Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 31.6470429897 seconds
Hash: 52809bbe3250a55ee93b627a820d329a
Uploaded: 1569857746

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-09-30-T-15-36-18-09302019.1535-network.pcap.txt - (35798 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/30/2019 -- 15:36:18. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2815481      1        6        1024512      3.11   2        0        954020      512256.00   0.00        512256.00  
  2        2815754      1        2        535826       1.63   2        0        477426      267913.00   0.00        267913.00  
  3        2017552      1        6        1004650      3.05   21       0        459560      47840.48    0.00        47840.48   
  4        2008120      1        4        570926       1.73   24       0        423818      23788.58    0.00        23788.58   
  5        2827580      1        7        439620       1.33   4        0        421794      109905.00   0.00        109905.00  
  6        2022502      1        4        563506       1.71   4        0        395856      140876.50   0.00        140876.50  
  7        2823218      1        2        458880       1.39   2        0        394188      229440.00   0.00        229440.00  
  8        2023315      1        2        337782       1.02   2        1        260280      168891.00   260280.00   77502.00   
  9        2821561      1        2        315158       0.96   2        0        255988      157579.00   0.00        157579.00  
  10       2816895      1        2        379236       1.15   3        0        177730      126412.00   0.00        126412.00  
  11       2811447      1        2        1092900      3.32   24       0        155392      45537.50    0.00        45537.50   
  12       2014701      1        12       178614       0.54   4        0        135928      44653.50    0.00        44653.50   
  13       2021531      1        2        177566       0.54   2        0        128958      88783.00    0.00        88783.00   
  14       2816928      1        3        170860       0.52   2        0        126052      85430.00    0.00        85430.00   
  15       2816910      1        2        234094       0.71   2        0        123106      117047.00   0.00        117047.00  
  16       2808698      1        4        167332       0.51   2        0        118508      83666.00    0.00        83666.00   
  17       2823915      1        3        154698       0.47   2        0        117904      77349.00    0.00        77349.00   
  18       2816394      1        2        158136       0.48   2        0        116160      79068.00    0.00        79068.00   
  19       2828122      1        2        186690       0.57   2        1        114848      93345.00    114848.00   71842.00   
  20       2822697      1        2        173724       0.53   2        0        113034      86862.00    0.00        86862.00   
  21       2816909      1        2        204456       0.62   2        0        109926      102228.00   0.00        102228.00  
  22       2019881      1        3        171830       0.52   2        0        109896      85915.00    0.00        85915.00   
  23       2014380      1        4        148586       0.45   9        0        104364      16509.56    0.00        16509.56   
  24       2019821      1        8        185474       0.56   2        2        102940      92737.00    92737.00    0.00       
  25       2022339      1        2        202010       0.61   2        0        102402      101005.00   0.00        101005.00  
  26       2816940      1        2        192136       0.58   2        0        101904      96068.00    0.00        96068.00   
  27       2816927      1        3        147078       0.45   2        0        100280      73539.00    0.00        73539.00   
  28       2816747      1        2        181776       0.55   2        0        96826       90888.00    0.00        90888.00   
  29       2816327      1        4        178130       0.54   2        0        96342       89065.00    0.00        89065.00   
  30       2811711      1        2        131602       0.40   2        0        95820       65801.00    0.00        65801.00   
  31       2018452      1        15       142988       0.43   2        0        94598       71494.00    0.00        71494.00   
  32       2025064      1        5        155654       0.47   2        0        91800       77827.00    0.00        77827.00   
  33       2018407      1        9        184900       0.56   3        0        89304       61633.33    0.00        61633.33   
  34       2022679      1        4        145724       0.44   2        0        87912       72862.00    0.00        72862.00   
  35       2025142      1        2        167336       0.51   2        0        87870       83668.00    0.00        83668.00   
  36       2816328      1        5        130908       0.40   2        0        84972       65454.00    0.00        65454.00   
  37       2820851      1        5        143816       0.44   2        0        83802       71908.00    0.00        71908.00   
  38       2826616      1        2        130886       0.40   2        0        82900       65443.00    0.00        65443.00   
  39       2816931      1        3        128492       0.39   2        0        82252       64246.00    0.00        64246.00   
  40       2811280      1        7        149394       0.45   2        0        80682       74697.00    0.00        74697.00   
  41       2830124      1        1        153092       0.46   2        0        79086       76546.00    0.00        76546.00   
  42       2815924      1        2        124692       0.38   2        0        78384       62346.00    0.00        62346.00   
  43       2815817      1        5        126366       0.38   2        0        77050       63183.00    0.00        63183.00   
  44       2021067      1        2        132710       0.40   2        0        76700       66355.00    0.00        66355.00   
  45       2819881      1        2        128894       0.39   2        0        76288       64447.00    0.00        64447.00   
  46       2816669      1        4        133366       0.40   2        0        75826       66683.00    0.00        66683.00   
  47       2010143      1        3        276286       0.84   22       0        73140       12558.45    0.00        12558.45   
  48       2829091      1        2        145566       0.44   2        0        73066       72783.00    0.00        72783.00   
  49       2021068      1        2        221724       0.67   4        0        72932       55431.00    0.00        55431.00   
  50       2816922      1        5        119574       0.36   2        0        72566       59787.00    0.00        59787.00   
  51       2023670      1        3        139198       0.42   2        2        72428       69599.00    69599.00    0.00       
  52       2824942      1        2        120146       0.36   2        0        69832       60073.00    0.00        60073.00   
  53       2011894      1        19       117504       0.36   2        0        69744       58752.00    0.00        58752.00   
  54       2816165      1        5        281716       0.85   6        0        69210       46952.67    0.00        46952.67   
  55       2022609      1        2        134874       0.41   2        0        67730       67437.00    0.00        67437.00   
  56       2816525      1        10       132798       0.40   2        0        67364       66399.00    0.00        66399.00   
  57       2022652      1        2        113570       0.34   2        0        67134       56785.00    0.00        56785.00   
  58       2809087      1        2        115294       0.35   2        0        66648       57647.00    0.00        57647.00   
  59       2815664      1        3        121284       0.37   2        0        66510       60642.00    0.00        60642.00   
  60       2022207      1        4        116400       0.35   2        0        66014       58200.00    0.00        58200.00   
  61       2809709      1        4        113628       0.34   2        0        65792       56814.00    0.00        56814.00   
  62       2820673      1        2        115588       0.35   2        0        65478       57794.00    0.00        57794.00   
  63       2815324      1        2        130132       0.39   2        0        65362       65066.00    0.00        65066.00   
  64       2821615      1        2        234116       0.71   4        0        65020       58529.00    0.00        58529.00   
  65       2814182      1        2        113094       0.34   2        0        64362       56547.00    0.00        56547.00   
  66       2827365      1        1        115988       0.35   2        0        64294       57994.00    0.00        57994.00   
  67       2014303      1        2        111440       0.34   2        0        63660       55720.00    0.00        55720.00   
  68       2816929      1        4        112560       0.34   2        0        63316       56280.00    0.00        56280.00   
  69       2819673      1        4        109618       0.33   2        0        63122       54809.00    0.00        54809.00   
  70       2804556      1        2        63102        0.19   1        0        63102       63102.00    0.00        63102.00   
  71       2020388      1        8        109170       0.33   2        0        63006       54585.00    0.00        54585.00   
  72       2017613      1        9        121538       0.37   2        0        62424       60769.00    0.00        60769.00   
  73       2824387      1        2        109698       0.33   2        0        60988       54849.00    0.00        54849.00   
  74       2019344      1        5        119920       0.36   2        0        60966       59960.00    0.00        59960.00   
  75       2023875      1        2        119742       0.36   2        0        60800       59871.00    0.00        59871.00   
  76       2024767      1        2        108210       0.33   2        0        59710       54105.00    0.00        54105.00   
  77       2018358      1        7        117672       0.36   2        0        59640       58836.00    0.00        58836.00   
  78       2812896      1        5        118236       0.36   2        0        59560       59118.00    0.00        59118.00   
  79       2821148      1        4        107068       0.32   2        0        59148       53534.00    0.00        53534.00   
  80       2024848      1        2        115562       0.35   2        0        57934       57781.00    0.00        57781.00   
  81       2826256      1        2        252360       0.77   6        0        57292       42060.00    0.00        42060.00   
  82       2018496      1        9        104738       0.32   2        0        56746       52369.00    0.00        52369.00   
  83       2003492      1        30       183408       0.56   4        0        55704       45852.00    0.00        45852.00   
  84       2816925      1        3        101764       0.31   2        0        55558       50882.00    0.00        50882.00   
  85       2022503      1        2        110176       0.33   2        0        55368       55088.00    0.00        55088.00   
  86       2016858      1        10       104474       0.32   2        0        55362       52237.00    0.00        52237.00   
  87       2019693      1        5        101124       0.31   2        0        55032       50562.00    0.00        50562.00   
  88       2829260      1        1        102688       0.31   2        0        54526       51344.00    0.00        51344.00   
  89       2809816      1        2        102976       0.31   2        0        53650       51488.00    0.00        51488.00   
  90       2022198      1        2        158468       0.48   4        0        52586       39617.00    0.00        39617.00   
  91       2016223      1        10       174910       0.53   4        0        52580       43727.50    0.00        43727.50   
  92       2804626      1        9        175354       0.53   4        0        52578       43838.50    0.00        43838.50   
  93       2809859      1        6        97320        0.30   2        0        51956       48660.00    0.00        48660.00   
  94       2809682      1        5        156240       0.47   4        0        51728       39060.00    0.00        39060.00   
  95       2020496      1        2        99734        0.30   2        0        50982       49867.00    0.00        49867.00   
  96       2014803      1        7        50918        0.15   1        0        50918       50918.00    0.00        50918.00   
  97       2806921      1        3        87232        0.26   2        0        50882       43616.00    0.00        43616.00   
  98       2820309      1        2        91920        0.28   2        0        50848       45960.00    0.00        45960.00   
  99       2025162      1        2        97924        0.30   2        0        50142       48962.00    0.00        48962.00   
  100      2016537      1        2        378696       1.15   15       0        50096       25246.40    0.00        25246.40   
  101      2816530      1        2        97446        0.30   2        0        50008       48723.00    0.00        48723.00   
  102      2812916      1        6        98636        0.30   2        0        49584       49318.00    0.00        49318.00   
  103      2022262      1        3        96366        0.29   2        0        49500       48183.00    0.00        48183.00   
  104      2830471      1        2        98330        0.30   2        0        49296       49165.00    0.00        49165.00   
  105      2824909      1        2        96434        0.29   2        0        49196       48217.00    0.00        48217.00   
  106      2812801      1        2        97624        0.30   2        0        49104       48812.00    0.00        48812.00   
  107      2018981      1        4        97706        0.30   2        0        49048       48853.00    0.00        48853.00   
  108      2809012      1        4        95760        0.29   2        0        48710       47880.00    0.00        47880.00   
  109      2816777      1        3        96080        0.29   2        0        48514       48040.00    0.00        48040.00   
  110      2023615      1        3        241248       0.73   43       0        48448       5610.42     0.00        5610.42    
  111      2024758      1        4        96514        0.29   2        0        48422       48257.00    0.00        48257.00   
  112      2022197      1        3        95542        0.29   2        0        48360       47771.00    0.00        47771.00   
  113      2816356      1        2        176844       0.54   4        0        48248       44211.00    0.00        44211.00   
  114      2024367      1        2        94912        0.29   2        0        47874       47456.00    0.00        47456.00   
  115      2816636      1        2        85116        0.26   2        0        47814       42558.00    0.00        42558.00   
  116      2014133      1        4        87442        0.27   2        0        47692       43721.00    0.00        43721.00   
  117      2019155      1        2        94786        0.29   2        0        47652       47393.00    0.00        47393.00   
  118      2829644      1        1        94372        0.29   2        0        47590       47186.00    0.00        47186.00   
  119      2018958      1        18       85956        0.26   2        0        47572       42978.00    0.00        42978.00   
  120      2816526      1        13       94070        0.29   2        0        47468       47035.00    0.00        47035.00   
  121      2021506      1        4        47044        0.14   1        0        47044       47044.00    0.00        47044.00   
  122      2820031      1        2        93770        0.28   2        0        47016       46885.00    0.00        46885.00   
  123      2018242      1        5        92784        0.28   2        0        46612       46392.00    0.00        46392.00   
  124      2809360      1        2        92920        0.28   2        0        46598       46460.00    0.00        46460.00   
  125      2816930      1        4        9

This file has been truncated. Go here to download in full.


packet_stats.log - (16740 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            94          3784972      141983904      85398441          8.0b   54.39
 IPv4      17            48          5351362      118320612      78841309          3.8b   25.64
 IPv6      17            19          6957466      117861828      63101770          1.2b    8.12
 IPv6      58            24          4188874      118699920      72802548          1.7b   11.84
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            94           116750       14404394       1066250        100.2m   58.78
TMM_FLOWWORKER              IPv4      17            48           263810        9378216        695785         33.4m   19.59
TMM_RECEIVEPCAPFILE         IPv4       6            93             4454           7002          4994        464.5k    0.27
TMM_RECEIVEPCAPFILE         IPv4      17            48             4486           7720          5225        250.8k    0.15
TMM_DECODEPCAPFILE          IPv4       6            93             4566       21103120        232508         21.6m   12.68
TMM_DECODEPCAPFILE          IPv4      17            48             4574          13518          5249        252.0k    0.15
TMM_FLOWWORKER              IPv6      17            19           310998        1206874        508512          9.7m    5.67
TMM_FLOWWORKER              IPv6      58            24           134446         518042        169055          4.1m    2.38
TMM_RECEIVEPCAPFILE         IPv6      17            19             4502          10172          5482        104.2k    0.06
TMM_RECEIVEPCAPFILE         IPv6      58            24             4472          38182          6366        152.8k    0.09
TMM_DECODEPCAPFILE          IPv6      17            19             4664           6028          5069         96.3k    0.06
TMM_DECODEPCAPFILE          IPv6      58            24             4626         104048          9190        220.6k    0.13

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            93             4778          24356          5944        552.8k  0.41  
flow                    IPv4      17            48             4776          25428          8101        388.9k  0.29  
stream                  IPv4       6            94             4914        4248418         99933          9.4m  6.93  
app-layer               IPv4      17            48             4438          64938         12654        607.4k  0.45  
detect                  IPv4       6            94            78102       14348520        854229         80.3m  59.22 
detect                  IPv4      17            48           235858        9328894        643104         30.9m  22.77 
tcp-prune               IPv4       6            94             4468          23520          5511        518.1k  0.38  
flow                    IPv6      17            19             4770          22714          8532        162.1k  0.12  
flow                    IPv6      58            24             5594          43046         13044        313.1k  0.23  
app-layer               IPv6      17            19             4454          20460         13049        247.9k  0.18  
detect                  IPv6      17            19           283324        1160624        466597          8.9m  6.54  
detect                  IPv6      58            24           114074         452060        140919          3.4m  2.49  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6             8472          24088         15456         92.7k  7.35  
http                    IPv4      17            17             8472          66682         39335        668.7k  52.97 
dns                     IPv4      17             4             6492          17550         10009         40.0k  3.17  
http                    IPv6      17             9            20272          66682         51212        460.9k  36.51 
Proto detect            IPv4       6             1            62364          62364         62364         62.4k
Proto detect            IPv4      17            25             4654          46360          9771        244.3k
Proto detect            IPv6      17            14             4656          10094          6231         87.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            43270         195580         94593        378.4k  10.55 
LOGGER_JSON_HTTP            IPv4       6             6            47934         248690        133841        803.0k  22.39 
LOGGER_JSON_FILE            IPv4       6             7            60430        1299488        343706          2.4m  67.07 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            49             4498        1486448        128958         6.3m  30.44 
payload                           IPv4      17            48             6604         405878         43399         2.1m  10.03 
stream                            IPv4       6            49             4444         939460        101377         5.0m  23.93 
http_uri                          IPv4       6             6            13258         141354         67495       405.0k  1.95  
http_request_line                 IPv4       6             6            12012          21222         14552        87.3k  0.42  
http_client_body                  IPv4       6             6             5294         600552        138157       828.9k  3.99  
http_header (request)             IPv4       6             6            87254         526056        194384         1.2m  5.62  
http_header (request trailer)     IPv4       6             6             4514           5556          4717        28.3k  0.14  
http_header_names (request)       IPv4       6             6            33094        1017768        199870         1.2m  5.78  
http_accept (request)             IPv4       6             6             5820          21354          9306        55.8k  0.27  
http_referer (request)            IPv4       6             6             5228          12122          7380        44.3k  0.21  
http_content_len (request)        IPv4       6             6             5506          12678          7579        45.5k  0.22  
http_content_type (request)       IPv4       6             6             5574          16730         10130        60.8k  0.29  
http_protocol (request)           IPv4       6             6             9184          10708          9762        58.6k  0.28  
http_start (request)              IPv4       6             6            16514          23470         20166       121.0k  0.58  
http_raw_header (request)         IPv4       6             6            20036          39244         27692       166.2k  0.80  
http_method                       IPv4       6             6            10414          13150         11502        69.0k  0.33  
http_cookie (request)             IPv4       6             6             5332          11448          6832        41.0k  0.20  
http_raw_uri                      IPv4       6             6             7428          10718          8685        52.1k  0.25  
http_user_agent                   IPv4       6             6            10996         453374        128148       768.9k  3.70  
http_host                         IPv4       6             6             7868           8948          8473        50.8k  0.24  
dns_query                         IPv4      17             2            14954          18456         16705        33.4k  0.16  
http_response_line                IPv4       6             5             9474         435506         96400       482.0k  2.32  
http_header (response)            IPv4       6             5            23486          63064         39743       198.7k  0.96  
http_header (response trailer)    IPv4       6             5             4518           4832          4706        23.5k  0.11  
http_content_type (response)      IPv4       6             5             5126          14050          8643        43.2k  0.21  
http_raw_header (response)        IPv4       6            25             4910          13952          7103       177.6k  0.86  
http_cookie (response)            IPv4       6             5             4772           5688          5206        26.0k  0.13  
http_stat_code                    IPv4       6             5             6654           8166          7118        35.6k  0.17  
file_data (http response)         IPv4       6            20             4494           7362          4940        98.8k  0.48  
Total                             IPv4                   331                                         59630        19.7m
payload                           IPv6      17            19             7428         198738         39993       759.9k  3.66  
payload                           IPv6      58            24             4722          82638         11007       264.2k  1.27  
Total                             IPv6                    43                                         23815         1.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12            21430         119828         58935        707.2k  0.44  
PROF_DETECT_IPONLY          IPv4      17            25            12816         906590        104535          2.6m  1.61  
PROF_DETECT_RULES           IPv4       6            94             4666        5344808        333142         31.3m  19.32 
PROF_DETECT_RULES           IPv4      17            48           130956         627264        239306         11.5m  7.09  
PROF_DETECT_STATEFUL_START    IPv4       6            25             8918        3134174        516394         12.9m  7.97  
PROF_DETECT_STATEFUL_CONT    IPv4       6            94             4452         601966         33273          3.1m  1.93  
PROF_DETECT_STATEFUL_CONT    IPv4      17            48             4408          17566          5298        254.3k  0.16  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            65             4446          90354          6577        427.5k  0.26  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             4594           5442          5138         20.6k  0.01  
PROF_DETECT_PREFILTER       IPv4       6            94            13662       14171892        389849         36.6m  22.61 
PROF_DETECT_PREFILTER       IPv4      17            48            43842        8959746        273705         13.1m  8.11  
PROF_DETECT_PF_PAYLOAD      IPv4       6            49            31494        1509180        244897         12.0m  7.40  
PROF_DETECT_PF_PAYLOAD      IPv4      17            48            15696         415090         54397          2.6m  1.61  
PROF_DETECT_PF_TX           IPv4       6            65             4512        1543896        118315          7.7m  4.75  
PROF_DETECT_PF_TX           IPv4      17             2            24334          28540         26437         52.9k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6            33             4500          30286          7051        232.7k  0.14  
PROF_DETECT_PF_SORT1        IPv4      17            48             4752          39004          6122        293.9k  0.18  
PROF_DETECT_PF_SORT2        IPv4       6            94             4422         110382          8795        826.7k  0.51  
PROF_DETECT_PF_SORT2        IPv4      17            48             4494        8917212        191602          9.2m  5.68  
PROF_DETECT_NONMPMLIST      IPv4       6            94             4432         421974         10308        969.0k  0.60  
PROF_DETECT_NONMPMLIST      IPv4      17            48             4436          21206          5438        261.0k  0.16  
PROF_DETECT_ALERT           IPv4       6            94             4422         415886          9554        898.1k  0.55  
PROF_DETECT_ALERT           IPv4      17            48             4440           6016          4711        226.2k  0.14  
PROF_DETECT_CLEANUP         IPv4       6            94             4492          40540          5566        523.3k  0.32  
PROF_DETECT_CLEANUP         IPv4      17            48             4432           9284          5131        246.3k  0.15  
PROF_DETECT_GETSGH          IPv4       6            94             4430         209616         10584        994.9k  0.61  
PROF_DETECT_GETSGH          IPv4      17            48             4660          63200         10327        495.7k  0.31  
PROF_DETECT_IPONLY          IPv6      17            14             4752          15758          6787         95.0k  0.06  
PROF_DETECT_IPONLY          IPv6      58            24             4866          68750          8364        200.8k  0.12  
PROF_DETECT_RULES           IPv6      17            19           156708         978966        297170          5.6m  3.48  
PROF_DETECT_RULES           IPv6      58            24             4440          25782          5482        131.6k  0.08  
PROF_DETECT_STATEFUL_CONT    IPv6      17            19             4428           6346          4835         91.9k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv6      58            24             4424           6164          4787        114.9k  0.07  
PROF_DETECT_PREFILTER       IPv6      17            19            44720         268292         81389          1.5m  0.95  
PROF_DETECT_PREFILTER       IPv6      58            24            31664         122742         41440        994.6k  0.61  
PROF_DETECT_PF_PAYLOAD      IPv6      17            19            16704         207984         49977        949.6k  0.59  
PROF_DETECT_PF_PAYLOAD      IPv6      58            24            13630          91794         20277        486.7k  0.30  
PROF_DETECT_PF_SORT1        IPv6      17            19             4942           7208          5546        105.4k  0.07  
PROF_DETECT_PF_SORT2        IPv6      17            19             4496          34912          7504        142.6k  0.09  
PROF_DETECT_PF_SORT2        IPv6      58            24             4420          11258          4876        117.0k  0.07  
PROF_DETECT_NONMPMLIST      IPv6      17            19             4440           6112          5012         95.2k  0.06  
PROF_DETECT_NONMPMLIST      IPv6      58            24             4432           5454          4754        114.1k  0.07  
PROF_DETECT_ALERT           IPv6      17            19             4442           5802          4732         89.9k  0.06  
PROF_DETECT_ALERT           IPv6      58            24             4428          23182          5475        131.4k  0.08  
PROF_DETECT_CLEANUP         IPv6      17            19             4460           6296          5082         96.6k  0.06  
PROF_DETECT_C

This file has been truncated. Go here to download in full.


suricata-report-2019-09-30-T-15-36-18-09302019.1535-network.pcap.txt - (17649 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/52809bbe3250a55ee93b627a820d329a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09302019.1535-network.pcap -vvv -k none
elapsedtime:30.268790
stderr:
stdout:
30/9/2019 -- 15:35:48 - <Info> - Configuration node 'rule-files' redefined.
30/9/2019 -- 15:35:48 - <Notice> - This is Suricata version 4.0.0 RELEASE
30/9/2019 -- 15:35:48 - <Info> - CPUs/cores online: 1
30/9/2019 -- 15:35:48 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33699 and 'request-body-inspect-window' set to 16648 after randomization.
30/9/2019 -- 15:35:48 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33021 and 'response-body-inspect-window' set to 15661 after randomization.
30/9/2019 -- 15:35:48 - <Config> - DNS request flood protection level: 500
30/9/2019 -- 15:35:48 - <Config> - DNS per flow memcap (state-memcap): 524288
30/9/2019 -- 15:35:48 - <Config> - DNS global memcap: 16777216
30/9/2019 -- 15:35:48 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
30/9/2019 -- 15:35:48 - <Config> - preallocated 1000 hosts of size 136
30/9/2019 -- 15:35:48 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
30/9/2019 -- 15:35:48 - <Config> - using magic-file /usr/share/file/magic
30/9/2019 -- 15:35:48 - <Config> - Core dump size is unlimited.
30/9/2019 -- 15:35:48 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
30/9/2019 -- 15:35:48 - <Config> - preallocated 1000 defrag trackers of size 168
30/9/2019 -- 15:35:48 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
30/9/2019 -- 15:35:48 - <Config> - stream "prealloc-sessions": 2048 (per thread)
30/9/2019 -- 15:35:48 - <Config> - stream "memcap": 33554432
30/9/2019 -- 15:35:48 - <Config> - stream "midstream" session pickups: disabled
30/9/2019 -- 15:35:48 - <Config> - stream "async-oneside": disabled
30/9/2019 -- 15:35:48 - <Config> - stream "checksum-validation": disabled
30/9/2019 -- 15:35:48 - <Config> - stream."inline": disabled
30/9/2019 -- 15:35:48 - <Config> - stream "bypass": disabled
30/9/2019 -- 15:35:48 - <Config> - stream "max-synack-queued": 5
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly "memcap": 134217728
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly "depth": 0
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly "toserver-chunk-size": 2655
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly "toclient-chunk-size": 2684
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly.raw: enabled
30/9/2019 -- 15:35:48 - <Config> - stream.reassembly "segment-prealloc": 2048
30/9/2019 -- 15:35:48 - <Config> - Delayed detect disabled
30/9/2019 -- 15:35:48 - <Config> - pattern matchers: MPM: ac, SPM: bm
30/9/2019 -- 15:35:48 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
30/9/2019 -- 15:35:48 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
30/9/2019 -- 15:35:48 - <Config> - prefilter engines: MPM
30/9/2019 -- 15:35:48 - <Config> - IP reputation disabled
30/9/2019 -- 15:35:48 - <Perf> - Registered 148 keyword profiling counters.
30/9/2019 -- 15:35:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
30/9/2019 -- 15:35:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
30/9/2019 -- 15:35:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
30/9/2019 -- 15:35:54 - <Config> - No rules loaded from ET-icmp.rules.
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
30/9/2019 -- 15:35:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
30/9/2019 -- 15:35:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
30/9/2019 -- 15:35:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
30/9/2019 -- 15:35:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
30/9/2019 -- 15:35:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
30/9/2019 -- 15:35:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
30/9/2019 -- 15:35:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
30/9/2019 -- 15:36:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
30/9/2019 -- 15:36:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
30/9/2019 -- 15:36:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
30/9/2019 -- 15:36:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
30/9/2019 -- 15:36:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
30/9/2019 -- 15:36:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
30/9/2019 -- 15:36:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
30/9/2019 -- 15:36:03 - <Config> - No rules loaded from local.rules.
30/9/2019 -- 15:36:03 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
30/9/2019 -- 15:36:04 - <Info> - Threshold config parsed: 0 rule(s) found
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tcp-packet
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tcp-stream
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for udp-packet
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for other-ip
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_uri
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_request_line
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_client_body
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_response_line
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_header
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_header
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_header_names
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_header_names
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_accept
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_accept_enc
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_accept_lang
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_referer
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_connection
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_content_len
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_content_len
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_content_type
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_content_type
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_protocol
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_protocol
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_start
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_start
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_raw_header
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_raw_header
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_method
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_cookie
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_cookie
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_raw_uri
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_user_agent
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_host
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_raw_host
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_stat_msg
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_stat_code
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for dns_query
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tls_sni
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tls_cert_issuer
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tls_cert_subject
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for tls_cert_serial
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for dce_stub_data
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for dce_stub_data
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for ssh_protocol
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for ssh_protocol
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for ssh_software
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for ssh_software
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for file_data
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for file_data
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_request_line
30/9/2019 -- 15:36:04 - <Perf> - using shared mpm ctx' for http_response_line
30/9/2019 -- 15:36:04 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
30/9/2019 -- 15:36:04 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
30/9/2019 -- 15:36:05 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
30/9/2019 -- 15:36:05 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
30/9/2019 -- 15:36:05 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
30/9/2019 -- 15:36:05 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
30/9/2019 -- 15:36:05 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
30/9/2019 -- 15:36:05 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
30/9/2019 -- 15:36:13 - <Perf> - Unique rule groups: 104
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toserver TCP packet": 35
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toclient TCP packet": 17
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toserver TCP stream": 33
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toclient TCP stream": 19
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toserver UDP packet": 27
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "toclient UDP packet": 17
30/9/2019 -- 15:36:13 - <Perf> - Builtin MPM "other IP packet": 3
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_uri": 14
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_request_line": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_client_body": 6
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_response_line": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_header": 10
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_header": 6
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_header_names": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_accept": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_referer": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_content_len": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_content_type": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_content_type": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_protocol": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_start": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_method": 5
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_cookie": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_cookie": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver http_host": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver dns_query": 4
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver tls_sni": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toserver file_data": 1
30/9/2019 -- 15:36:13 - <Perf> - AppLayer MPM "toclient file_data": 7
30/9/2019 -- 15:36:16 - <Perf> - Registered 39590 rule profiling counters.
30/9/2019 -- 15:36:16 - <Info> - fast output device (regular) initialized: alert
30/9/2019 -- 15:36:16 - <Info> - eve-log output device (regular) initialized: eve.json
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'alert'
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'http'
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'dns'
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'tls'
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'files'
30/9/2019 -- 15:36:16 - <Config> - enabling 'eve-log' module 'ssh'
30/9/2019 -- 15:36:16 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
30/9/2019 -- 15:36:16 - <Info> - stats output device (regular) initialized: stats.log
30/9/2019 -- 15:36:16 - <Config> - AutoFP mode using "Hash" flow load balancer
30/9/2019 -- 15:36:16 - <Info> - reading pcap file /var/pcap/09302019.1535-network.pcap
30/9/2019 -- 15:36:16 - <Config> - using 1 flow manager threads
30/9/2019 -- 15:36:16 - <Config

This file has been truncated. Go here to download in full.


stats.log - (3140 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 9/30/2019 -- 15:36:18 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 220
decoder.bytes                              | Total                     | 97524
decoder.ipv4                               | Total                     | 141
decoder.ipv6                               | Total                     | 43
decoder.ethernet                           | Total                     | 220
decoder.tcp                                | Total                     | 93
decoder.udp                                | Total                     | 67
decoder.icmpv6                             | Total                     | 24
decoder.avg_pkt_size                       | Total                     | 443
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 37
flow.icmpv6                                | Total                     | 24
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 2
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 5
app_layer.tx.http                          | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 35
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 10
flow_mgr.flows_notimeout                   | Total                     | 10
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65526
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7082080


eve.json - (8412 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
{"timestamp":"2019-09-13T22:45:41.146775+0000","flow_id":1189706412142367,"pcap_cnt":33,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":49282,"dest_ip":"192.168.240.208","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.208","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-13T22:45:41.146918+0000","flow_id":1189706412142367,"pcap_cnt":35,"event_type":"http","src_ip":"192.168.240.18","src_port":49282,"dest_ip":"192.168.240.208","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.208","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-13T22:45:41.147439+0000","flow_id":1189706412142367,"pcap_cnt":37,"event_type":"fileinfo","src_ip":"192.168.240.208","src_port":5357,"dest_ip":"192.168.240.18","dest_port":49282,"proto":"TCP","http":{"hostname":"192.168.240.208","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-13T22:45:42.475470+0000","flow_id":704033657862957,"pcap_cnt":56,"event_type":"fileinfo","src_ip":"192.168.240.208","src_port":49344,"dest_ip":"192.168.240.221","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.221","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-13T22:45:42.475681+0000","flow_id":704033657862957,"pcap_cnt":58,"event_type":"http","src_ip":"192.168.240.208","src_port":49344,"dest_ip":"192.168.240.221","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.221","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-13T22:45:42.476624+0000","flow_id":704033657862957,"pcap_cnt":60,"event_type":"fileinfo","src_ip":"192.168.240.221","src_port":5357,"dest_ip":"192.168.240.208","dest_port":49344,"proto":"TCP","http":{"hostname":"192.168.240.221","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-13T22:45:48.472427+0000","flow_id":785157000541547,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.240.208","src_port":58121,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53577,"rrname":"mtcareers.myftp.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-13T22:45:48.479221+0000","flow_id":785157000541547,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.208","dest_port":58121,"proto":"UDP","dns":{"type":"answer","id":53577,"rcode":"NOERROR","rrname":"myftp.org","rrtype":"SOA","ttl":59}}
{"timestamp":"2019-09-13T22:45:49.852198+0000","flow_id":768121012814054,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.240.208","src_port":61902,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31611,"rrname":"mantechcareers.serveftp.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-13T22:45:49.859125+0000","flow_id":768121012814054,"pcap_cnt":97,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.208","dest_port":61902,"proto":"UDP","dns":{"type":"answer","id":31611,"rcode":"NOERROR","rrname":"serveftp.com","rrtype":"SOA","ttl":59}}
{"timestamp":"2019-09-13T22:45:50.973030+0000","flow_id":2158623117415357,"pcap_cnt":118,"event_type":"http","src_ip":"192.168.240.208","src_port":49346,"dest_ip":"213.252.246.80","dest_port":8888,"proto":"TCP","tx_id":0,"http":{"hostname":"213.252.246.80","url":"\/asd123","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-09-13T22:45:50.973030+0000","flow_id":2158623117415357,"pcap_cnt":118,"event_type":"fileinfo","src_ip":"213.252.246.80","src_port":8888,"dest_ip":"192.168.240.208","dest_port":49346,"proto":"TCP","http":{"hostname":"213.252.246.80","url":"\/asd123","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":12355},"app_proto":"http","fileinfo":{"filename":"\/asd123","gaps":false,"state":"CLOSED","stored":false,"size":12355,"tx_id":0}}
{"timestamp":"2019-09-13T22:46:07.543743+0000","flow_id":2168467183621942,"pcap_cnt":129,"event_type":"fileinfo","src_ip":"192.168.240.208","src_port":49347,"dest_ip":"213.252.246.80","dest_port":8888,"proto":"TCP","http":{"hostname":"213.252.246.80","url":"\/asd123?LGLSJZHKVT=ae6881afe578433fb82f1b1b8e56895a;CCZ0Q7STPW=;","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_refer":"http:\/\/213.252.246.80:8888\/asd123","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/asd123","gaps":false,"state":"CLOSED","stored":false,"size":135,"tx_id":0}}
{"timestamp":"2019-09-13T22:46:07.550392+0000","flow_id":2168467183621942,"pcap_cnt":131,"event_type":"http","src_ip":"192.168.240.208","src_port":49347,"dest_ip":"213.252.246.80","dest_port":8888,"proto":"TCP","tx_id":0,"http":{"hostname":"213.252.246.80","url":"\/asd123?LGLSJZHKVT=ae6881afe578433fb82f1b1b8e56895a;CCZ0Q7STPW=;","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"}}
{"timestamp":"2019-09-13T22:46:10.746149+0000","flow_id":1160056107367649,"pcap_cnt":156,"event_type":"http","src_ip":"192.168.240.208","src_port":49348,"dest_ip":"213.252.246.80","dest_port":8888,"proto":"TCP","tx_id":0,"http":{"hostname":"213.252.246.80","url":"\/asd123?LGLSJZHKVT=ae6881afe578433fb82f1b1b8e56895a;CCZ0Q7STPW=;\\.\\\\.\\\\.\\\\\\\\\\.\\.\\\\..\\\\.\\\\\\\\.\\..\\.\\\\\\.\\\\.\\.\\\\.\\.\\.\\..\\.\\\\.\\.\\.\\\\.\\\\\\\\.\\mshtml,","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-09-13T22:46:10.746149+0000","flow_id":1160056107367649,"pcap_cnt":156,"event_type":"fileinfo","src_ip":"213.252.246.80","src_port":8888,"dest_ip":"192.168.240.208","dest_port":49348,"proto":"TCP","http":{"hostname":"213.252.246.80","url":"\/asd123?LGLSJZHKVT=ae6881afe578433fb82f1b1b8e56895a;CCZ0Q7STPW=;\\.\\\\.\\\\.\\\\\\\\\\.\\.\\\\..\\\\.\\\\\\\\.\\..\\.\\\\\\.\\\\.\\.\\\\.\\.\\.\\..\\.\\\\.\\.\\.\\\\.\\\\\\\\.\\mshtml,","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":12360},"app_proto":"http","fileinfo":{"filename":"\/asd123","gaps":false,"state":"CLOSED","stored":false,"size":12360,"tx_id":0}}
{"timestamp":"2019-09-13T22:49:20.718095+0000","flow_id":2139952895984285,"pcap_cnt":220,"event_type":"http","src_ip":"192.168.240.208","src_port":49349,"dest_ip":"213.252.246.80","dest_port":8888,"proto":"TCP","tx_id":0,"http":{"hostname":"213.252.246.80","url":"\/asd123?LGLSJZHKVT=ae6881afe578433fb82f1b1b8e56895a;CCZ0Q7STPW=stage;","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"}}


keyword_perf.log - (10614 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/30/2019 -- 15:36:18
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2644040         373             373             426820          7088.00         7088.00         0.00           
  content          4936530         676             365             329174          7302.00         7711.00         6822.00        
  pcre             1856304         56              15              900300          33148.00        16259.00        39327.00       
  byte_test        278566          36              16              101420          7737.00         11408.00        4801.00        
  isdataat         10048           2               0               5090            5024.00         0.00            5024.00        
  flowbits         98982           6               6               64724           16497.00        16497.00        0.00           
  urilen           467270          76              26              28260           6148.00         7050.00         5679.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2644040         373             373             426820          7088.00         7088.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          991272          153             83              114134          6478.00         5478.00         7664.00        
  byte_test        278566          36              16              101420          7737.00         11408.00        4801.00        
  isdataat         10048           2               0               5090            5024.00         0.00            5024.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         98982           6               6               64724           16497.00        16497.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          632264          88              25              23072           7184.00         6933.00         7284.00        
  pcre             1349792         23              2               900300          58686.00        20642.00        62309.00       
  urilen           467270          76              26              28260           6148.00         7050.00         5679.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          148836          20              4               17008           7441.00         11490.00        6429.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11600           2               0               5960            5800.00         0.00            5800.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1956432         276             174             32664           7088.00         7267.00         6782.00        
  pcre             457762          29              9               32850           15784.00        17094.00        15195.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          543850          32              16              329174          16995.00        27862.00        6128.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9886            2               0               4960            4943.00         0.00            4943.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13406           2               0               6790            6703.00         0.00            6703.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43350           7               5               7368            6192.00         6374.00         5738.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          585634          94              58              23324           6230.00         6869.00         5199.00        
  pcre             48750           4               4               17366           12187.00        12187.00        0.00           


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-09-30 15:35:47,088 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-30 15:35:48,155 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-30 15:35:48,155 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-30 15:35:48,156 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-30 15:35:48,156 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-30 15:35:48,156 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/52809bbe3250a55ee93b627a820d329a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09302019.1535-network.pcap -vvv -k none
2019-09-30 15:36:18,429 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-30 15:36:18,430 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 31.3521101475