2814979      1        2        471169       0.75   8        0        176919      58896.12    0.00        58896.12   
  7        2814978      1        2        498882       0.79   8        0        155425      62360.25    0.00        62360.25   
  8        2822213      1        2        429751       0.68   8        0        155313      53718.88    0.00        53718.88   
  9        2018342      1        2        4421208      7.00   38       0        150866      116347.58   0.00        116347.58  
  10       2820157      1        2        1070446      1.69   8        0        142131      133805.75   0.00        133805.75  
  11       2820158      1        2        1051828      1.66   8        0        140254      131478.50   0.00        131478.50  
  12       2811745      1        4        639119       1.01   7        0        107551      91302.71    0.00        91302.71   
  13       2816327      1        4        447818       0.71   11       0        96110       40710.73    0.00        40710.73   
  14       2816931      1        3        355831       0.56   11       0        90803       32348.27    0.00        32348.27   
  15       2024771      1        1        1716153      2.72   277      0        88379       6195.50     0.00        6195.50    
  16       2025064      1        5        447574       0.71   11       0        69375       40688.55    0.00        40688.55   
  17       2816910      1        2        611142       0.97   11       0        68323       55558.36    0.00        55558.36   
  18       2018005      1        6        218380       0.35   8        0        68049       27297.50    0.00        27297.50   
  19       2816909      1        2        632757       1.00   11       0        67359       57523.36    0.00        57523.36   
  20       2816328      1        5        326041       0.52   11       0        65192       29640.09    0.00        29640.09   
  21       2021276      1        4        215617       0.34   6        0        63926       35936.17    0.00        35936.17   
  22       2020705      1        4        265515       0.42   11       0        63314       24137.73    0.00        24137.73   
  23       2018457      1        1        139285       0.22   7        0        63167       19897.86    0.00        19897.86   
  24       2816526      1        13       349202       0.55   11       0        60650       31745.64    0.00        31745.64   
  25       2816356      1        2        467114       0.74   15       0        58415       31140.93    0.00        31140.93   
  26       2821615      1        2        447546       0.71   16       0        56839       27971.62    0.00        27971.62   
  27       2809859      1        6        288686       0.46   10       0        54310       28868.60    0.00        28868.60   
  28       2816928      1        3        337243       0.53   11       0        54172       30658.45    0.00        30658.45   
  29       2816927      1        3        364772       0.58   11       0        53255       33161.09    0.00        33161.09   
  30       2816929      1        4        425067       0.67   11       0        52674       38642.45    0.00        38642.45   
  31       2805260      1        4        263805       0.42   11       0        52671       23982.27    0.00        23982.27   
  32       2828986      1        2        334255       0.53   9        0        52450       37139.44    0.00        37139.44   
  33       2018358      1        7        390285       0.62   11       0        52326       35480.45    0.00        35480.45   
  34       2819673      1        4        329430       0.52   11       0        51042       29948.18    0.00        29948.18   
  35       2022502      1        4        544352       0.86   16       0        50753       34022.00    0.00        34022.00   
  36       2019189      1        2        155122       0.25   6        0        50410       25853.67    0.00        25853.67   
  37       2811447      1        2        90221        0.14   8        0        48893       11277.62    0.00        11277.62   
  38       2020661      1        3        118365       0.19   14       0        47480       8454.64     0.00        8454.64    
  39       2810055      1        2        109117       0.17   23       0        47127       4744.22     0.00        4744.22    
  40       2829848      1        2        344129       0.54   9        0        47015       38236.56    0.00        38236.56   
  41       2017552      1        6        1914032      3.03   128      0        46919       14953.38    0.00        14953.38   
  42       2019344      1        5        369114       0.58   11       0        46641       33555.82    0.00        33555.82   
  43       2815254      1        7        172821       0.27   4        0        46594       43205.25    0.00        43205.25   
  44       2816922      1        5        318566       0.50   11       0        46552       28960.55    0.00        28960.55   
  45       2828122      1        2        378032       0.60   11       0        46467       34366.55    0.00        34366.55   
  46       2820851      1        5        380544       0.60   11       0        46285       34594.91    0.00        34594.91   
  47       2822979      1        3        88876        0.14   2        0        45741       44438.00    0.00        44438.00   
  48       2019230      1        2        188838       0.30   18       0        45423       10491.00    0.00        10491.00   
  49       2020496      1        2        132471       0.21   4        0        43174       33117.75    0.00        33117.75   
  50       2025162      1        2        282531       0.45   9        0        42251       31392.33    0.00        31392.33   
  51       2018958      1        18       272006       0.43   11       0        42102       24727.82    0.00        24727.82   
  52       2017613      1        9        339375       0.54   11       0        41719       30852.27    0.00        30852.27   
  53       2806659      1        4        122186       0.19   5        0        41570       24437.20    0.00        24437.20   
  54       2018077      1        5        41078        0.07   1        0        41078       41078.00    0.00        41078.00   
  55       2812916      1        6        310118       0.49   11       0        40273       28192.55    0.00        28192.55   
  56       2816895      1        2        100755       0.16   3        0        40260       33585.00    0.00        33585.00   
  57       2829644      1        1        253031       0.40   9        0        39083       28114.56    0.00        28114.56   
  58       2014701      1        12       284498       0.45   20       0        38995       14224.90    0.00        14224.90   
  59       2809682      1        5        261796       0.41   11       0        38684       23799.64    0.00        23799.64   
  60       2011894      1        19       314811       0.50   11       0        38090       28619.18    0.00        28619.18   
  61       2816525      1        10       362403       0.57   11       0        37875       32945.73    0.00        32945.73   
  62       2018242      1        5        292917       0.46   11       0        37721       26628.82    0.00        26628.82   
  63       2022609      1        2        336734       0.53   10       0        37716       33673.40    0.00        33673.40   
  64       2816930      1        4        294746       0.47   11       0        37410       26795.09    0.00        26795.09   
  65       2012707      1        5        169717       0.27   7        0        36428       24245.29    0.00        24245.29   
  66       2816925      1        3        305308       0.48   11       0        35867       27755.27    0.00        27755.27   
  67       2018789      1        3        141795       0.22   8        0        35786       17724.38    0.00        17724.38   
  68       2018452      1        15       355487       0.56   11       0        35486       32317.00    0.00        32317.00   
  69       2830124      1        1        286766       0.45   9        0        35069       31862.89    0.00        31862.89   
  70       2020380      1        3        234342       0.37   11       0        34486       21303.82    0.00        21303.82   
  71       2022054      1        3        65592        0.10   2        0        33900       32796.00    0.00        32796.00   
  72       2018981      1        4        302771       0.48   11       0        33899       27524.64    0.00        27524.64   
  73       2804626      1        9        237877       0.38   11       0        33487       21625.18    0.00        21625.18   
  74       2816330      1        2        62635        0.10   2        0        33460       31317.50    0.00        31317.50   
  75       2829607      1        1        196262       0.31   9        0        33321       21806.89    0.00        21806.89   
  76       2828060      1        4        253855       0.40   9        0        33213       28206.11    0.00        28206.11   
  77       2017191      1        3        133881       0.21   6        0        33124       22313.50    0.00        22313.50   
  78       2022543      1        1        164582       0.26   10       0        33084       16458.20    0.00        16458.20   
  79       2016537      1        2        1560096      2.47   112      0        33035       13929.43    0.00        13929.43   
  80       2815817      1        5        304468       0.48   11       0        32752       27678.91    0.00        27678.91   
  81       2003492      1        30       232316       0.37   11       0        32533       21119.64    0.00        21119.64   
  82       2826256      1        2        333588       0.53   16       0        32480       20849.25    0.00        20849.25   
  83       2016858      1        10       299003       0.47   11       0        32427       27182.09    0.00        27182.09   
  84       2809547      1        5        222527       0.35   11       0        32171       20229.73    0.00        20229.73   
  85       2020746      1        8        61631        0.10   2        0        32019       30815.50    0.00        30815.50   
  86       2018010      1        5        237378       0.38   11       0        31863       21579.82    0.00        21579.82   
  87       2827279      1        5        335536       0.53   16       0        31540       20971.00    0.00        20971.00   
  88       2830035      1        2        191151       0.30   9        0        31003       21239.00    0.00        21239.00   
  89       2021214      1        2        86064        0.14   3        0        30787       28688.00    0.00        28688.00   
  90       2021118      1        3        86845        0.14   3        0        30743       28948.33    0.00        28948.33   
  91       2019881      1        3        286361       0.45   11       0        30706       26032.82    0.00        26032.82   
  92       2017774      1        9        174109       0.28   6        0        30578       29018.17    0.00        29018.17   
  93       2018983      1        7        287562       0.46   11       0        29732       26142.00    0.00        26142.00   
  94       2010140      1        7        288810       0.46   47       0        29181       6144.89     0.00        6144.89    
  95       2808344      1        3        84701        0.13   3        0        29056       28233.67    0.00        28233.67   
  96       2018259      1        10       162939       0.26   6        0        28886       27156.50    0.00        27156.50   
  97       2816660      1        3        55750        0.09   2        0        28785       27875.00    0.00        27875.00   
  98       2018496      1        9        286736       0.45   11       0        28744       26066.91    0.00        26066.91   
  99       2819887      1        2        55936        0.09   2        0        27969       27968.00    0.00        27968.00   
  100      2020295      1        6        104196       0.16   4        0        27864       26049.00    0.00        26049.00   
  101      2816924      1        4        283329       0.45   11       0        27530       25757.18    0.00        25757.18   
  102      2816530      1        2        52167        0.08   2        0        26107       26083.50    0.00        26083.50   
  103      2803779      1        1        171973       0.27   56       0        25949       3070.95     0.00        3070.95    
  104      2828008      1        2        318506       0.50   16       0        25234       19906.62    0.00        19906.62   
  105      2816165      1        5        320176       0.51   16       0        25212       20011.00    0.00        20011.00   
  106      2814736      1        7        24947        0.04   1        0        24947       24947.00    0.00        24947.00   
  107      2809850      1        2        47681        0.08   2        0        23980       23840.50    0.00        23840.50   
  108      2018166      1        3        23724        0.04   1        0        23724       23724.00    0.00        23724.00   
  109      2008782      1        5        46964        0.07   2        0        23640       23482.00    0.00        23482.00   
  110      2016223      1        10       219621       0.35   11       0        23590       19965.55    0.00        19965.55   
  111      2810291      1        7        97182        0.15   29       0        23557       3351.10     0.00        3351.10    
  112      2828823      1        2        23300        0.04   1        0        23300       23300.00    0.00        23300.00   
  113      2024178      1        2        226246       0.36   11       0        23294       20567.82    0.00        20567.82   
  114      2003657      1        18       221011       0.35   11       0        22879       20091.91    0.00        20091.91   
  115      2807531      1        3        36221        0.06   2        0        22878       18110.50    0.00        18110.50   
  116      2020608      1        4        22843        0.04   1        0        22843       22843.00    0.00        22843.00   
  117      2012612      1        16       144747       0.23   7        0        22572       20678.14    0.00        20678.14   
  118      2809267      1        8        178918       0.28   9        0        22162       19879.78    0.00        19879.78   
  119      2016567      1        6        124686       0.20   6        0        22156       20781.00    0.00        20781.00   
  120      2024909      1        2        43448        0.07   2        0        21920       21724.00    0.00        21724.00   
  121      2808004      1        5        124664       0.20   6        0        21919       20777.33    0.00        20777.33   
  122      2810353      1        5        43445        0.07   2        0        21797       21722.50    0.00        21722.50   
  123      2024829      1        2        155651       0.25   8        0        21417       19456.38    0.00        19456.38   
  124      2830036      1        1        102739       0.16   5        0        21184       20547.80    0.00        20547.80   
  125      2811668      1        6        1

This file has been truncated. Go here to download in full.


suricata-report-2019-01-10-T-13-05-50-01102019.1305-network_5.pcap.txt - (17654 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4601f60325e509e01abfde9e62bda32856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01102019.1305-network_5.pcap -vvv -k none
elapsedtime:23.223597
stderr:
stdout:
10/1/2019 -- 13:05:27 - <Info> - Configuration node 'rule-files' redefined.
10/1/2019 -- 13:05:27 - <Notice> - This is Suricata version 4.0.0 RELEASE
10/1/2019 -- 13:05:27 - <Info> - CPUs/cores online: 1
10/1/2019 -- 13:05:27 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34126 and 'request-body-inspect-window' set to 16491 after randomization.
10/1/2019 -- 13:05:27 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32962 and 'response-body-inspect-window' set to 15640 after randomization.
10/1/2019 -- 13:05:27 - <Config> - DNS request flood protection level: 500
10/1/2019 -- 13:05:27 - <Config> - DNS per flow memcap (state-memcap): 524288
10/1/2019 -- 13:05:27 - <Config> - DNS global memcap: 16777216
10/1/2019 -- 13:05:27 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
10/1/2019 -- 13:05:27 - <Config> - preallocated 1000 hosts of size 136
10/1/2019 -- 13:05:27 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
10/1/2019 -- 13:05:27 - <Config> - using magic-file /usr/share/file/magic
10/1/2019 -- 13:05:27 - <Config> - Core dump size is unlimited.
10/1/2019 -- 13:05:27 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
10/1/2019 -- 13:05:27 - <Config> - preallocated 1000 defrag trackers of size 168
10/1/2019 -- 13:05:27 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
10/1/2019 -- 13:05:27 - <Config> - stream "prealloc-sessions": 2048 (per thread)
10/1/2019 -- 13:05:27 - <Config> - stream "memcap": 33554432
10/1/2019 -- 13:05:27 - <Config> - stream "midstream" session pickups: disabled
10/1/2019 -- 13:05:27 - <Config> - stream "async-oneside": disabled
10/1/2019 -- 13:05:27 - <Config> - stream "checksum-validation": disabled
10/1/2019 -- 13:05:27 - <Config> - stream."inline": disabled
10/1/2019 -- 13:05:27 - <Config> - stream "bypass": disabled
10/1/2019 -- 13:05:27 - <Config> - stream "max-synack-queued": 5
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly "memcap": 134217728
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly "depth": 0
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly "toserver-chunk-size": 2542
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly "toclient-chunk-size": 2678
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly.raw: enabled
10/1/2019 -- 13:05:27 - <Config> - stream.reassembly "segment-prealloc": 2048
10/1/2019 -- 13:05:27 - <Config> - Delayed detect disabled
10/1/2019 -- 13:05:27 - <Config> - pattern matchers: MPM: ac, SPM: bm
10/1/2019 -- 13:05:27 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
10/1/2019 -- 13:05:27 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
10/1/2019 -- 13:05:27 - <Config> - prefilter engines: MPM
10/1/2019 -- 13:05:27 - <Config> - IP reputation disabled
10/1/2019 -- 13:05:27 - <Perf> - Registered 148 keyword profiling counters.
10/1/2019 -- 13:05:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
10/1/2019 -- 13:05:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
10/1/2019 -- 13:05:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
10/1/2019 -- 13:05:32 - <Config> - No rules loaded from ET-icmp.rules.
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
10/1/2019 -- 13:05:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
10/1/2019 -- 13:05:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
10/1/2019 -- 13:05:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
10/1/2019 -- 13:05:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
10/1/2019 -- 13:05:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
10/1/2019 -- 13:05:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
10/1/2019 -- 13:05:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
10/1/2019 -- 13:05:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
10/1/2019 -- 13:05:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
10/1/2019 -- 13:05:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
10/1/2019 -- 13:05:40 - <Config> - No rules loaded from local.rules.
10/1/2019 -- 13:05:40 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
10/1/2019 -- 13:05:40 - <Info> - Threshold config parsed: 0 rule(s) found
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tcp-packet
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tcp-stream
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for udp-packet
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for other-ip
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_uri
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_request_line
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_client_body
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_response_line
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_header
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_header
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_header_names
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_header_names
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_accept
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_accept_enc
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_accept_lang
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_referer
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_connection
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_content_len
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_content_len
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_content_type
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_content_type
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_protocol
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_protocol
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_start
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_start
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_raw_header
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_raw_header
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_method
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_cookie
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_cookie
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_raw_uri
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_user_agent
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_host
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_raw_host
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_stat_msg
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_stat_code
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for dns_query
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tls_sni
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tls_cert_issuer
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tls_cert_subject
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for tls_cert_serial
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for dce_stub_data
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for dce_stub_data
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for ssh_protocol
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for ssh_protocol
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for ssh_software
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for ssh_software
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for file_data
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for file_data
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_request_line
10/1/2019 -- 13:05:40 - <Perf> - using shared mpm ctx' for http_response_line
10/1/2019 -- 13:05:40 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
10/1/2019 -- 13:05:40 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
10/1/2019 -- 13:05:41 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
10/1/2019 -- 13:05:41 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
10/1/2019 -- 13:05:41 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
10/1/2019 -- 13:05:41 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
10/1/2019 -- 13:05:41 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
10/1/2019 -- 13:05:41 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
10/1/2019 -- 13:05:45 - <Perf> - Unique rule groups: 104
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toserver TCP packet": 35
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toclient TCP packet": 17
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toserver TCP stream": 33
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toclient TCP stream": 19
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toserver UDP packet": 27
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "toclient UDP packet": 17
10/1/2019 -- 13:05:45 - <Perf> - Builtin MPM "other IP packet": 3
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_uri": 14
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_request_line": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_client_body": 6
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_response_line": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_header": 10
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_header": 6
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_header_names": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_accept": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_referer": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_content_len": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_content_type": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_content_type": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_protocol": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_start": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_method": 5
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_cookie": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_cookie": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver http_host": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver dns_query": 4
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver tls_sni": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toserver file_data": 1
10/1/2019 -- 13:05:45 - <Perf> - AppLayer MPM "toclient file_data": 7
10/1/2019 -- 13:05:48 - <Perf> - Registered 39590 rule profiling counters.
10/1/2019 -- 13:05:48 - <Info> - fast output device (regular) initialized: alert
10/1/2019 -- 13:05:48 - <Info> - eve-log output device (regular) initialized: eve.json
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'alert'
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'http'
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'dns'
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'tls'
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'files'
10/1/2019 -- 13:05:48 - <Config> - enabling 'eve-log' module 'ssh'
10/1/2019 -- 13:05:48 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
10/1/2019 -- 13:05:48 - <Info> - stats output device (regular) initialized: stats.log
10/1/2019 -- 13:05:48 - <Config> - AutoFP mode using "Hash" flow load balancer
10/1/2019 -- 13:05:48 - <Info> - reading pcap file /var/pcap/01102019.1305-network_5.pcap
10/1/2019 -- 13:05:48 - <Config> - using 1 flow manager threads
10/1/2019 -- 13:05:48 - <Co

This file has been truncated. Go here to download in full.


packet_stats.log - (19322 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1        171557783      171557783     171557783        171.6m    0.19
 IPv4       6           667           101425      210663523     127275811         84.9b   92.25
 IPv4      17            38         10005937      211798980      84871142          3.2b    3.50
 IPv6      17            19          9727656      211539689      70775120          1.3b    1.46
 IPv6      58            12        187644731      211940615     199193018          2.4b    2.60
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1            95598          95598         95598         95.6k    0.04
TMM_FLOWWORKER              IPv4       6           667            66896       15329138        306318        204.3m   87.20
TMM_FLOWWORKER              IPv4      17            38           133964         831460        304383         11.6m    4.94
TMM_RECEIVEPCAPFILE         IPv4       1             1             2792           2792          2792          2.8k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6           659             2534        9634579         17642         11.6m    4.96
TMM_RECEIVEPCAPFILE         IPv4      17            38             2543           3433          2811        106.8k    0.05
TMM_DECODEPCAPFILE          IPv4       1             1             9392           9392          9392          9.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6           659             2643          27039          2851          1.9m    0.80
TMM_DECODEPCAPFILE          IPv4      17            38             2658           3794          2882        109.5k    0.05
TMM_FLOWWORKER              IPv6      17            19           123775         257704        176757          3.4m    1.43
TMM_FLOWWORKER              IPv6      58            12            77978         115413         86193          1.0m    0.44
TMM_RECEIVEPCAPFILE         IPv6      17            19             2562           3607          2907         55.2k    0.02
TMM_RECEIVEPCAPFILE         IPv6      58            12             2540           3050          2710         32.5k    0.01
TMM_DECODEPCAPFILE          IPv6      17            19             2718          19325          3799         72.2k    0.03
TMM_DECODEPCAPFILE          IPv6      58            12             2737           4401          2968         35.6k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             3612           3612          3612          3.6k  0.00  
flow                    IPv4       6           659             2820          23100          3412          2.2m  1.17  
flow                    IPv4      17            38             2892           4892          3661        139.2k  0.07  
stream                  IPv4       6           667             2696         505613         11148          7.4m  3.85  
app-layer               IPv4      17            38             2555         112726         13581        516.1k  0.27  
detect                  IPv4       1             1            83049          83049         83049         83.0k  0.04  
detect                  IPv4       6           667            44745        6231551        250486        167.1m  86.57 
detect                  IPv4      17            38           117956         433733        246298          9.4m  4.85  
tcp-prune               IPv4       6           667             2514          30557          3064          2.0m  1.06  
flow                    IPv6      17            19             2741          13673          4433         84.2k  0.04  
flow                    IPv6      58            12             3419          17658          5192         62.3k  0.03  
app-layer               IPv6      17            19             2547          15610          7474        142.0k  0.07  
detect                  IPv6      17            19           107737         231676        154013          2.9m  1.52  
detect                  IPv6      58            12            66322         103824         72596        871.2k  0.45  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             3369          21635          9277        176.3k  33.94 
http                    IPv4      17             6            11104          45432         17498        105.0k  20.21 
tls                     IPv4       6             6             2864           4804          3873         23.2k  4.47  
dns                     IPv4      17            20             4046           8421          5495        109.9k  21.16 
http                    IPv6      17             6            11104          45432         17498        105.0k  20.21 
Proto detect            IPv4      17            30             2700          96420          8718        261.5k
Proto detect            IPv6      17            13             2730           8924          3911         50.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            16            28393         371684         64453          1.0m  26.10 
LOGGER_JSON_HTTP            IPv4       6            16            48186         133981         88034          1.4m  35.64 
LOGGER_JSON_TLS             IPv4       6             3            52873          65884         61312        183.9k  4.65  
LOGGER_JSON_FILE            IPv4       6            16            51337         138521         82995          1.3m  33.60 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            18146          18146         18146        18.1k  0.04  
payload                           IPv4       6           368             2568         181606         20178         7.4m  16.46 
payload                           IPv4      17            38             3113          48961         13820       525.2k  1.16  
stream                            IPv4       6           368             2540        2930480         40133        14.8m  32.73 
http_uri                          IPv4       6            16             6693         105186         27068       433.1k  0.96  
http_request_line                 IPv4       6            16             3605          11289          5647        90.4k  0.20  
http_client_body                  IPv4       6            16             2809           4282          3190        51.0k  0.11  
http_header (request)             IPv4       6            16            13416         153264         57488       919.8k  2.04  
http_header (request trailer)     IPv4       6            16             2606           2683          2648        42.4k  0.09  
http_header_names (request)       IPv4       6            16             6493          26173         15032       240.5k  0.53  
http_accept (request)             IPv4       6            16             2903          29642          5236        83.8k  0.19  
http_referer (request)            IPv4       6            16             2837           3809          3096        49.5k  0.11  
http_content_len (request)        IPv4       6            16             2950           4196          3174        50.8k  0.11  
http_content_type (request)       IPv4       6            16             2870           4262          3216        51.5k  0.11  
http_protocol (request)           IPv4       6            16             3212          28899          5657        90.5k  0.20  
http_start (request)              IPv4       6            16             5275          21086         11027       176.4k  0.39  
http_raw_header (request)         IPv4       6            16             7608          29292         14255       228.1k  0.51  
http_method                       IPv4       6            16             3498           8110          4810        77.0k  0.17  
http_cookie (request)             IPv4       6            16             2886          11652          4027        64.4k  0.14  
http_raw_uri                      IPv4       6            16             3461          16008          6354       101.7k  0.23  
http_user_agent                   IPv4       6            16             4698          50269         27573       441.2k  0.98  
http_host                         IPv4       6            16             4308           9790          6559       105.0k  0.23  
dns_query                         IPv4      17             8             2989          31301         12326        98.6k  0.22  
tls_sni                           IPv4       6             7             3173           9780          6267        43.9k  0.10  
http_response_line                IPv4       6            16             3483          16235          6899       110.4k  0.24  
http_header (response)            IPv4       6            16            14700          61768         35263       564.2k  1.25  
http_header (response trailer)    IPv4       6            16             2586           7726          3119        49.9k  0.11  
http_content_type (response)      IPv4       6            16             4146          11182          6976       111.6k  0.25  
http_raw_header (response)        IPv4       6           277             5059          35901          5856         1.6m  3.60  
http_cookie (response)            IPv4       6            16             2941           6951          3454        55.3k  0.12  
http_stat_code                    IPv4       6            16             2836           7801          4392        70.3k  0.16  
tls_cert_issuer                   IPv4       6             3             2616           9602          6612        19.8k  0.04  
tls_cert_subject                  IPv4       6             3             2831          12417          7521        22.6k  0.05  
tls_cert_serial                   IPv4       6             3             2601           6721          5280        15.8k  0.04  
file_data (http response)         IPv4       6           261             2571         955900         61483        16.0m  35.57 
Total                             IPv4                  1721                                         26070        44.9m
payload                           IPv6      17            19             3228          33655         10658       202.5k  0.45  
payload                           IPv6      58            12             2833           8115          4055        48.7k  0.11  
Total                             IPv6                    31                                          8102       251.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            36             4867         187254         33823          1.2m  0.48  
PROF_DETECT_IPONLY          IPv4      17            28             3750          67408         37430          1.0m  0.41  
PROF_DETECT_RULES           IPv4       1             1            13356          13356         13356         13.4k  0.01  
PROF_DETECT_RULES           IPv4       6           667             2532        5492401        106083         70.8m  27.97 
PROF_DETECT_RULES           IPv4      17            38            59803         243159        128798          4.9m  1.93  
PROF_DETECT_STATEFUL_START    IPv4       6           195             5105        4323997        179749         35.1m  13.85 
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             2869           2869          2869          2.9k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6           667             2511          43634          8982          6.0m  2.37  
PROF_DETECT_STATEFUL_CONT    IPv4      17            38             2516          44071          5529        210.1k  0.08  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           595             2551          48046          2873          1.7m  0.68  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            20             2584           3919          2853         57.1k  0.02  
PROF_DETECT_PREFILTER       IPv4       1             1            34743          34743         34743         34.7k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           667             7842        3368407         93661         62.5m  24.69 
PROF_DETECT_PREFILTER       IPv4      17            38            23901          91551         41199          1.6m  0.62  
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            23407          23407         23407         23.4k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv4       6           368            13659        2942387         68376         25.2m  9.95  
PROF_DETECT_PF_PAYLOAD      IPv4      17            38             8154          54074         19081        725.1k  0.29  
PROF_DETECT_PF_TX           IPv4       6           595             2549         969487         44539         26.5m  10.47 
PROF_DETECT_PF_TX           IPv4      17            10             2593          36877         14901        149.0k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6           348             2547          28160          3564          1.2m  0.49  
PROF_DETECT_PF_SORT1        IPv4      17            38             2704           4325          3349        127.3k  0.05  
PROF_DETECT_PF_SORT2        IPv4       1             1             3360           3360          3360          3.4k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6           667             2516          36416          2869          1.9m  0.76  
PROF_DETECT_PF_SORT2        IPv4      17            38             2549           4187          2913        110.7k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       1             1             2798           2798          2798          2.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6           667             2535          64650          3008          2.0m  0.79  
PROF_DETECT_NONMPMLIST      IPv4      17            38             2532          15621          3243        123.2k  0.05  
PROF_DETECT_ALERT           IPv4       1             1             2555           2555          2555          2.6k  0.00  
PROF_DETECT_ALERT           IPv4       6           667             2518          28669          2785          1.9m  0.73  
PROF_DETECT_ALERT           IPv4      17            38             2530           3254          2663        101.2k  0.04  
PROF_DETECT_CLEANUP         IPv4       1             1             2642           2642          2642          2.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6           667             2551          26886          2964          2.0m  0.78  
PROF_DETECT_CLEANUP         IPv4      17            38             2524           4338          2970        112.9k  0.04  
PROF_DETECT_GETS

This file has been truncated. Go here to download in full.


stats.log - (3677 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
------------------------------------------------------------------------------------
Date: 1/10/2019 -- 13:05:50 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 753
decoder.bytes                              | Total                     | 499817
decoder.ipv4                               | Total                     | 698
decoder.ipv6                               | Total                     | 31
decoder.ethernet                           | Total                     | 753
decoder.tcp                                | Total                     | 659
decoder.udp                                | Total                     | 57
decoder.icmpv4                             | Total                     | 1
decoder.icmpv6                             | Total                     | 12
decoder.avg_pkt_size                       | Total                     | 663
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 18
flow.udp                                   | Total                     | 33
flow.icmpv6                                | Total                     | 12
tcp.sessions                               | Total                     | 17
tcp.syn                                    | Total                     | 17
tcp.synack                                 | Total                     | 17
tcp.rst                                    | Total                     | 15
tcp.overlap                                | Total                     | 14
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 14
app_layer.tx.http                          | Total                     | 16
app_layer.flow.tls                         | Total                     | 3
app_layer.flow.dns_udp                     | Total                     | 8
app_layer.tx.dns_udp                       | Total                     | 8
app_layer.flow.failed_udp                  | Total                     | 25
flow_mgr.closed_pruned                     | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 30
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 58
flow_mgr.flows_notimeout                   | Total                     | 22
flow_mgr.flows_timeout                     | Total                     | 36
flow_mgr.flows_timeout_inuse               | Total                     | 4
flow_mgr.flows_removed                     | Total                     | 32
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65477
flow_mgr.rows_empty                        | Total                     | 4
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7091296


eve.json - (25747 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{"timestamp":"2018-12-18T05:49:14.557712+0000","flow_id":2125117779509904,"pcap_cnt":30,"event_type":"dns","src_ip":"192.168.56.21","src_port":49620,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57879,"rrname":"gfans.onmypc.us","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:15.229231+0000","flow_id":2125117779509904,"pcap_cnt":31,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":49620,"proto":"UDP","dns":{"type":"answer","id":57879,"rcode":"NOERROR","rrname":"gfans.onmypc.us","rrtype":"A","ttl":300,"rdata":"46.101.26.41"}}
{"timestamp":"2018-12-18T05:49:15.693236+0000","flow_id":64590039457654,"pcap_cnt":44,"event_type":"http","src_ip":"192.168.56.21","src_port":49174,"dest_ip":"46.101.26.41","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=72RvYmU6QXBwbGljYXRpb24gVmVyIGnMpI1gFJ90b0l0MzpDb21tul2+jWlsZXM6RGVidWdnaW5nIFRvb2xzgDDzRg6IqzmsyN0WoMCDw0bKQlghAqJJmLUBO1qIs83QkcQN3Ri4KUMHRBG8lc1lmJSEsRNGR9PgyHkz543ZLgRxE4ZNnjlpAzK1DXarWHkb7kiYth4ST8yYLTSIwBQiS30UrGakbk2reNB1ZGlvIDkuMLXhXDgpQrUGb\/SkYcMmrGYgp4yZN3g9sCZh0jIF3IRxG1eGdBumCKkbBzI6nsgJM9YxIDWYYUxkoIdzc2VtYmxpoDKBKm67MYducZOTxK2FoK2hRKeIYAiRIm3qQiBpJETbXUL6IAhKyZs6ctmDHnB\/IAbBo2RpYSBQbGF5rBgBJ1QpYFDQvKHzljpQ5q4PAaj1oRO2Pw==","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-18T05:49:16.017585+0000","flow_id":1209117219484681,"pcap_cnt":47,"event_type":"http","src_ip":"192.168.56.21","src_port":49175,"dest_ip":"46.101.26.41","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"gfans.onmypc.us","url":"\/WW3\/short.html","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-18T05:49:16.302248+0000","flow_id":64590039457654,"pcap_cnt":49,"event_type":"fileinfo","src_ip":"46.101.26.41","src_port":80,"dest_ip":"192.168.56.21","dest_port":49174,"proto":"TCP","http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=72RvYmU6QXBwbGljYXRpb24gVmVyIGnMpI1gFJ90b0l0MzpDb21tul2+jWlsZXM6RGVidWdnaW5nIFRvb2xzgDDzRg6IqzmsyN0WoMCDw0bKQlghAqJJmLUBO1qIs83QkcQN3Ri4KUMHRBG8lc1lmJSEsRNGR9PgyHkz543ZLgRxE4ZNnjlpAzK1DXarWHkb7kiYth4ST8yYLTSIwBQiS30UrGakbk2reNB1ZGlvIDkuMLXhXDgpQrUGb\/SkYcMmrGYgp4yZN3g9sCZh0jIF3IRxG1eGdBumCKkbBzI6nsgJM9YxIDWYYUxkoIdzc2VtYmxpoDKBKm67MYducZOTxK2FoK2hRKeIYAiRIm3qQiBpJETbXUL6IAhKyZs6ctmDHnB\/IAbBo2RpYSBQbGF5rBgBJ1QpYFDQvKHzljpQ5q4PAaj1oRO2Pw==","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":285},"app_proto":"http","fileinfo":{"filename":"\/url.asp","gaps":false,"state":"CLOSED","stored":false,"size":285,"tx_id":0}}
{"timestamp":"2018-12-18T05:49:16.581471+0000","flow_id":64590039457654,"pcap_cnt":52,"event_type":"http","src_ip":"192.168.56.21","src_port":49174,"dest_ip":"46.101.26.41","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=b2xlIERldmljZXM6V2luZG93cyBTMWnIlBETRq4noIwJA7dDcuuANghrdPYH","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-18T05:49:20.686979+0000","flow_id":1209117219484681,"pcap_cnt":53,"event_type":"fileinfo","src_ip":"46.101.26.41","src_port":80,"dest_ip":"192.168.56.21","dest_port":49175,"proto":"TCP","http":{"hostname":"gfans.onmypc.us","url":"\/WW3\/short.html","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":292},"app_proto":"http","fileinfo":{"filename":"\/WW3\/short.html","gaps":false,"state":"CLOSED","stored":false,"size":292,"tx_id":0}}
{"timestamp":"2018-12-18T05:49:21.308617+0000","flow_id":64590039457654,"pcap_cnt":56,"event_type":"fileinfo","src_ip":"46.101.26.41","src_port":80,"dest_ip":"192.168.56.21","dest_port":49174,"proto":"TCP","http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=b2xlIERldmljZXM6V2luZG93cyBTMWnIlBETRq4noIwJA7dDcuuANghrdPYH","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":285},"app_proto":"http","fileinfo":{"filename":"\/url.asp","gaps":false,"state":"CLOSED","stored":false,"size":285,"tx_id":1}}
{"timestamp":"2018-12-18T05:49:25.643639+0000","flow_id":1172098897005424,"pcap_cnt":68,"event_type":"http","src_ip":"192.168.56.21","src_port":49176,"dest_ip":"46.101.26.41","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"gfans.onmypc.us","url":"\/WW3\/short.html","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-18T05:49:25.742145+0000","flow_id":14437706978049,"pcap_cnt":71,"event_type":"dns","src_ip":"192.168.56.21","src_port":54995,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38892,"rrname":"go.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:26.313493+0000","flow_id":14437706978049,"pcap_cnt":72,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":54995,"proto":"UDP","dns":{"type":"answer","id":38892,"rcode":"NOERROR","rrname":"go.microsoft.com","rrtype":"A","ttl":300,"rdata":"104.115.140.6"}}
{"timestamp":"2018-12-18T05:49:30.356610+0000","flow_id":1172098897005424,"pcap_cnt":76,"event_type":"fileinfo","src_ip":"46.101.26.41","src_port":80,"dest_ip":"192.168.56.21","dest_port":49176,"proto":"TCP","http":{"hostname":"gfans.onmypc.us","url":"\/WW3\/short.html","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":292},"app_proto":"http","fileinfo":{"filename":"\/WW3\/short.html","gaps":false,"state":"CLOSED","stored":false,"size":292,"tx_id":0}}
{"timestamp":"2018-12-18T05:49:33.902727+0000","flow_id":791298506682256,"pcap_cnt":86,"event_type":"tls","src_ip":"192.168.56.21","src_port":49177,"dest_ip":"104.115.140.6","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=go.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-12-18T05:49:35.335921+0000","flow_id":1039298508824625,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.56.21","src_port":58258,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46032,"rrname":"ocsp.digicert.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:35.632589+0000","flow_id":1039298508824625,"pcap_cnt":92,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":58258,"proto":"UDP","dns":{"type":"answer","id":46032,"rcode":"NOERROR","rrname":"ocsp.digicert.com","rrtype":"A","ttl":3600,"rdata":"72.21.91.29"}}
{"timestamp":"2018-12-18T05:49:36.176967+0000","flow_id":1159428744142458,"pcap_cnt":100,"event_type":"http","src_ip":"192.168.56.21","src_port":49178,"dest_ip":"72.21.91.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2018-12-18T05:49:37.318543+0000","flow_id":157262550260815,"pcap_cnt":101,"event_type":"dns","src_ip":"192.168.56.21","src_port":59406,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13012,"rrname":"mscrl.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:37.354293+0000","flow_id":262042572384245,"pcap_cnt":102,"event_type":"dns","src_ip":"192.168.56.21","src_port":49858,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28461,"rrname":"crl.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:37.387931+0000","flow_id":1600964267207515,"pcap_cnt":103,"event_type":"dns","src_ip":"192.168.56.21","src_port":56517,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37418,"rrname":"ocsp.msocsp.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:37.916551+0000","flow_id":1600964267207515,"pcap_cnt":104,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":56517,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"ocsp.msocsp.com","rrtype":"A","ttl":3600,"rdata":"104.18.25.243"}}
{"timestamp":"2018-12-18T05:49:38.060300+0000","flow_id":262042572384245,"pcap_cnt":110,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":49858,"proto":"UDP","dns":{"type":"answer","id":28461,"rcode":"NOERROR","rrname":"crl.microsoft.com","rrtype":"A","ttl":300,"rdata":"96.17.68.19"}}
{"timestamp":"2018-12-18T05:49:38.180948+0000","flow_id":585926056157637,"pcap_cnt":118,"event_type":"http","src_ip":"192.168.56.21","src_port":49179,"dest_ip":"104.18.25.243","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.msocsp.com","url":"\/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAIDRU2YL2JJtYm8AAAAAgNE%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2018-12-18T05:49:39.130997+0000","flow_id":714169484713398,"pcap_cnt":293,"event_type":"http","src_ip":"192.168.56.21","src_port":49180,"dest_ip":"96.17.68.19","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"crl.microsoft.com","url":"\/pki\/mscorp\/crl\/Microsoft%20IT%20TLS%20CA%205.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-18T05:49:39.136139+0000","flow_id":157262550260815,"pcap_cnt":294,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":59406,"proto":"UDP","dns":{"type":"answer","id":13012,"rcode":"NOERROR","rrname":"mscrl.microsoft.com","rrtype":"A","ttl":3600,"rdata":"152.199.4.33"}}
{"timestamp":"2018-12-18T05:49:40.259512+0000","flow_id":1420708784856288,"pcap_cnt":480,"event_type":"http","src_ip":"192.168.56.21","src_port":49181,"dest_ip":"152.199.4.33","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"mscrl.microsoft.com","url":"\/pki\/mscorp\/crl\/Microsoft%20IT%20TLS%20CA%205.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-12-18T05:49:42.084025+0000","flow_id":1832248256347524,"pcap_cnt":493,"event_type":"tls","src_ip":"192.168.56.21","src_port":49182,"dest_ip":"104.115.140.6","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2018-12-18T05:49:42.766977+0000","flow_id":1439383302878209,"pcap_cnt":497,"event_type":"dns","src_ip":"192.168.56.21","src_port":61646,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15810,"rrname":"ieonline.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:43.893578+0000","flow_id":1439383302878209,"pcap_cnt":499,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":61646,"proto":"UDP","dns":{"type":"answer","id":15810,"rcode":"NOERROR","rrname":"ieonline.microsoft.com","rrtype":"A","ttl":300,"rdata":"204.79.197.200"}}
{"timestamp":"2018-12-18T05:49:44.183709+0000","flow_id":2145845293597578,"pcap_cnt":514,"event_type":"tls","src_ip":"192.168.56.21","src_port":49183,"dest_ip":"204.79.197.200","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.bing.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2018-12-18T05:49:45.468848+0000","flow_id":1063307376666480,"pcap_cnt":622,"event_type":"dns","src_ip":"192.168.56.21","src_port":51511,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62544,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-18T05:49:45.856829+0000","flow_id":1063307376666480,"pcap_cnt":623,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.21","dest_port":51511,"proto":"UDP","dns":{"type":"answer","id":62544,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"A","ttl":300,"rdata":"204.79.197.200"}}
{"timestamp":"2018-12-18T05:49:46.220833+0000","flow_id":334666174904127,"pcap_cnt":636,"event_type":"http","src_ip":"192.168.56.21","src_port":49184,"dest_ip":"204.79.197.200","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon"}}
{"timestamp":"2018-12-18T05:49:46.559830+0000","flow_id":267376922338070,"pcap_cnt":639,"event_type":"http","src_ip":"192.168.56.21","src_port":49185,"dest_ip":"46.101.26.41","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=T3Z0c3ZjIGlzIHJ1bm5pbme6\/QE=","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-18T05:49:46.877750+0000","flow_id":334666174904127,"pcap_cnt":641,"event_type":"fileinfo","src_ip":"204.79.197.200","src_port":80,"dest_ip":"192.168.56.21","dest_port":49184,"proto":"TCP","http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":237},"app_proto":"http","fileinfo":{"filename":"\/favicon.ico","gaps":false,"state":"CLOSED","stored":false,"size":237,"tx_id":0}}
{"timestamp":"2018-12-18T05:49:47.235383+0000","flow_id":334666174904127,"pcap_cnt":644,"event_type":"http","src_ip":"192.168.56.21","src_port":49184,"dest_ip":"204.79.197.200","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.bing.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"image\/x-icon"}}
{"timestamp":"2018-12-18T05:49:51.257137+0000","flow_id":267376922338070,"pcap_cnt":645,"event_type":"fileinfo","src_ip":"46.101.26.41","src_port":80,"dest_ip":"192.168.56.21","dest_port":49185,"proto":"TCP","http":{"hostname":"gfans.onmypc.us","url":"\/url.asp?WW3-ID-PSPUBWS-PC=T3Z0c3ZjIGlzIHJ1bm5pbme6\/QE=","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"l

This file has been truncated. Go here to download in full.


keyword_perf.log - (11529 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/10/2019 -- 13:05:50
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             3580617         1190            1190            21316           3008.00         3008.00         0.00           
  content          15812695        1967            1031            3001252         8038.00         10563.00        5257.00        
  pcre             2022162         520             59              24876           3888.00         5062.00         3738.00        
  byte_test        333895          98              40              34159           3407.00         4340.00         2763.00        
  byte_jump        18820           6               2               4306            3136.00         3101.00         3154.00        
  isdataat         27737           10              0               2905            2773.00         0.00            2773.00        
  flowbits         17267           4               4               5309            4316.00         4316.00         0.00           
  urilen           800274          274             55              3953            2920.00         2903.00         2925.00        
  byte_extract     21557           8               8               3521            2694.00         2694.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             3580617         1190            1190            21316           3008.00         3008.00         0.00           
  flowbits         17267           4               4               5309            4316.00         4316.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1419402         416             159             16776           3412.00         3901.00         3109.00        
  pcre             92567           23              2               8314            4024.00         4700.00         3960.00        
  byte_test        333895          98              40              34159           3407.00         4340.00         2763.00        
  byte_jump        18820           6               2               4306            3136.00         3101.00         3154.00        
  isdataat         27737           10              0               2905            2773.00         0.00            2773.00        
  byte_extract     21557           8               8               3521            2694.00         2694.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          586790          147             66              35436           3991.00         3995.00         3988.00        
  pcre             572478          113             0               22528           5066.00         0.00            5066.00        
  urilen           800274          274             55              3953            2920.00         2903.00         2925.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21763           7               0               3464            3109.00         0.00            3109.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6898414         339             111             141308          20349.00        39727.00        10915.00       
  pcre             847323          281             0               18015           3015.00         0.00            3015.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5306647         605             415             3001252         8771.00         11119.00        3641.00        
  pcre             403842          81              35              22902           4985.00         5237.00         4794.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          518780          145             77              24162           3577.00         3520.00         3642.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          59027           18              18              4215            3279.00         3279.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38661           11              11              4657            3514.00         3514.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          897326          258             154             17134           3478.00         3580.00         3325.00        
  pcre             105952          22              22              24876           4816.00         4816.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          62677           20              20              3993            3133.00         3133.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3208            1               0               3208            3208.00         0.00            3208.00        


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2019-01-10 13:05:26,298 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-10 13:05:27,040 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-10 13:05:27,040 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-10 13:05:27,041 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-10 13:05:27,041 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-10 13:05:27,041 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4601f60325e509e01abfde9e62bda32856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01102019.1305-network_5.pcap -vvv -k none
2019-01-10 13:05:50,266 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-10 13:05:50,266 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.9811520576