Filename: 1111.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-base
Runtime: 18.6980021 seconds
Hash: 49f6a5b451868c24b39fed657dc5a9be
Uploaded: 1557155532

Logfiles


suricata-4.0.0-etpro-base-perf.txt-2019-05-06-T-15-12-31-05062019.1512-1111.pcap.txt - (15445 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:12:31. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2102511      1        10       545489       4.42   33       0        453845      16529.97    0.00        16529.97   
  2        2018063      1        3        824985       6.69   10       0        445485      82498.50    0.00        82498.50   
  3        2018061      1        2        854164       6.93   11       0        431552      77651.27    0.00        77651.27   
  4        2018060      1        2        884610       7.17   11       0        421722      80419.09    0.00        80419.09   
  5        2018066      1        2        881021       7.14   13       0        419926      67770.85    0.00        67770.85   
  6        2101621      1        12       383718       3.11   1        0        383718      383718.00   0.00        383718.00  
  7        2810650      1        1        417952       3.39   15       0        381242      27863.47    0.00        27863.47   
  8        2103056      1        5        107947       0.88   4        0        82757       26986.75    0.00        26986.75   
  9        2102472      1        11       84029        0.68   2        0        61499       42014.50    0.00        42014.50   
  10       2018059      1        2        444712       3.61   10       0        61125       44471.20    0.00        44471.20   
  11       2018068      1        2        399390       3.24   9        0        60570       44376.67    0.00        44376.67   
  12       2018062      1        2        365951       2.97   9        0        54464       40661.22    0.00        40661.22   
  13       2018064      1        2        453863       3.68   11       0        53367       41260.27    0.00        41260.27   
  14       2018065      1        2        443681       3.60   11       0        52218       40334.64    0.00        40334.64   
  15       2018067      1        3        355915       2.89   9        0        48628       39546.11    0.00        39546.11   
  16       2024217      1        2        470370       3.81   30       3        47593       15679.00    42925.33    12651.63   
  17       2815451      1        2        67267        0.55   3        0        47438       22422.33    0.00        22422.33   
  18       2102466      1        9        66909        0.54   2        1        45283       33454.50    45283.00    21626.00   
  19       2805141      1        4        628208       5.09   102      0        42448       6158.90     0.00        6158.90    
  20       2103024      1        3        60019        0.49   2        0        40748       30009.50    0.00        30009.50   
  21       2800546      1        3        68647        0.56   2        2        39234       34323.50    34323.50    0.00       
  22       2001569      1        15       39208        0.32   1        1        39208       39208.00    39208.00    0.00       
  23       2024219      1        1        372678       3.02   30       0        38724       12422.60    0.00        12422.60   
  24       2025090      1        1        59695        0.48   2        1        36668       29847.50    36668.00    23027.00   
  25       2828876      1        1        168870       1.37   51       0        32924       3311.18     0.00        3311.18    
  26       2103003      1        7        64861        0.53   2        0        32620       32430.50    0.00        32430.50   
  27       2102955      1        4        58009        0.47   2        0        30194       29004.50    0.00        29004.50   
  28       2012084      1        2        50967        0.41   2        0        28774       25483.50    0.00        25483.50   
  29       2102979      1        4        51561        0.42   2        0        28153       25780.50    0.00        25780.50   
  30       2103032      1        5        46676        0.38   2        0        27639       23338.00    0.00        23338.00   
  31       2103048      1        5        51695        0.42   4        0        27070       12923.75    0.00        12923.75   
  32       2103040      1        5        45532        0.37   2        0        26481       22766.00    0.00        22766.00   
  33       2810020      1        2        442928       3.59   33       0        26444       13422.06    0.00        13422.06   
  34       2800542      1        2        24230        0.20   1        0        24230       24230.00    0.00        24230.00   
  35       2102383      1        21       44229        0.36   2        0        22281       22114.50    0.00        22114.50   
  36       2103054      1        5        47038        0.38   4        0        21572       11759.50    0.00        11759.50   
  37       2102471      1        12       42642        0.35   2        0        21324       21321.00    0.00        21321.00   
  38       2102402      1        6        37809        0.31   2        0        21285       18904.50    0.00        18904.50   
  39       2103022      1        4        41211        0.33   2        0        21280       20605.50    0.00        20605.50   
  40       2102468      1        9        42091        0.34   2        0        21261       21045.50    0.00        21045.50   
  41       2103046      1        5        46097        0.37   4        0        20982       11524.25    0.00        11524.25   
  42       2103038      1        5        39977        0.32   2        0        20817       19988.50    0.00        19988.50   
  43       2024430      1        3        353009       2.86   30       0        20519       11766.97    0.00        11766.97   
  44       2103030      1        5        39834        0.32   2        0        20483       19917.00    0.00        19917.00   
  45       2014956      1        1        26079        0.21   2        0        15717       13039.50    0.00        13039.50   
  46       2024216      1        1        37347        0.30   3        0        15604       12449.00    0.00        12449.00   
  47       2103035      1        9        112482       0.91   33       0        15157       3408.55     0.00        3408.55    
  48       2103018      1        5        17983        0.15   2        0        15019       8991.50     0.00        8991.50    
  49       2014958      1        1        24102        0.20   2        0        14823       12051.00    0.00        12051.00   
  50       2101919      1        24       16561        0.13   2        0        14004       8280.50     0.00        8280.50    
  51       2001330      1        8        11198        0.09   3        0        4146        3732.67     0.00        3732.67    
  52       2819805      1        3        57448        0.47   20       0        4113        2872.40     0.00        2872.40    
  53       2015986      1        5        7278         0.06   2        0        4100        3639.00     0.00        3639.00    
  54       2811637      1        1        52304        0.42   19       0        4014        2752.84     0.00        2752.84    
  55       2022547      1        1        10530        0.09   3        0        3979        3510.00     0.00        3510.00    
  56       2008307      1        3        10243        0.08   3        0        3945        3414.33     0.00        3414.33    
  57       2009387      1        4        3882         0.03   1        0        3882        3882.00     0.00        3882.00    
  58       2800543      1        4        3836         0.03   1        0        3836        3836.00     0.00        3836.00    
  59       2826236      1        2        6486         0.05   2        0        3825        3243.00     0.00        3243.00    
  60       2103044      1        6        12065        0.10   4        0        3817        3016.25     0.00        3016.25    
  61       2024778      1        1        6424         0.05   2        0        3753        3212.00     0.00        3212.00    
  62       2101229      1        8        6981         0.06   2        0        3748        3490.50     0.00        3490.50    
  63       2103019      1        5        89869        0.73   33       0        3675        2723.30     0.00        2723.30    
  64       2816920      1        1        3550         0.03   1        0        3550        3550.00     0.00        3550.00    
  65       2809271      1        2        40221        0.33   15       0        3547        2681.40     0.00        2681.40    
  66       2016293      1        2        3527         0.03   1        0        3527        3527.00     0.00        3527.00    
  67       2102523      1        8        3507         0.03   1        0        3507        3507.00     0.00        3507.00    
  68       2103001      1        5        89740        0.73   33       0        3487        2719.39     0.00        2719.39    
  69       2802161      1        1        3470         0.03   1        0        3470        3470.00     0.00        3470.00    
  70       2805446      1        5        6867         0.06   2        0        3465        3433.50     0.00        3433.50    
  71       2102374      1        7        3444         0.03   1        0        3444        3444.00     0.00        3444.00    
  72       2103159      1        4        3422         0.03   1        0        3422        3422.00     0.00        3422.00    
  73       2102523      1        8        3419         0.03   1        0        3419        3419.00     0.00        3419.00    
  74       2018558      1        5        9269         0.08   3        0        3378        3089.67     0.00        3089.67    
  75       2101379      1        13       3369         0.03   1        0        3369        3369.00     0.00        3369.00    
  76       2017935      1        3        54004        0.44   20       0        3358        2700.20     0.00        2700.20    
  77       2018283      1        5        3332         0.03   1        0        3332        3332.00     0.00        3332.00    
  78       2103002      1        5        89102        0.72   33       0        3329        2700.06     0.00        2700.06    
  79       2827604      1        2        3310         0.03   1        0        3310        3310.00     0.00        3310.00    
  80       2103029      1        6        89191        0.72   33       0        3306        2702.76     0.00        2702.76    
  81       2804982      1        2        6561         0.05   2        0        3293        3280.50     0.00        3280.50    
  82       2103026      1        5        6004         0.05   2        0        3293        3002.00     0.00        3002.00    
  83       2018281      1        4        6244         0.05   2        0        3288        3122.00     0.00        3122.00    
  84       2811034      1        1        6413         0.05   2        0        3284        3206.50     0.00        3206.50    
  85       2008306      1        3        9164         0.07   3        0        3279        3054.67     0.00        3054.67    
  86       2021977      1        6        3275         0.03   1        0        3275        3275.00     0.00        3275.00    
  87       2103027      1        6        89891        0.73   33       0        3273        2723.97     0.00        2723.97    
  88       2805451      1        1        3266         0.03   1        0        3266        3266.00     0.00        3266.00    
  89       2021978      1        6        5795         0.05   2        0        3257        2897.50     0.00        2897.50    
  90       2101973      1        11       14348        0.12   5        0        3256        2869.60     0.00        2869.60    
  91       2008297      1        5        3251         0.03   1        0        3251        3251.00     0.00        3251.00    
  92       2100536      1        13       6267         0.05   2        0        3246        3133.50     0.00        3133.50    
  93       2103050      1        5        11449        0.09   4        0        3244        2862.25     0.00        2862.25    
  94       2103158      1        6        11336        0.09   4        0        3181        2834.00     0.00        2834.00    
  95       2100538      1        17       6224         0.05   2        0        3177        3112.00     0.00        3112.00    
  96       2816381      1        1        28755        0.23   11       0        3154        2614.09     0.00        2614.09    
  97       2103034      1        5        5780         0.05   2        0        3126        2890.00     0.00        2890.00    
  98       2102470      1        12       6112         0.05   2        0        3093        3056.00     0.00        3056.00    
  99       2816380      1        1        40237        0.33   15       0        3074        2682.47     0.00        2682.47    
  100      2807546      1        6        5718         0.05   2        0        3067        2859.00     0.00        2859.00    
  101      2103042      1        5        11341        0.09   4        0        3065        2835.25     0.00        2835.25    
  102      2103036      1        5        5879         0.05   2        0        3063        2939.50     0.00        2939.50    
  103      2103052      1        5        11356        0.09   4        0        3062        2839.00     0.00        2839.00    
  104      2102110      1        4        3061         0.02   1        0        3061        3061.00     0.00        3061.00    
  105      2103028      1        5        5794         0.05   2        0        3050        2897.00     0.00        2897.00    
  106      2102401      1        5        6067         0.05   2        0        3035        3033.50     0.00        3033.50    
  107      2101672      1        12       6002         0.05   2        0        3034        3001.00     0.00        3001.00    
  108      2022546      1        1        8437         0.07   3        0        3030        2812.33     0.00        2812.33    
  109      2103020      1        5        5937         0.05   2        0        3021        2968.50     0.00        2968.50    
  110      2100533      1        17       6032         0.05   2        0        3017        3016.00     0.00        3016.00    
  111      2103238      1        4        2954         0.02   1        0        2954        2954.00     0.00        2954.00    
  112      2021976      1        2        5729         0.05   2        0        2882        2864.50     0.00        2864.50    
  113      2101976      1        10       2779         0.02   1        0        2779        2779.00     0.00        2779.00    
  114      2018291      1        1        23504        0.19   9        0        2760        2611.56     0.00        2611.56    
  115      2014130      1        2        2748         0.02   1        0        2748        2748.00     0.00        2748.00    
  116      2804944      1        1        2582         0.02   1        0        2582        2582.00     0.00        2582.00    
  117      2821020      1        2        2549         0.02   1        0        2549        2549.00     0.00        2549.00    


packet_stats.log - (5555 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            78           852967       54548199      35002282          2.7b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            78            74462       11337416        696039         54.3m   99.11
TMM_RECEIVEPCAPFILE         IPv4       6            76             2601          10747          3166        240.6k    0.44
TMM_DECODEPCAPFILE          IPv4       6            76             2662          31754          3239        246.2k    0.45

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            76             2800          29601          4002        304.2k  0.73  
stream                  IPv4       6            78             3431         386857         14622          1.1m  2.72  
detect                  IPv4       6            78            50844       10327560        515654         40.2m  95.93 
tcp-prune               IPv4       6            78             2575          14748          3365        262.5k  0.63  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6             3             2809           3402          3144          9.4k  100.00

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           149408         149408        149408        149.4k  1.38  
LOGGER_UNIFIED2             IPv4       6             1           106150         106150        106150        106.2k  0.98  
LOGGER_JSON_ALERT           IPv4       6             1         10544082       10544082      10544082         10.5m  97.63 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            56             2724        7998700        204276        11.4m  67.06 
stream                            IPv4       6            56             2551         765890        100341         5.6m  32.94 
Total                             IPv4                   112                                        152309        17.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2             6901          45467         26184         52.4k  0.09  
PROF_DETECT_RULES           IPv4       6            78             2570        1445883        193575         15.1m  26.76 
PROF_DETECT_STATEFUL_START    IPv4       6             1            16415          16415         16415         16.4k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6            78             2521          51864         13933          1.1m  1.93  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            74             2556           3475          2704        200.1k  0.35  
PROF_DETECT_PREFILTER       IPv4       6            78             8250        8810679        260543         20.3m  36.02 
PROF_DETECT_PF_PAYLOAD      IPv4       6            56            16555        8775070        312509         17.5m  31.02 
PROF_DETECT_PF_TX           IPv4       6            74             2662           7050          2997        221.8k  0.39  
PROF_DETECT_PF_SORT1        IPv4       6            47             2606          19030          4360        205.0k  0.36  
PROF_DETECT_PF_SORT2        IPv4       6            78             2547          11985          3221        251.3k  0.45  
PROF_DETECT_NONMPMLIST      IPv4       6            78             2571         380464          7802        608.6k  1.08  
PROF_DETECT_ALERT           IPv4       6            78             2532         109817          4642        362.1k  0.64  
PROF_DETECT_CLEANUP         IPv4       6            78             2606          15860          3221        251.3k  0.45  
PROF_DETECT_GETSGH          IPv4       6            78             2527          25177          3049        237.8k  0.42  


suricata-report-2019-05-06-T-15-12-31-05062019.1512-1111.pcap.txt - (16153 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/49f6a5b451868c24b39fed657dc5a9bec868f2786383154b95a80e4733a7b823 -r /var/pcap/05062019.1512-1111.pcap -vvv -k none
elapsedtime:17.720997
stderr:
stdout:
6/5/2019 -- 15:12:13 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 15:12:13 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 15:12:13 - <Info> - CPUs/cores online: 1
6/5/2019 -- 15:12:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34016 and 'request-body-inspect-window' set to 16163 after randomization.
6/5/2019 -- 15:12:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33471 and 'response-body-inspect-window' set to 16148 after randomization.
6/5/2019 -- 15:12:13 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 15:12:13 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 15:12:13 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 15:12:13 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 15:12:13 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 15:12:13 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 15:12:13 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 15:12:13 - <Config> - Core dump size is unlimited.
6/5/2019 -- 15:12:13 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 15:12:13 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 15:12:13 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 15:12:13 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 15:12:13 - <Config> - stream "memcap": 33554432
6/5/2019 -- 15:12:13 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 15:12:13 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 15:12:13 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 15:12:13 - <Config> - stream."inline": disabled
6/5/2019 -- 15:12:13 - <Config> - stream "bypass": disabled
6/5/2019 -- 15:12:13 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly "toserver-chunk-size": 2557
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly "toclient-chunk-size": 2538
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 15:12:13 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 15:12:13 - <Config> - Delayed detect disabled
6/5/2019 -- 15:12:13 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 15:12:13 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 15:12:13 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 15:12:13 - <Config> - prefilter engines: MPM
6/5/2019 -- 15:12:13 - <Config> - IP reputation disabled
6/5/2019 -- 15:12:13 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 15:12:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
6/5/2019 -- 15:12:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
6/5/2019 -- 15:12:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
6/5/2019 -- 15:12:18 - <Config> - No rules loaded from ET-icmp.rules.
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
6/5/2019 -- 15:12:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
6/5/2019 -- 15:12:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
6/5/2019 -- 15:12:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
6/5/2019 -- 15:12:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
6/5/2019 -- 15:12:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
6/5/2019 -- 15:12:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
6/5/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
6/5/2019 -- 15:12:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
6/5/2019 -- 15:12:23 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 15:12:23 - <Info> - 31 rule files processed. 32260 rules successfully loaded, 0 rules failed
6/5/2019 -- 15:12:23 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:12:24 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:12:24 - <Info> - 32265 signatures processed. 2 are IP-only rules, 14352 are inspecting packet payload, 21545 inspect application layer, 0 are decoder event only
6/5/2019 -- 15:12:24 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 15:12:24 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
6/5/2019 -- 15:12:24 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
6/5/2019 -- 15:12:24 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
6/5/2019 -- 15:12:24 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
6/5/2019 -- 15:12:24 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
6/5/2019 -- 15:12:24 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 15:12:28 - <Perf> - Unique rule groups: 102
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toserver TCP packet": 35
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toclient TCP packet": 17
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toserver TCP stream": 33
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toclient TCP stream": 19
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toserver UDP packet": 27
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "toclient UDP packet": 15
6/5/2019 -- 15:12:28 - <Perf> - Builtin MPM "other IP packet": 3
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_uri": 14
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_client_body": 5
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_header": 10
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_header": 6
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_header_names": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_protocol": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_method": 5
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver tls_sni": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 15:12:28 - <Perf> - AppLayer MPM "toclient file_data": 7
6/5/2019 -- 15:12:30 - <Perf> - Registered 32265 rule profiling counters.
6/5/2019 -- 15:12:30 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 15:12:30 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 15:12:30 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 15:12:30 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 15:12:30 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 15:12:30 - <Info> - reading pcap file /var/pcap/05062019.1512-1111.pcap
6/5/2019 -- 15:12:30 - <Config> - using 1 flow manager threads
6/5/2019 -- 15:12:30 - <Config> - using 1 flow recycler threads
6/5/2019 -- 15:12:30 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
6/5/2019 -- 15:12:30 - <Info> - pcap file end of file reached (pcap err code 0)
6/5/2019 -- 15:12:30 - <Notice> - Signal Received.  Stopping engine.
6/5/2019 -- 15:12:30 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
6/5/2019 -- 15:12:30 - <Info> - time elapsed 0.036s
6/5/2019 -- 15:12:31 - <Perf> - 1 flows processed
6/5/2019 -- 15:12:31 - <Notice> - Pcap-file module read 76 packets, 69891 bytes
6/5/2019 -- 15:12:31 - <Perf> - AutoFP - Total flow handler queues - 1
6/5/2019 -- 15:12:31 - <Info> - Alerts: 1
6/5/2019 -- 15:12:31 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 15:12:31 - <Perf> - Done dumping profiling data.
6/5/2019 -- 15:12:31 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 15:12:31 - <Perf> - Dumping profiling data for 32265 rules.
6/5/2019 -- 15:12:31 - <Perf> - Done dumping profiling data.
6/5/2019 -- 15:12:31 - <Perf> - Done dumping keyword profiling data.
6/5/2019 -- 15:12:31 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
warnings:


suricata-4.0.0-etpro-base-alert-2019-05-06-T-15-12-31-05062019.1512-1111.pcap.txt - (212 bytes) - download
1
05/18/2017-08:12:13.280501  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49472 -> 192.168.116.138:445


stats.log - (2528 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 15:12:31 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 76
decoder.bytes                              | Total                     | 69891
decoder.ipv4                               | Total                     | 76
decoder.ethernet                           | Total                     | 76
decoder.tcp                                | Total                     | 76
decoder.avg_pkt_size                       | Total                     | 919
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.smb                         | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (413 bytes) - download
1
{"timestamp":"2017-05-18T08:12:13.280501+0000","flow_id":126357256110582,"pcap_cnt":8,"event_type":"alert","src_ip":"192.168.116.149","src_port":49472,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}


keyword_perf.log - (5815 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:12:31
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            7137            1               1               7137            7137.00         7137.00         0.00           
  flow             38855           9               9               9018            4317.00         4317.00         0.00           
  threshold        60818           6               0               36663           10136.00        0.00            10136.00       
  content          4860509         528             241             403899          9205.00         14011.00        5169.00        
  pcre             339951          67              4               15563           5073.00         8182.00         4876.00        
  byte_test        98775           31              12              5569            3186.00         3145.00         3211.00        
  byte_jump        33868           11              7               3973            3078.00         3056.00         3117.00        
  flowbits         7253            2               2               4650            3626.00         3626.00         0.00           
  dce_iface        168052          50              0               33308           3361.00         0.00            3361.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            7137            1               1               7137            7137.00         7137.00         0.00           
  flow             38855           9               9               9018            4317.00         4317.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4860509         528             241             403899          9205.00         14011.00        5169.00        
  pcre             339951          67              4               15563           5073.00         8182.00         4876.00        
  byte_test        98775           31              12              5569            3186.00         3145.00         3211.00        
  byte_jump        33868           11              7               3973            3078.00         3056.00         3117.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         7253            2               2               4650            3626.00         3626.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        60818           6               0               36663           10136.00        0.00            10136.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        168052          50              0               33308           3361.00         0.00            3361.00        


unified2.alert.1557155550 - (242 bytes) - download
1
4YW]Gµ Â	À¨t•À¨tŠÁ@½®YW]YW]Gµ’»OLØ%³õútE„@€À¨t•À¨tŠÁ@½¨¹t1º´ÉPÿáðXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 15:12:12,717 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 15:12:13,494 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 15:12:13,495 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-base
2019-05-06 15:12:13,495 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 15:12:13,495 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 15:12:13,495 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/49f6a5b451868c24b39fed657dc5a9bec868f2786383154b95a80e4733a7b823 -r /var/pcap/05062019.1512-1111.pcap -vvv -k none
2019-05-06 15:12:31,219 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 15:12:31,219 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 18.5099518299