Filename: pcap (12).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.9364311695 seconds
Hash: 537db7bbea1c60f6c9bec49d5261ae53
Uploaded: 1547125260

Logfiles


suricata-4.0.0-etpro-all-alert-2019-01-10-T-13-01-23-01102019.1301-pcap_12.pcap.txt - (218 bytes) - download
1
12/26/2018-06:29:41.028740  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.1:80 -> 192.168.56.102:49167


packet_stats.log - (13727 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10           448380        9596594       4709509         47.1m    1.36
 IPv4       6            14         34934119       50729848      39924032        558.9m   16.14
 IPv4      17           114          2793537       50625824      25065146          2.9b   82.50
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            88903         131829         98660        986.6k    1.98
TMM_FLOWWORKER              IPv4       6            14            69404        3723729        475211          6.7m   13.35
TMM_FLOWWORKER              IPv4      17           114           123379        7829536        362869         41.4m   83.00
TMM_RECEIVEPCAPFILE         IPv4       2            10             2546           2866          2737         27.4k    0.05
TMM_RECEIVEPCAPFILE         IPv4       6            14             2555           3438          2835         39.7k    0.08
TMM_RECEIVEPCAPFILE         IPv4      17           114             2545           3959          2852        325.2k    0.65
TMM_DECODEPCAPFILE          IPv4       2            10             2650           9983          3492         34.9k    0.07
TMM_DECODEPCAPFILE          IPv4       6            14             2715           4308          2994         41.9k    0.08
TMM_DECODEPCAPFILE          IPv4      17           114             2658          33191          3177        362.3k    0.73

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            14             3010           4724          3495         48.9k  0.11  
flow                    IPv4      17           114             2652          32441          3667        418.0k  0.94  
stream                  IPv4       6            14             2962         296413         42733        598.3k  1.35  
app-layer               IPv4      17           114             2521         107005          7823        891.9k  2.01  
detect                  IPv4       2            10            83438         125630         92993        929.9k  2.10  
detect                  IPv4       6            14            45331        3414981        376976          5.3m  11.91 
detect                  IPv4      17           114           103127        7805050        316835         36.1m  81.48 
tcp-prune               IPv4       6            14             2573           5089          3110         43.5k  0.10  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1             9900           9900          9900          9.9k  4.87  
dns                     IPv4      17            36             3451          26586          5376        193.5k  95.13 
Proto detect            IPv4      17            41             2809         101744          7396        303.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            60276          60276         60276         60.3k  2.37  
LOGGER_UNIFIED2             IPv4       6             1           108960         108960        108960        109.0k  4.28  
LOGGER_JSON_ALERT           IPv4       6             1            68375          68375         68375         68.4k  2.68  
LOGGER_JSON_DNS             IPv4      17            32            27723         489087         65053          2.1m  81.75 
LOGGER_JSON_HTTP            IPv4       6             1           136524         136524        136524        136.5k  5.36  
LOGGER_JSON_FILE            IPv4       6             1            90741          90741         90741         90.7k  3.56  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             5             2836          71411         31180       155.9k  7.91  
payload                           IPv4      17           114             3107          54651         10177         1.2m  58.86 
stream                            IPv4       6             5             2545         122872         40927       204.6k  10.38 
http_uri                          IPv4       6             1            34863          34863         34863        34.9k  1.77  
http_request_line                 IPv4       6             1             8187           8187          8187         8.2k  0.42  
http_client_body                  IPv4       6             1             3651           3651          3651         3.7k  0.19  
http_header (request)             IPv4       6             1            61024          61024         61024        61.0k  3.10  
http_header (request trailer)     IPv4       6             1            33407          33407         33407        33.4k  1.69  
http_header_names (request)       IPv4       6             1            16741          16741         16741        16.7k  0.85  
http_accept (request)             IPv4       6             1             3764           3764          3764         3.8k  0.19  
http_referer (request)            IPv4       6             1             3372           3372          3372         3.4k  0.17  
http_content_len (request)        IPv4       6             1             3628           3628          3628         3.6k  0.18  
http_content_type (request)       IPv4       6             1            13814          13814         13814        13.8k  0.70  
http_protocol (request)           IPv4       6             1             5047           5047          5047         5.0k  0.26  
http_start (request)              IPv4       6             1            14223          14223         14223        14.2k  0.72  
http_raw_header (request)         IPv4       6             1            10825          10825         10825        10.8k  0.55  
http_method                       IPv4       6             1             7058           7058          7058         7.1k  0.36  
http_cookie (request)             IPv4       6             1             3332           3332          3332         3.3k  0.17  
http_raw_uri                      IPv4       6             1             8087           8087          8087         8.1k  0.41  
http_user_agent                   IPv4       6             1             2964           2964          2964         3.0k  0.15  
http_host                         IPv4       6             1             7478           7478          7478         7.5k  0.38  
dns_query                         IPv4      17            16             3066          23158          8446       135.1k  6.86  
http_response_line                IPv4       6             1             9868           9868          9868         9.9k  0.50  
http_header (response)            IPv4       6             1            36490          36490         36490        36.5k  1.85  
http_header (response trailer)    IPv4       6             1             2822           2822          2822         2.8k  0.14  
http_content_type (response)      IPv4       6             1             8222           8222          8222         8.2k  0.42  
http_raw_header (response)        IPv4       6             1             8996           8996          8996         9.0k  0.46  
http_cookie (response)            IPv4       6             1             3276           3276          3276         3.3k  0.17  
http_stat_code                    IPv4       6             1             4240           4240          4240         4.2k  0.22  
Total                             IPv4                   165                                         11947         2.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10            36769          74992         44545        445.5k  1.01  
PROF_DETECT_IPONLY          IPv4       6             4            10565          64239         39248        157.0k  0.36  
PROF_DETECT_IPONLY          IPv4      17            41            36891          89336         42891          1.8m  3.99  
PROF_DETECT_RULES           IPv4       2            10             2534           3146          2637         26.4k  0.06  
PROF_DETECT_RULES           IPv4       6            14             2772        2961495        246308          3.4m  7.83  
PROF_DETECT_RULES           IPv4      17           114            44638        7742203        220845         25.2m  57.14 
PROF_DETECT_STATEFUL_START    IPv4       6             3             6743        1516187        548707          1.6m  3.74  
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2536           3358          2624         26.2k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv4       6            14             2542           7655          4355         61.0k  0.14  
PROF_DETECT_STATEFUL_CONT    IPv4      17           114             2513          44290          4557        519.6k  1.18  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             6             2573           3277          2777         16.7k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            32             2588          20750          4255        136.2k  0.31  
PROF_DETECT_PREFILTER       IPv4       2            10             7812          12664          8819         88.2k  0.20  
PROF_DETECT_PREFILTER       IPv4       6            14             7892         408378         71656          1.0m  2.28  
PROF_DETECT_PREFILTER       IPv4      17           114            23751         106727         36189          4.1m  9.36  
PROF_DETECT_PF_PAYLOAD      IPv4       6             5            31878         134174         79937        399.7k  0.91  
PROF_DETECT_PF_PAYLOAD      IPv4      17           114             8350          59753         15403          1.8m  3.99  
PROF_DETECT_PF_TX           IPv4       6             6             2724         294194         67682        406.1k  0.92  
PROF_DETECT_PF_TX           IPv4      17            16             8340          29207         14010        224.2k  0.51  
PROF_DETECT_PF_SORT1        IPv4       6             4             2822          11591          5283         21.1k  0.05  
PROF_DETECT_PF_SORT1        IPv4      17           114             2586           5563          3425        390.5k  0.89  
PROF_DETECT_PF_SORT2        IPv4       2            10             2522           2785          2615         26.2k  0.06  
PROF_DETECT_PF_SORT2        IPv4       6            14             2534           5033          3044         42.6k  0.10  
PROF_DETECT_PF_SORT2        IPv4      17           114             2542          19828          2961        337.6k  0.77  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2522           2852          2727         27.3k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       6            14             2591           3960          3019         42.3k  0.10  
PROF_DETECT_NONMPMLIST      IPv4      17           114             2520           8668          2870        327.2k  0.74  
PROF_DETECT_ALERT           IPv4       2            10             2529           2750          2581         25.8k  0.06  
PROF_DETECT_ALERT           IPv4       6            14             2527          12989          3391         47.5k  0.11  
PROF_DETECT_ALERT           IPv4      17           114             2525           3660          2666        304.0k  0.69  
PROF_DETECT_CLEANUP         IPv4       2            10             2510           2976          2587         25.9k  0.06  
PROF_DETECT_CLEANUP         IPv4       6            14             2605          20188          4282         59.9k  0.14  
PROF_DETECT_CLEANUP         IPv4      17           114             2519           6682          2876        328.0k  0.74  
PROF_DETECT_GETSGH          IPv4       2            10             2533           2826          2733         27.3k  0.06  
PROF_DETECT_GETSGH          IPv4       6            14             2549          21518          4874         68.2k  0.15  
PROF_DETECT_GETSGH          IPv4      17           114             2513          31123          4743        540.7k  1.23  


stats.log - (2910 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 1/10/2019 -- 13:01:23 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 156
decoder.bytes                              | Total                     | 14249
decoder.ipv4                               | Total                     | 138
decoder.ethernet                           | Total                     | 156
decoder.tcp                                | Total                     | 14
decoder.udp                                | Total                     | 114
decoder.avg_pkt_size                       | Total                     | 91
decoder.max_pkt_size                       | Total                     | 312
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 25
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 16
app_layer.tx.dns_udp                       | Total                     | 16
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 9
flow_mgr.flows_notimeout                   | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65527
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (12092 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{"timestamp":"2018-12-26T06:29:34.473578+0000","flow_id":60370593921514,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.56.102","src_port":64404,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16488,"rrname":"5.5.3.e.d.6.d.f.1.2.a.8.5.a.1.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:34.474560+0000","flow_id":476744050949568,"pcap_cnt":43,"event_type":"dns","src_ip":"192.168.56.102","src_port":62331,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37094,"rrname":"115.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:34.699561+0000","flow_id":476744050949568,"pcap_cnt":52,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":62331,"proto":"UDP","dns":{"type":"answer","id":37094,"rcode":"NOERROR","rrname":"115.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:34.708944+0000","flow_id":60370593921514,"pcap_cnt":53,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":64404,"proto":"UDP","dns":{"type":"answer","id":16488,"rcode":"NOERROR","rrname":"5.5.3.e.d.6.d.f.1.2.a.8.5.a.1.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:35.305137+0000","flow_id":1014495431337969,"pcap_cnt":62,"event_type":"dns","src_ip":"192.168.56.102","src_port":55801,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4732,"rrname":"107.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:35.523733+0000","flow_id":1014495431337969,"pcap_cnt":67,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":55801,"proto":"UDP","dns":{"type":"answer","id":4732,"rcode":"NOERROR","rrname":"107.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:37.668660+0000","flow_id":1973372650075124,"pcap_cnt":87,"event_type":"dns","src_ip":"192.168.56.102","src_port":52106,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5127,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:37.682327+0000","flow_id":1971046925298007,"pcap_cnt":88,"event_type":"dns","src_ip":"192.168.56.102","src_port":53459,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8563,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:37.895503+0000","flow_id":1973372650075124,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":52106,"proto":"UDP","dns":{"type":"answer","id":5127,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:37.913978+0000","flow_id":1971046925298007,"pcap_cnt":92,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":53459,"proto":"UDP","dns":{"type":"answer","id":8563,"rcode":"NOERROR","rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:40.721541+0000","flow_id":56930325496453,"pcap_cnt":109,"event_type":"dns","src_ip":"192.168.56.102","src_port":65079,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10352,"rrname":"fantasy85f.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-26T06:29:40.977896+0000","flow_id":56930325496453,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":65079,"proto":"UDP","dns":{"type":"answer","id":10352,"rcode":"NOERROR","rrname":"fantasy85f.com","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:41.026453+0000","flow_id":668387639569058,"pcap_cnt":120,"event_type":"http","src_ip":"192.168.56.102","src_port":49167,"dest_ip":"192.168.56.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"fantasy85f.com","url":"\/index.php?hl=us&source=hp&q=27212&aq=f&aqi=&oq=","http_content_type":"text\/html"}}
{"timestamp":"2018-12-26T06:29:41.028740+0000","flow_id":668387639569058,"pcap_cnt":122,"event_type":"alert","src_ip":"192.168.56.1","src_port":80,"dest_ip":"192.168.56.102","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2018-12-26T06:29:41.028740+0000","flow_id":668387639569058,"pcap_cnt":122,"event_type":"fileinfo","src_ip":"192.168.56.1","src_port":80,"dest_ip":"192.168.56.102","dest_port":49167,"proto":"TCP","http":{"hostname":"fantasy85f.com","url":"\/index.php?hl=us&source=hp&q=27212&aq=f&aqi=&oq=","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2018-12-26T06:29:43.167867+0000","flow_id":2024091919290299,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.56.102","src_port":53010,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20900,"rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:43.168289+0000","flow_id":2145830619812193,"pcap_cnt":124,"event_type":"dns","src_ip":"192.168.56.102","src_port":55238,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51771,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:43.390553+0000","flow_id":2145830619812193,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":55238,"proto":"UDP","dns":{"type":"answer","id":51771,"rcode":"NOERROR","rrname":"110.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:43.399459+0000","flow_id":2024091919290299,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":53010,"proto":"UDP","dns":{"type":"answer","id":20900,"rcode":"NOERROR","rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:46.912734+0000","flow_id":104722574536030,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.56.102","src_port":49226,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16628,"rrname":"watson.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-26T06:29:47.056972+0000","flow_id":104722574536030,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":49226,"proto":"UDP","dns":{"type":"answer","id":16628,"rcode":"NOERROR","rrname":"watson.microsoft.com","rrtype":"A","ttl":0,"rdata":"51.143.22.239"}}
{"timestamp":"2018-12-26T06:29:47.059525+0000","flow_id":480164993296517,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.56.102","src_port":58254,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62030,"rrname":"watson.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-26T06:29:47.195550+0000","flow_id":480164993296517,"pcap_cnt":140,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":58254,"proto":"UDP","dns":{"type":"answer","id":62030,"rcode":"NOERROR","rrname":"watson.microsoft.com","rrtype":"A","ttl":0,"rdata":"51.143.22.239"}}
{"timestamp":"2018-12-26T06:29:51.691384+0000","flow_id":1094716831534264,"pcap_cnt":143,"event_type":"dns","src_ip":"192.168.56.102","src_port":50269,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30061,"rrname":"8.a.f.c.3.1.0.9.f.3.2.3.1.d.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:51.691741+0000","flow_id":807866703253021,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.56.102","src_port":55387,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37963,"rrname":"117.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:51.912417+0000","flow_id":807866703253021,"pcap_cnt":145,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":55387,"proto":"UDP","dns":{"type":"answer","id":37963,"rcode":"NOERROR","rrname":"117.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:51.932246+0000","flow_id":1094716831534264,"pcap_cnt":146,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":50269,"proto":"UDP","dns":{"type":"answer","id":30061,"rcode":"NOERROR","rrname":"8.a.f.c.3.1.0.9.f.3.2.3.1.d.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:56.999856+0000","flow_id":1620549677892016,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.56.102","src_port":65174,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27673,"rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:57.000100+0000","flow_id":1261217681571940,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.102","src_port":57995,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14107,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:29:57.230103+0000","flow_id":1261217681571940,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":57995,"proto":"UDP","dns":{"type":"answer","id":14107,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:29:57.231273+0000","flow_id":1620549677892016,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":65174,"proto":"UDP","dns":{"type":"answer","id":27673,"rcode":"NOERROR","rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:30:03.291764+0000","flow_id":1412804257739700,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.56.102","src_port":52252,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56554,"rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:30:03.292565+0000","flow_id":1021833384785621,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.56.102","src_port":55843,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63288,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-26T06:30:03.522423+0000","flow_id":1021833384785621,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":55843,"proto":"UDP","dns":{"type":"answer","id":63288,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-26T06:30:03.523533+0000","flow_id":1412804257739700,"pcap_cnt":155,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":52252,"proto":"UDP","dns":{"type":"answer","id":56554,"rcode":"NOERROR","rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}


keyword_perf.log - (8006 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/10/2019 -- 13:01:23
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             295875          84              84              16704           3522.00         3522.00         0.00           
  content          1187999         330             217             25426           3599.00         3671.00         3462.00        
  pcre             252509          36              2               39046           7014.00         4787.00         7145.00        
  byte_test        886571          166             69              383477          5340.00         2919.00         7062.00        
  byte_jump        12372           4               4               4170            3093.00         3093.00         0.00           
  isdataat         8744            3               0               3310            2914.00         0.00            2914.00        
  urilen           96606           29              9               4671            3331.00         3475.00         3266.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             295875          84              84              16704           3522.00         3522.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          673741          208             130             20176           3239.00         3238.00         3239.00        
  pcre             63843           9               0               19606           7093.00         0.00            7093.00        
  byte_test        886571          166             69              383477          5340.00         2919.00         7062.00        
  byte_jump        12372           4               4               4170            3093.00         3093.00         0.00           
  isdataat         8744            3               0               3310            2914.00         0.00            2914.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          270711          60              45              25426           4511.00         4699.00         3947.00        
  pcre             140227          24              2               12077           5842.00         4787.00         5938.00        
  urilen           96606           29              9               4671            3331.00         3475.00         3266.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3057            1               0               3057            3057.00         0.00            3057.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          179603          46              38              5660            3904.00         3957.00         3653.00        
  pcre             48439           3               0               39046           16146.00        0.00            16146.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10567           3               3               3616            3522.00         3522.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43886           10              1               15551           4388.00         3230.00         4517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6434            2               0               3237            3217.00         0.00            3217.00        


suricata-report-2019-01-10-T-13-01-23-01102019.1301-pcap_12.pcap.txt - (17649 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/537db7bbea1c60f6c9bec49d5261ae5356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01102019.1301-pcap_12.pcap -vvv -k none
elapsedtime:21.983022
stderr:
stdout:
10/1/2019 -- 13:01:01 - <Info> - Configuration node 'rule-files' redefined.
10/1/2019 -- 13:01:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
10/1/2019 -- 13:01:01 - <Info> - CPUs/cores online: 1
10/1/2019 -- 13:01:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32404 and 'request-body-inspect-window' set to 16518 after randomization.
10/1/2019 -- 13:01:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32120 and 'response-body-inspect-window' set to 15814 after randomization.
10/1/2019 -- 13:01:01 - <Config> - DNS request flood protection level: 500
10/1/2019 -- 13:01:01 - <Config> - DNS per flow memcap (state-memcap): 524288
10/1/2019 -- 13:01:01 - <Config> - DNS global memcap: 16777216
10/1/2019 -- 13:01:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
10/1/2019 -- 13:01:01 - <Config> - preallocated 1000 hosts of size 136
10/1/2019 -- 13:01:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
10/1/2019 -- 13:01:01 - <Config> - using magic-file /usr/share/file/magic
10/1/2019 -- 13:01:01 - <Config> - Core dump size is unlimited.
10/1/2019 -- 13:01:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
10/1/2019 -- 13:01:01 - <Config> - preallocated 1000 defrag trackers of size 168
10/1/2019 -- 13:01:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
10/1/2019 -- 13:01:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
10/1/2019 -- 13:01:01 - <Config> - stream "memcap": 33554432
10/1/2019 -- 13:01:01 - <Config> - stream "midstream" session pickups: disabled
10/1/2019 -- 13:01:01 - <Config> - stream "async-oneside": disabled
10/1/2019 -- 13:01:01 - <Config> - stream "checksum-validation": disabled
10/1/2019 -- 13:01:01 - <Config> - stream."inline": disabled
10/1/2019 -- 13:01:01 - <Config> - stream "bypass": disabled
10/1/2019 -- 13:01:01 - <Config> - stream "max-synack-queued": 5
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly "memcap": 134217728
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly "depth": 0
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly "toserver-chunk-size": 2554
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly "toclient-chunk-size": 2552
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly.raw: enabled
10/1/2019 -- 13:01:01 - <Config> - stream.reassembly "segment-prealloc": 2048
10/1/2019 -- 13:01:01 - <Config> - Delayed detect disabled
10/1/2019 -- 13:01:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
10/1/2019 -- 13:01:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
10/1/2019 -- 13:01:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
10/1/2019 -- 13:01:01 - <Config> - prefilter engines: MPM
10/1/2019 -- 13:01:01 - <Config> - IP reputation disabled
10/1/2019 -- 13:01:01 - <Perf> - Registered 148 keyword profiling counters.
10/1/2019 -- 13:01:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
10/1/2019 -- 13:01:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
10/1/2019 -- 13:01:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
10/1/2019 -- 13:01:06 - <Config> - No rules loaded from ET-icmp.rules.
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
10/1/2019 -- 13:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
10/1/2019 -- 13:01:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
10/1/2019 -- 13:01:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
10/1/2019 -- 13:01:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
10/1/2019 -- 13:01:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
10/1/2019 -- 13:01:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
10/1/2019 -- 13:01:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
10/1/2019 -- 13:01:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
10/1/2019 -- 13:01:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
10/1/2019 -- 13:01:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
10/1/2019 -- 13:01:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
10/1/2019 -- 13:01:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
10/1/2019 -- 13:01:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
10/1/2019 -- 13:01:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
10/1/2019 -- 13:01:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
10/1/2019 -- 13:01:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
10/1/2019 -- 13:01:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
10/1/2019 -- 13:01:14 - <Config> - No rules loaded from local.rules.
10/1/2019 -- 13:01:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
10/1/2019 -- 13:01:14 - <Info> - Threshold config parsed: 0 rule(s) found
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tcp-packet
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tcp-stream
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for udp-packet
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for other-ip
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_uri
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_request_line
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_client_body
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_response_line
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_header
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_header
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_header_names
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_header_names
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_accept
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_accept_enc
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_accept_lang
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_referer
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_connection
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_content_len
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_content_len
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_content_type
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_content_type
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_protocol
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_protocol
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_start
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_start
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_raw_header
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_raw_header
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_method
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_cookie
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_cookie
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_raw_uri
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_user_agent
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_host
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_raw_host
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_stat_msg
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_stat_code
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for dns_query
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tls_sni
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for tls_cert_serial
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for dce_stub_data
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for dce_stub_data
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for ssh_protocol
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for ssh_protocol
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for ssh_software
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for ssh_software
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for file_data
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for file_data
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_request_line
10/1/2019 -- 13:01:14 - <Perf> - using shared mpm ctx' for http_response_line
10/1/2019 -- 13:01:14 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
10/1/2019 -- 13:01:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
10/1/2019 -- 13:01:14 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
10/1/2019 -- 13:01:14 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
10/1/2019 -- 13:01:14 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
10/1/2019 -- 13:01:14 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
10/1/2019 -- 13:01:14 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
10/1/2019 -- 13:01:14 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
10/1/2019 -- 13:01:20 - <Perf> - Unique rule groups: 104
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toserver TCP packet": 35
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toclient TCP packet": 17
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toserver TCP stream": 33
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toclient TCP stream": 19
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toserver UDP packet": 27
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "toclient UDP packet": 17
10/1/2019 -- 13:01:20 - <Perf> - Builtin MPM "other IP packet": 3
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_uri": 14
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_request_line": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_client_body": 6
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_response_line": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_header": 10
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_header": 6
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_header_names": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_accept": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_referer": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_content_len": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_content_type": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_content_type": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_protocol": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_start": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_method": 5
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_cookie": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_cookie": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver http_host": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver dns_query": 4
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver tls_sni": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toserver file_data": 1
10/1/2019 -- 13:01:20 - <Perf> - AppLayer MPM "toclient file_data": 7
10/1/2019 -- 13:01:22 - <Perf> - Registered 39590 rule profiling counters.
10/1/2019 -- 13:01:22 - <Info> - fast output device (regular) initialized: alert
10/1/2019 -- 13:01:22 - <Info> - eve-log output device (regular) initialized: eve.json
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'alert'
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'http'
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'dns'
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'tls'
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'files'
10/1/2019 -- 13:01:22 - <Config> - enabling 'eve-log' module 'ssh'
10/1/2019 -- 13:01:22 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
10/1/2019 -- 13:01:22 - <Info> - stats output device (regular) initialized: stats.log
10/1/2019 -- 13:01:22 - <Config> - AutoFP mode using "Hash" flow load balancer
10/1/2019 -- 13:01:22 - <Info> - reading pcap file /var/pcap/01102019.1301-pcap_12.pcap
10/1/2019 -- 13:01:22 - <Config> - using 1 flow manager threads
10/1/2019 -- 13:01:22 - <Config

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-01-10-T-13-01-23-01102019.1301-pcap_12.pcap.txt - (19926 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/10/2019 -- 13:01:23. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2009702      1        5        775577       6.83   32       0        404891      24236.78    0.00        24236.78   
  2        2009243      1        2        546014       4.81   60       0        384549      9100.23     0.00        9100.23    
  3        2008120      1        4        695454       6.12   114      0        383140      6100.47     0.00        6100.47    
  4        2014703      1        9        419431       3.69   32       0        172171      13107.22    0.00        13107.22   
  5        2805348      1        4        223415       1.97   4        0        66064       55853.75    0.00        55853.75   
  6        2828060      1        4        63628        0.56   1        0        63628       63628.00    0.00        63628.00   
  7        2811826      1        7        61586        0.54   1        0        61586       61586.00    0.00        61586.00   
  8        2014701      1        12       405878       3.57   32       0        58410       12683.69    0.00        12683.69   
  9        2819785      1        2        54325        0.48   1        0        54325       54325.00    0.00        54325.00   
  10       2815568      1        2        53711        0.47   1        0        53711       53711.00    0.00        53711.00   
  11       2014442      1        6        52448        0.46   1        0        52448       52448.00    0.00        52448.00   
  12       2022543      1        1        80923        0.71   3        0        50398       26974.33    0.00        26974.33   
  13       2810991      1        4        50184        0.44   1        0        50184       50184.00    0.00        50184.00   
  14       2016706      1        20       49324        0.43   1        0        49324       49324.00    0.00        49324.00   
  15       2812433      1        2        49276        0.43   1        0        49276       49276.00    0.00        49276.00   
  16       2821615      1        2        47712        0.42   1        0        47712       47712.00    0.00        47712.00   
  17       2021038      1        4        47398        0.42   1        0        47398       47398.00    0.00        47398.00   
  18       2815220      1        2        47313        0.42   1        0        47313       47313.00    0.00        47313.00   
  19       2016537      1        2        61178        0.54   2        0        45032       30589.00    0.00        30589.00   
  20       2828986      1        2        43493        0.38   1        0        43493       43493.00    0.00        43493.00   
  21       2823858      1        3        41993        0.37   1        0        41993       41993.00    0.00        41993.00   
  22       2816895      1        2        41922        0.37   1        0        41922       41922.00    0.00        41922.00   
  23       2816055      1        2        40919        0.36   1        0        40919       40919.00    0.00        40919.00   
  24       2017264      1        2        40521        0.36   1        0        40521       40521.00    0.00        40521.00   
  25       2826256      1        2        40128        0.35   1        0        40128       40128.00    0.00        40128.00   
  26       2017259      1        12       39952        0.35   1        0        39952       39952.00    0.00        39952.00   
  27       2807682      1        2        39732        0.35   1        0        39732       39732.00    0.00        39732.00   
  28       2821561      1        2        36919        0.32   1        0        36919       36919.00    0.00        36919.00   
  29       2815180      1        3        36361        0.32   1        0        36361       36361.00    0.00        36361.00   
  30       2017556      1        3        35991        0.32   1        0        35991       35991.00    0.00        35991.00   
  31       2021718      1        4        35980        0.32   1        0        35980       35980.00    0.00        35980.00   
  32       2827610      1        1        35002        0.31   1        0        35002       35002.00    0.00        35002.00   
  33       2015877      1        6        34899        0.31   1        0        34899       34899.00    0.00        34899.00   
  34       2814883      1        3        34810        0.31   1        0        34810       34810.00    0.00        34810.00   
  35       2816165      1        5        34517        0.30   1        0        34517       34517.00    0.00        34517.00   
  36       2807793      1        4        34309        0.30   1        0        34309       34309.00    0.00        34309.00   
  37       2019094      1        5        34233        0.30   1        0        34233       34233.00    0.00        34233.00   
  38       2815181      1        3        33609        0.30   1        0        33609       33609.00    0.00        33609.00   
  39       2815182      1        3        33436        0.29   1        0        33436       33436.00    0.00        33436.00   
  40       2809850      1        2        134170       1.18   7        0        33022       19167.14    0.00        19167.14   
  41       2021418      1        9        32916        0.29   1        0        32916       32916.00    0.00        32916.00   
  42       2017119      1        4        32572        0.29   1        0        32572       32572.00    0.00        32572.00   
  43       2809363      1        3        32554        0.29   1        0        32554       32554.00    0.00        32554.00   
  44       2021399      1        3        32404        0.29   1        0        32404       32404.00    0.00        32404.00   
  45       2806132      1        3        31968        0.28   1        0        31968       31968.00    0.00        31968.00   
  46       2017948      1        2        31960        0.28   1        0        31960       31960.00    0.00        31960.00   
  47       2807970      1        8        31200        0.27   1        0        31200       31200.00    0.00        31200.00   
  48       2022901      1        2        30543        0.27   1        0        30543       30543.00    0.00        30543.00   
  49       2021413      1        2        30043        0.26   1        0        30043       30043.00    0.00        30043.00   
  50       2816710      1        2        29837        0.26   1        0        29837       29837.00    0.00        29837.00   
  51       2821471      1        2        29608        0.26   1        0        29608       29608.00    0.00        29608.00   
  52       2807440      1        3        29478        0.26   1        0        29478       29478.00    0.00        29478.00   
  53       2008377      1        5        29417        0.26   1        0        29417       29417.00    0.00        29417.00   
  54       2020963      1        2        29343        0.26   1        0        29343       29343.00    0.00        29343.00   
  55       2017552      1        6        43519        0.38   2        0        28861       21759.50    0.00        21759.50   
  56       2024771      1        1        28829        0.25   1        0        28829       28829.00    0.00        28829.00   
  57       2819993      1        2        28735        0.25   1        0        28735       28735.00    0.00        28735.00   
  58       2815156      1        2        28485        0.25   1        0        28485       28485.00    0.00        28485.00   
  59       2014702      1        9        271024       2.39   32       0        28409       8469.50     0.00        8469.50    
  60       2020964      1        2        28205        0.25   1        0        28205       28205.00    0.00        28205.00   
  61       2020181      1        8        27928        0.25   1        0        27928       27928.00    0.00        27928.00   
  62       2811905      1        3        27890        0.25   1        0        27890       27890.00    0.00        27890.00   
  63       2020962      1        3        27860        0.25   1        0        27860       27860.00    0.00        27860.00   
  64       2024606      1        2        27831        0.24   1        0        27831       27831.00    0.00        27831.00   
  65       2829848      1        2        27722        0.24   1        0        27722       27722.00    0.00        27722.00   
  66       2017261      1        3        27374        0.24   1        0        27374       27374.00    0.00        27374.00   
  67       2803760      1        3        257833       2.27   16       0        27196       16114.56    0.00        16114.56   
  68       2010140      1        7        638176       5.62   114      0        27024       5598.04     0.00        5598.04    
  69       2014844      1        3        26146        0.23   1        0        26146       26146.00    0.00        26146.00   
  70       2809511      1        4        25076        0.22   1        0        25076       25076.00    0.00        25076.00   
  71       2806068      1        2        24250        0.21   1        0        24250       24250.00    0.00        24250.00   
  72       2017036      1        3        24239        0.21   1        0        24239       24239.00    0.00        24239.00   
  73       2016809      1        5        23121        0.20   1        0        23121       23121.00    0.00        23121.00   
  74       2823457      1        4        23110        0.20   1        0        23110       23110.00    0.00        23110.00   
  75       2018793      1        4        22779        0.20   1        0        22779       22779.00    0.00        22779.00   
  76       2816669      1        4        22672        0.20   1        0        22672       22672.00    0.00        22672.00   
  77       2012707      1        5        22611        0.20   1        0        22611       22611.00    0.00        22611.00   
  78       2017363      1        2        22547        0.20   1        1        22547       22547.00    22547.00    0.00       
  79       2023401      1        5        22115        0.19   1        0        22115       22115.00    0.00        22115.00   
  80       2013075      1        8        62368        0.55   16       0        22042       3898.00     0.00        3898.00    
  81       2816668      1        3        22009        0.19   1        0        22009       22009.00    0.00        22009.00   
  82       2822633      1        3        21909        0.19   1        0        21909       21909.00    0.00        21909.00   
  83       2024020      1        2        21804        0.19   1        0        21804       21804.00    0.00        21804.00   
  84       2017454      1        12       21459        0.19   1        0        21459       21459.00    0.00        21459.00   
  85       2802822      1        1        68807        0.61   18       0        21239       3822.61     0.00        3822.61    
  86       2821569      1        7        21175        0.19   1        0        21175       21175.00    0.00        21175.00   
  87       2017076      1        9        21049        0.19   1        0        21049       21049.00    0.00        21049.00   
  88       2014967      1        3        21014        0.18   1        0        21014       21014.00    0.00        21014.00   
  89       2813027      1        3        21005        0.18   1        0        21005       21005.00    0.00        21005.00   
  90       2816899      1        2        20902        0.18   1        0        20902       20902.00    0.00        20902.00   
  91       2824220      1        3        20893        0.18   1        0        20893       20893.00    0.00        20893.00   
  92       2824910      1        2        20728        0.18   1        0        20728       20728.00    0.00        20728.00   
  93       2019378      1        12       20566        0.18   1        0        20566       20566.00    0.00        20566.00   
  94       2023614      1        3        82398        0.73   24       0        20429       3433.25     0.00        3433.25    
  95       2024048      1        2        20291        0.18   1        0        20291       20291.00    0.00        20291.00   
  96       2017456      1        3        20171        0.18   1        0        20171       20171.00    0.00        20171.00   
  97       2023625      1        3        196464       1.73   68       0        20128       2889.18     0.00        2889.18    
  98       2823788      1        4        65240        0.57   16       0        18060       4077.50     0.00        4077.50    
  99       2826281      1        2        231192       2.03   16       0        17722       14449.50    0.00        14449.50   
  100      2023617      1        3        102196       0.90   28       0        17619       3649.86     0.00        3649.86    
  101      2023623      1        3        155965       1.37   54       0        17370       2888.24     0.00        2888.24    
  102      2811544      1        1        53148        0.47   6        0        16302       8858.00     0.00        8858.00    
  103      2023622      1        3        294084       2.59   106      0        15711       2774.38     0.00        2774.38    
  104      2811577      1        2        50376        0.44   6        0        15125       8396.00     0.00        8396.00    
  105      2019230      1        2        52220        0.46   6        0        15083       8703.33     0.00        8703.33    
  106      2010143      1        3        405465       3.57   114      0        10805       3556.71     0.00        3556.71    
  107      2022914      1        1        103396       0.91   12       0        10554       8616.33     0.00        8616.33    
  108      2805211      1        1        101922       0.90   12       0        9776        8493.50     0.00        8493.50    
  109      2100540      1        12       15208        0.13   4        0        5840        3802.00     0.00        3802.00    
  110      2023626      1        3        195172       1.72   74       0        5737        2637.46     0.00        2637.46    
  111      2802205      1        3        12428        0.11   4        0        4644        3107.00     0.00        3107.00    
  112      2008117      1        3        53117        0.47   18       0        4347        2950.94     0.00        2950.94    
  113      2810793      1        5        4289         0.04   1        0        4289        4289.00     0.00        4289.00    
  114      2013739      1        15       215055       1.89   82       0        4156        2622.62     0.00        2622.62    
  115      2804586      1        2        4093         0.04   1        0        4093        4093.00     0.00        4093.00    
  116      2023627      1        3        191535       1.69   72       0        3910        2660.21     0.00        2660.21    
  117      2823937      1        13       3669         0.03   1        0        3669        3669.00     0.00        3669.00    
  118      2100540      1        12       12720        0.11   4        0        3649        3180.00     0.00        3180.00    
  119      2025200      1        1        91765        0.81   32       0        3603        2867.66     0.00        2867.66    
  120      2023613      1        3        55921        0.49   20       0        3599        2796.05     0.00        2796.05    
  121      2828877      1        1        3590         0.03   1        0        3590        3590.00     0.00        3590.00    
  122      2008420      1        4        6725         0.06   2        0        3474        3362.50     0.00        3362.50    
  123      2023618      1        3        70027        0.62   26       0        3455        2693.35     0.00        2693.35    
  124      2811445      1        4        3454         0.03   1        0        3454        3454.00     0.00        3454.00    
  125      2023620      1        3        1

This file has been truncated. Go here to download in full.


unified2.alert.1547125282 - (648 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
4\#ÕpDÈSÀ¨8À¨8fPÀè\#Õ\#ÕpDÌE¾ȂÀ¨8À¨8fPÀPp&HTTP/1.1 200 OK
Date: Wed, 26 Dec 2018 06:29:41 GMT
Server: INetSim HTTP Server
Connection: Close
Content-Length: 258
Content-Type: text/html

T\#Õ\#ÕpD8E*ÈÀ¨8À¨8fPÀPà4<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-01-10 13:01:00,548 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-10 13:01:01,291 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-10 13:01:01,292 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-10 13:01:01,292 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-10 13:01:01,292 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-10 13:01:01,292 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/537db7bbea1c60f6c9bec49d5261ae5356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01102019.1301-pcap_12.pcap -vvv -k none
2019-01-10 13:01:23,277 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-10 13:01:23,277 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.7437720299