Filename: 1111.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.4970560074 seconds
Hash: 49f6a5b451868c24b39fed657dc5a9be
Uploaded: 1557155633

Logfiles


unified2.alert.1557155654 - (242 bytes) - download
1
4YW]Gµ Â	À¨t•À¨tŠÁ@½®YW]YW]Gµ’»OLØ%³õútE„@€À¨t•À¨tŠÁ@½¨¹t1º´ÉPÿáðXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????


packet_stats.log - (5555 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            78          1728800       52302689      34314515          2.7b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            78            82659       13332806        662385         51.7m   99.07
TMM_RECEIVEPCAPFILE         IPv4       6            76             2586          11648          3149        239.4k    0.46
TMM_DECODEPCAPFILE          IPv4       6            76             2650          32731          3227        245.3k    0.47

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            76             2766           6859          3245        246.7k  0.65  
stream                  IPv4       6            78             3435          75733          9893        771.7k  2.04  
detect                  IPv4       6            78            58771        8450295        467468         36.5m  96.61 
tcp-prune               IPv4       6            78             2571          16021          3344        260.8k  0.69  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6             3             2814           3953          3483         10.5k  100.00

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           127462         127462        127462        127.5k  1.00  
LOGGER_UNIFIED2             IPv4       6             1           105621         105621        105621        105.6k  0.83  
LOGGER_JSON_ALERT           IPv4       6             1         12548334       12548334      12548334         12.5m  98.18 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            56             3680        8340211        201969        11.3m  71.61 
stream                            IPv4       6            56             2542         713555         80065         4.5m  28.39 
Total                             IPv4                   112                                        141017        15.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            37566          82216         59891        119.8k  0.23  
PROF_DETECT_RULES           IPv4       6            78             2573        1013254        162605         12.7m  24.48 
PROF_DETECT_STATEFUL_START    IPv4       6             1            16807          16807         16807         16.8k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6            78             2515         400664         22256          1.7m  3.35  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            74             2553           3228          2670        197.6k  0.38  
PROF_DETECT_PREFILTER       IPv4       6            78             8705        8374161        239950         18.7m  36.12 
PROF_DETECT_PF_PAYLOAD      IPv4       6            56            16940        8352237        290014         16.2m  31.34 
PROF_DETECT_PF_TX           IPv4       6            74             2634         383436          8094        599.0k  1.16  
PROF_DETECT_PF_SORT1        IPv4       6            47             2607           9305          4012        188.6k  0.36  
PROF_DETECT_PF_SORT2        IPv4       6            78             2546          19136          3643        284.2k  0.55  
PROF_DETECT_NONMPMLIST      IPv4       6            78             2554           3906          2871        224.0k  0.43  
PROF_DETECT_ALERT           IPv4       6            78             2525          26974          3731        291.1k  0.56  
PROF_DETECT_CLEANUP         IPv4       6            78             2603          49300          3635        283.6k  0.55  
PROF_DETECT_GETSGH          IPv4       6            78             2518          17443          3026        236.1k  0.46  


suricata-4.0.0-etpro-all-alert-2019-05-06-T-15-14-15-05062019.1512-1111.pcap.txt - (212 bytes) - download
1
05/18/2017-08:12:13.280501  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49472 -> 192.168.116.138:445


stats.log - (2528 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 15:14:15 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 76
decoder.bytes                              | Total                     | 69891
decoder.ipv4                               | Total                     | 76
decoder.ethernet                           | Total                     | 76
decoder.tcp                                | Total                     | 76
decoder.avg_pkt_size                       | Total                     | 919
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.smb                         | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (414 bytes) - download
1
{"timestamp":"2017-05-18T08:12:13.280501+0000","flow_id":2138076987884022,"pcap_cnt":8,"event_type":"alert","src_ip":"192.168.116.149","src_port":49472,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}


keyword_perf.log - (5815 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:14:15
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            7209            1               1               7209            7209.00         7209.00         0.00           
  flow             42660           10              10              8919            4266.00         4266.00         0.00           
  threshold        36464           6               0               13778           6077.00         0.00            6077.00        
  content          4147150         534             245             400345          7766.00         9231.00         6523.00        
  pcre             327328          67              4               14886           4885.00         7862.00         4696.00        
  byte_test        96033           31              12              5244            3097.00         3117.00         3085.00        
  byte_jump        35691           11              7               4790            3244.00         3287.00         3169.00        
  flowbits         10095           3               3               4874            3365.00         3365.00         0.00           
  dce_iface        139085          50              0               6971            2781.00         0.00            2781.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            7209            1               1               7209            7209.00         7209.00         0.00           
  flow             42660           10              10              8919            4266.00         4266.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4147150         534             245             400345          7766.00         9231.00         6523.00        
  pcre             327328          67              4               14886           4885.00         7862.00         4696.00        
  byte_test        96033           31              12              5244            3097.00         3117.00         3085.00        
  byte_jump        35691           11              7               4790            3244.00         3287.00         3169.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         10095           3               3               4874            3365.00         3365.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        36464           6               0               13778           6077.00         0.00            6077.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        139085          50              0               6971            2781.00         0.00            2781.00        


suricata-report-2019-05-06-T-15-14-15-05062019.1512-1111.pcap.txt - (17427 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/49f6a5b451868c24b39fed657dc5a9be56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1512-1111.pcap -vvv -k none
elapsedtime:20.590097
stderr:
stdout:
6/5/2019 -- 15:13:54 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 15:13:54 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 15:13:54 - <Info> - CPUs/cores online: 1
6/5/2019 -- 15:13:54 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33477 and 'request-body-inspect-window' set to 15754 after randomization.
6/5/2019 -- 15:13:54 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34141 and 'response-body-inspect-window' set to 16493 after randomization.
6/5/2019 -- 15:13:54 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 15:13:54 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 15:13:54 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 15:13:54 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 15:13:54 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 15:13:54 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 15:13:54 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 15:13:54 - <Config> - Core dump size is unlimited.
6/5/2019 -- 15:13:54 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 15:13:54 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 15:13:54 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 15:13:54 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 15:13:54 - <Config> - stream "memcap": 33554432
6/5/2019 -- 15:13:54 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 15:13:54 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 15:13:54 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 15:13:54 - <Config> - stream."inline": disabled
6/5/2019 -- 15:13:54 - <Config> - stream "bypass": disabled
6/5/2019 -- 15:13:54 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly "toserver-chunk-size": 2593
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly "toclient-chunk-size": 2632
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 15:13:54 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 15:13:54 - <Config> - Delayed detect disabled
6/5/2019 -- 15:13:54 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 15:13:54 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 15:13:54 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 15:13:54 - <Config> - prefilter engines: MPM
6/5/2019 -- 15:13:54 - <Config> - IP reputation disabled
6/5/2019 -- 15:13:54 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 15:13:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
6/5/2019 -- 15:13:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
6/5/2019 -- 15:13:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
6/5/2019 -- 15:13:59 - <Config> - No rules loaded from ET-icmp.rules.
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
6/5/2019 -- 15:13:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
6/5/2019 -- 15:14:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
6/5/2019 -- 15:14:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
6/5/2019 -- 15:14:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
6/5/2019 -- 15:14:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
6/5/2019 -- 15:14:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
6/5/2019 -- 15:14:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
6/5/2019 -- 15:14:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
6/5/2019 -- 15:14:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
6/5/2019 -- 15:14:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
6/5/2019 -- 15:14:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
6/5/2019 -- 15:14:07 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 15:14:07 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
6/5/2019 -- 15:14:07 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:14:07 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:14:07 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
6/5/2019 -- 15:14:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 15:14:08 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
6/5/2019 -- 15:14:08 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
6/5/2019 -- 15:14:08 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
6/5/2019 -- 15:14:08 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
6/5/2019 -- 15:14:08 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
6/5/2019 -- 15:14:08 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 15:14:12 - <Perf> - Unique rule groups: 104
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toserver TCP packet": 35
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toclient TCP packet": 17
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toserver TCP stream": 33
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toclient TCP stream": 19
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toserver UDP packet": 27
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "toclient UDP packet": 17
6/5/2019 -- 15:14:12 - <Perf> - Builtin MPM "other IP packet": 3
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_uri": 14
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_header": 10
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_header": 6
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_header_names": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_protocol": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_method": 5
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver tls_sni": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 15:14:12 - <Perf> - AppLayer MPM "toclient file_data": 7
6/5/2019 -- 15:14:14 - <Perf> - Registered 39590 rule profiling counters.
6/5/2019 -- 15:14:14 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 15:14:14 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 15:14:14 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 15:14:14 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 15:14:14 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 15:14:14 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 15:14:14 - <Info> - reading pcap file /var/pcap/05062019.1512-1111.pcap
6/5/2019 -- 15:14:14 - <Config> - using 1 flow manager threads
6/5/2019 -- 15:14:14 - <Config> - using 1 flow recycler threads
6/5/2019 -- 15:14:14 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
6/5/2019 -- 15:14:14 - <Info> - pcap file end of file

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 15:13:53,941 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 15:13:54,676 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 15:13:54,676 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-06 15:13:54,677 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 15:13:54,677 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 15:13:54,677 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/49f6a5b451868c24b39fed657dc5a9be56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1512-1111.pcap -vvv -k none
2019-05-06 15:14:15,269 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 15:14:15,269 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.3362038136


suricata-4.0.0-etpro-all-perf.txt-2019-05-06-T-15-14-15-05062019.1512-1111.pcap.txt - (15701 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:14:15. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018068      1        2        769420       7.49   9        0        428602      85491.11    0.00        85491.11   
  2        2018063      1        3        815395       7.94   10       0        426937      81539.50    0.00        81539.50   
  3        2018062      1        2        384258       3.74   9        0        78840       42695.33    0.00        42695.33   
  4        2018066      1        2        529918       5.16   13       0        69782       40762.92    0.00        40762.92   
  5        2018064      1        2        475633       4.63   11       0        67508       43239.36    0.00        43239.36   
  6        2018059      1        2        448447       4.37   10       0        63090       44844.70    0.00        44844.70   
  7        2018061      1        2        473786       4.61   11       0        62451       43071.45    0.00        43071.45   
  8        2018067      1        3        371638       3.62   9        0        60584       41293.11    0.00        41293.11   
  9        2018065      1        2        485947       4.73   11       0        53960       44177.00    0.00        44177.00   
  10       2018060      1        2        476927       4.64   11       0        52190       43357.00    0.00        43357.00   
  11       2102466      1        9        68636        0.67   2        1        47517       34318.00    47517.00    21119.00   
  12       2024217      1        2        470486       4.58   30       3        46137       15682.87    43246.33    12620.26   
  13       2001569      1        15       40153        0.39   1        1        40153       40153.00    40153.00    0.00       
  14       2800546      1        3        67941        0.66   2        2        39527       33970.50    33970.50    0.00       
  15       2103024      1        3        58625        0.57   2        0        39319       29312.50    0.00        29312.50   
  16       2025090      1        1        60443        0.59   2        1        38342       30221.50    38342.00    22101.00   
  17       2102472      1        11       59163        0.58   2        0        37921       29581.50    0.00        29581.50   
  18       2102955      1        4        66309        0.65   2        0        33326       33154.50    0.00        33154.50   
  19       2820646      1        1        57178        0.56   2        1        32926       28589.00    32926.00    24252.00   
  20       2805141      1        4        606357       5.90   102      0        32689       5944.68     0.00        5944.68    
  21       2012084      1        2        52221        0.51   2        0        29569       26110.50    0.00        26110.50   
  22       2024430      1        3        369961       3.60   30       0        29262       12332.03    0.00        12332.03   
  23       2102979      1        4        48938        0.48   2        0        27839       24469.00    0.00        24469.00   
  24       2103040      1        5        46128        0.45   2        0        27251       23064.00    0.00        23064.00   
  25       2103056      1        5        52697        0.51   4        0        26822       13174.25    0.00        13174.25   
  26       2103003      1        7        46869        0.46   2        0        26757       23434.50    0.00        23434.50   
  27       2103048      1        5        51784        0.50   4        0        26505       12946.00    0.00        12946.00   
  28       2103032      1        5        45627        0.44   2        0        26085       22813.50    0.00        22813.50   
  29       2810020      1        2        442245       4.31   33       0        25689       13401.36    0.00        13401.36   
  30       2800542      1        2        23487        0.23   1        0        23487       23487.00    0.00        23487.00   
  31       2102383      1        21       43803        0.43   2        0        22085       21901.50    0.00        21901.50   
  32       2103030      1        5        40837        0.40   2        0        21902       20418.50    0.00        20418.50   
  33       2103046      1        5        46491        0.45   4        0        21773       11622.75    0.00        11622.75   
  34       2102402      1        6        39078        0.38   2        0        21760       19539.00    0.00        19539.00   
  35       2103022      1        4        40898        0.40   2        0        21453       20449.00    0.00        20449.00   
  36       2103038      1        5        40431        0.39   2        0        21115       20215.50    0.00        20215.50   
  37       2102468      1        9        41649        0.41   2        0        21029       20824.50    0.00        20824.50   
  38       2102471      1        12       41401        0.40   2        0        20763       20700.50    0.00        20700.50   
  39       2103054      1        5        45868        0.45   4        0        20762       11467.00    0.00        11467.00   
  40       2024219      1        1        339837       3.31   30       0        20074       11327.90    0.00        11327.90   
  41       2024216      1        1        37354        0.36   3        0        15665       12451.33    0.00        12451.33   
  42       2103001      1        5        100015       0.97   33       0        15083       3030.76     0.00        3030.76    
  43       2014958      1        1        25369        0.25   2        0        14634       12684.50    0.00        12684.50   
  44       2014956      1        1        24716        0.24   2        0        14530       12358.00    0.00        12358.00   
  45       2815451      1        2        33591        0.33   3        0        14354       11197.00    0.00        11197.00   
  46       2022547      1        1        10998        0.11   3        0        4150        3666.00     0.00        3666.00    
  47       2009387      1        4        4001         0.04   1        0        4001        4001.00     0.00        4001.00    
  48       2103035      1        9        90756        0.88   33       0        3886        2750.18     0.00        2750.18    
  49       2024778      1        1        6462         0.06   2        0        3881        3231.00     0.00        3231.00    
  50       2807546      1        6        6451         0.06   2        0        3879        3225.50     0.00        3225.50    
  51       2018558      1        5        9891         0.10   3        0        3851        3297.00     0.00        3297.00    
  52       2100538      1        17       6765         0.07   2        0        3781        3382.50     0.00        3382.50    
  53       2102511      1        10       97224        0.95   33       0        3732        2946.18     0.00        2946.18    
  54       2015986      1        5        6920         0.07   2        0        3680        3460.00     0.00        3460.00    
  55       2102401      1        5        6608         0.06   2        0        3639        3304.00     0.00        3304.00    
  56       2101973      1        11       14776        0.14   5        0        3610        2955.20     0.00        2955.20    
  57       2102470      1        12       6610         0.06   2        0        3593        3305.00     0.00        3305.00    
  58       2101621      1        12       3544         0.03   1        0        3544        3544.00     0.00        3544.00    
  59       2008306      1        3        9227         0.09   3        0        3446        3075.67     0.00        3075.67    
  60       2022546      1        1        9348         0.09   3        0        3441        3116.00     0.00        3116.00    
  61       2100533      1        17       6462         0.06   2        0        3428        3231.00     0.00        3231.00    
  62       2809271      1        2        40065        0.39   15       0        3415        2671.00     0.00        2671.00    
  63       2819805      1        3        55213        0.54   20       0        3404        2760.65     0.00        2760.65    
  64       2102523      1        8        3357         0.03   1        0        3357        3357.00     0.00        3357.00    
  65       2800543      1        4        3348         0.03   1        0        3348        3348.00     0.00        3348.00    
  66       2017935      1        3        54956        0.54   20       0        3345        2747.80     0.00        2747.80    
  67       2802818      1        2        6111         0.06   2        0        3312        3055.50     0.00        3055.50    
  68       2811637      1        1        50948        0.50   19       0        3301        2681.47     0.00        2681.47    
  69       2805446      1        5        6464         0.06   2        0        3301        3232.00     0.00        3232.00    
  70       2101919      1        24       6336         0.06   2        0        3298        3168.00     0.00        3168.00    
  71       2103052      1        5        11474        0.11   4        0        3284        2868.50     0.00        2868.50    
  72       2103159      1        4        3280         0.03   1        0        3280        3280.00     0.00        3280.00    
  73       2021977      1        6        3275         0.03   1        0        3275        3275.00     0.00        3275.00    
  74       2103238      1        4        3273         0.03   1        0        3273        3273.00     0.00        3273.00    
  75       2103019      1        5        88511        0.86   33       0        3273        2682.15     0.00        2682.15    
  76       2016293      1        2        3271         0.03   1        0        3271        3271.00     0.00        3271.00    
  77       2103026      1        5        6150         0.06   2        0        3269        3075.00     0.00        3075.00    
  78       2100536      1        13       6276         0.06   2        0        3259        3138.00     0.00        3138.00    
  79       2103044      1        6        11591        0.11   4        0        3249        2897.75     0.00        2897.75    
  80       2008307      1        3        8984         0.09   3        0        3243        2994.67     0.00        2994.67    
  81       2805451      1        1        3242         0.03   1        0        3242        3242.00     0.00        3242.00    
  82       2804982      1        2        6419         0.06   2        0        3236        3209.50     0.00        3209.50    
  83       2101672      1        12       6436         0.06   2        0        3223        3218.00     0.00        3218.00    
  84       2827604      1        2        3203         0.03   1        0        3203        3203.00     0.00        3203.00    
  85       2828876      1        1        137620       1.34   51       0        3201        2698.43     0.00        2698.43    
  86       2811034      1        1        6169         0.06   2        0        3160        3084.50     0.00        3084.50    
  87       2826236      1        2        5817         0.06   2        0        3157        2908.50     0.00        2908.50    
  88       2103029      1        6        87673        0.85   33       0        3143        2656.76     0.00        2656.76    
  89       2001330      1        8        9343         0.09   3        0        3135        3114.33     0.00        3114.33    
  90       2018283      1        5        3126         0.03   1        0        3126        3126.00     0.00        3126.00    
  91       2103042      1        5        11208        0.11   4        0        3122        2802.00     0.00        2802.00    
  92       2103027      1        6        88636        0.86   33       0        3106        2685.94     0.00        2685.94    
  93       2021978      1        6        5639         0.05   2        0        3096        2819.50     0.00        2819.50    
  94       2802161      1        1        3076         0.03   1        0        3076        3076.00     0.00        3076.00    
  95       2816920      1        1        3074         0.03   1        0        3074        3074.00     0.00        3074.00    
  96       2810650      1        1        39200        0.38   15       0        3061        2613.33     0.00        2613.33    
  97       2103034      1        5        5848         0.06   2        0        3060        2924.00     0.00        2924.00    
  98       2103002      1        5        87265        0.85   33       0        3054        2644.39     0.00        2644.39    
  99       2102523      1        8        3045         0.03   1        0        3045        3045.00     0.00        3045.00    
  100      2103018      1        5        5826         0.06   2        0        3045        2913.00     0.00        2913.00    
  101      2816381      1        1        28750        0.28   11       0        3037        2613.64     0.00        2613.64    
  102      2103158      1        6        11447        0.11   4        0        3034        2861.75     0.00        2861.75    
  103      2101379      1        13       3030         0.03   1        0        3030        3030.00     0.00        3030.00    
  104      2101229      1        8        6021         0.06   2        0        3022        3010.50     0.00        3010.50    
  105      2018281      1        4        5778         0.06   2        0        3019        2889.00     0.00        2889.00    
  106      2102374      1        7        3008         0.03   1        0        3008        3008.00     0.00        3008.00    
  107      2008297      1        5        3000         0.03   1        0        3000        3000.00     0.00        3000.00    
  108      2102110      1        4        2975         0.03   1        0        2975        2975.00     0.00        2975.00    
  109      2103036      1        5        5751         0.06   2        0        2971        2875.50     0.00        2875.50    
  110      2103050      1        5        11071        0.11   4        0        2962        2767.75     0.00        2767.75    
  111      2103028      1        5        5508         0.05   2        0        2953        2754.00     0.00        2754.00    
  112      2103020      1        5        5583         0.05   2        0        2951        2791.50     0.00        2791.50    
  113      2816380      1        1        39591        0.39   15       0        2936        2639.40     0.00        2639.40    
  114      2021976      1        2        5767         0.06   2        0        2890        2883.50     0.00        2883.50    
  115      2101976      1        10       2822         0.03   1        0        2822        2822.00     0.00        2822.00    
  116      2014130      1        2        2781         0.03   1        0        2781        2781.00     0.00        2781.00    
  117      2018291      1        1        22971        0.22   9        0        2601        2552.33     0.00        2552.33    
  118      2804944      1        1        2586         0.03   1        0        2586        2586.00     0.00        2586.00    
  119      2821020      1        2        2538         0.02   1        0        2538        2538.00     0.00        2538.00