Filename: pcap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.053139925 seconds
Hash: 583716d58c82fb4793339e229ac245b8
Uploaded: 1554205857

Logfiles


suricata-report-2019-04-02-T-11-51-18-04022019.1150-pcap.pcap.txt - (17430 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/583716d58c82fb4793339e229ac245b856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04022019.1150-pcap.pcap -vvv -k none
elapsedtime:20.123053
stderr:
stdout:
2/4/2019 -- 11:50:58 - <Info> - Configuration node 'rule-files' redefined.
2/4/2019 -- 11:50:58 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/4/2019 -- 11:50:58 - <Info> - CPUs/cores online: 1
2/4/2019 -- 11:50:58 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32693 and 'request-body-inspect-window' set to 16162 after randomization.
2/4/2019 -- 11:50:58 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31865 and 'response-body-inspect-window' set to 16160 after randomization.
2/4/2019 -- 11:50:58 - <Config> - DNS request flood protection level: 500
2/4/2019 -- 11:50:58 - <Config> - DNS per flow memcap (state-memcap): 524288
2/4/2019 -- 11:50:58 - <Config> - DNS global memcap: 16777216
2/4/2019 -- 11:50:58 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/4/2019 -- 11:50:58 - <Config> - preallocated 1000 hosts of size 136
2/4/2019 -- 11:50:58 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/4/2019 -- 11:50:58 - <Config> - using magic-file /usr/share/file/magic
2/4/2019 -- 11:50:58 - <Config> - Core dump size is unlimited.
2/4/2019 -- 11:50:58 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/4/2019 -- 11:50:58 - <Config> - preallocated 1000 defrag trackers of size 168
2/4/2019 -- 11:50:58 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/4/2019 -- 11:50:58 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/4/2019 -- 11:50:58 - <Config> - stream "memcap": 33554432
2/4/2019 -- 11:50:58 - <Config> - stream "midstream" session pickups: disabled
2/4/2019 -- 11:50:58 - <Config> - stream "async-oneside": disabled
2/4/2019 -- 11:50:58 - <Config> - stream "checksum-validation": disabled
2/4/2019 -- 11:50:58 - <Config> - stream."inline": disabled
2/4/2019 -- 11:50:58 - <Config> - stream "bypass": disabled
2/4/2019 -- 11:50:58 - <Config> - stream "max-synack-queued": 5
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly "memcap": 134217728
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly "depth": 0
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly "toserver-chunk-size": 2609
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly "toclient-chunk-size": 2634
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly.raw: enabled
2/4/2019 -- 11:50:58 - <Config> - stream.reassembly "segment-prealloc": 2048
2/4/2019 -- 11:50:58 - <Config> - Delayed detect disabled
2/4/2019 -- 11:50:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/4/2019 -- 11:50:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/4/2019 -- 11:50:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/4/2019 -- 11:50:58 - <Config> - prefilter engines: MPM
2/4/2019 -- 11:50:58 - <Config> - IP reputation disabled
2/4/2019 -- 11:50:58 - <Perf> - Registered 148 keyword profiling counters.
2/4/2019 -- 11:50:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/4/2019 -- 11:50:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/4/2019 -- 11:50:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/4/2019 -- 11:51:03 - <Config> - No rules loaded from ET-icmp.rules.
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/4/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/4/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/4/2019 -- 11:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/4/2019 -- 11:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/4/2019 -- 11:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/4/2019 -- 11:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/4/2019 -- 11:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/4/2019 -- 11:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/4/2019 -- 11:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/4/2019 -- 11:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/4/2019 -- 11:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/4/2019 -- 11:51:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/4/2019 -- 11:51:10 - <Config> - No rules loaded from local.rules.
2/4/2019 -- 11:51:10 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/4/2019 -- 11:51:10 - <Info> - Threshold config parsed: 0 rule(s) found
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tcp-packet
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tcp-stream
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for udp-packet
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for other-ip
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_uri
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_request_line
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_client_body
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_response_line
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_header
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_header
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_header_names
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_header_names
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_accept
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_accept_enc
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_accept_lang
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_referer
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_connection
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_content_len
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_content_len
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_content_type
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_content_type
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_protocol
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_protocol
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_start
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_start
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_raw_header
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_raw_header
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_method
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_cookie
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_cookie
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_raw_uri
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_user_agent
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_host
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_raw_host
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_stat_msg
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_stat_code
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for dns_query
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tls_sni
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for dce_stub_data
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for dce_stub_data
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for ssh_protocol
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for ssh_protocol
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for ssh_software
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for ssh_software
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for file_data
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for file_data
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_request_line
2/4/2019 -- 11:51:11 - <Perf> - using shared mpm ctx' for http_response_line
2/4/2019 -- 11:51:11 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/4/2019 -- 11:51:11 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/4/2019 -- 11:51:11 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/4/2019 -- 11:51:11 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/4/2019 -- 11:51:11 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/4/2019 -- 11:51:11 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/4/2019 -- 11:51:11 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/4/2019 -- 11:51:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/4/2019 -- 11:51:15 - <Perf> - Unique rule groups: 104
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/4/2019 -- 11:51:15 - <Perf> - Builtin MPM "other IP packet": 3
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_header": 10
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_header": 6
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_start": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_method": 5
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver http_host": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toserver file_data": 1
2/4/2019 -- 11:51:15 - <Perf> - AppLayer MPM "toclient file_data": 7
2/4/2019 -- 11:51:17 - <Perf> - Registered 39590 rule profiling counters.
2/4/2019 -- 11:51:17 - <Info> - fast output device (regular) initialized: alert
2/4/2019 -- 11:51:17 - <Info> - eve-log output device (regular) initialized: eve.json
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'alert'
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'http'
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'dns'
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'tls'
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'files'
2/4/2019 -- 11:51:17 - <Config> - enabling 'eve-log' module 'ssh'
2/4/2019 -- 11:51:17 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/4/2019 -- 11:51:17 - <Info> - stats output device (regular) initialized: stats.log
2/4/2019 -- 11:51:17 - <Config> - AutoFP mode using "Hash" flow load balancer
2/4/2019 -- 11:51:17 - <Info> - reading pcap file /var/pcap/04022019.1150-pcap.pcap
2/4/2019 -- 11:51:17 - <Config> - using 1 flow manager threads
2/4/2019 -- 11:51:17 - <Config> - using 1 flow recycler threads
2/4/2019 -- 11:51:17 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
2/4/2019 -- 11:51:17 - <Info> - pcap file end of file

This file has been truncated. Go here to download in full.


packet_stats.log - (13727 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            14          1292807      101614177      31465121        440.5m    2.64
 IPv4       6           162          4356197      101266346      68233634         11.1b   66.23
 IPv4      17           124          1751861      104408773      41892364          5.2b   31.13
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            14            88458         125862         95174          1.3m    1.23
TMM_FLOWWORKER              IPv4       6           162            66491        6310693        366957         59.4m   54.82
TMM_FLOWWORKER              IPv4      17           124           116888        9336961        370551         45.9m   42.37
TMM_RECEIVEPCAPFILE         IPv4       2            14             2562           2991          2788         39.0k    0.04
TMM_RECEIVEPCAPFILE         IPv4       6           152             2534          17414          2919        443.8k    0.41
TMM_RECEIVEPCAPFILE         IPv4      17           124             2542           4172          2876        356.7k    0.33
TMM_DECODEPCAPFILE          IPv4       2            14             2649          12573          3533         49.5k    0.05
TMM_DECODEPCAPFILE          IPv4       6           152             2654          11602          2995        455.3k    0.42
TMM_DECODEPCAPFILE          IPv4      17           124             2665          19455          3004        372.5k    0.34

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           152             2813          20213          3781        574.7k  0.60  
flow                    IPv4      17           124             2656          39519          4330        537.0k  0.56  
stream                  IPv4       6           162             2616         744015         18424          3.0m  3.11  
app-layer               IPv4      17           124             2525          96556          8279          1.0m  1.07  
detect                  IPv4       2            14            83244         120576         89614          1.3m  1.31  
detect                  IPv4       6           162            44492        5858535        304378         49.3m  51.32 
detect                  IPv4      17           124           101158        8518445        320943         39.8m  41.42 
tcp-prune               IPv4       6           162             2544          56211          3703        600.0k  0.62  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            11             3771          36883          7712         84.8k  24.92 
dns                     IPv4      17            38             3921          24425          6725        255.6k  75.08 
Proto detect            IPv4      17            38             2923          26523          5910        224.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            10            25609          76840         38042        380.4k  6.78  
LOGGER_UNIFIED2             IPv4       6            10            21401         137749         38469        384.7k  6.86  
LOGGER_JSON_ALERT           IPv4       6            10            47478          93069         65030        650.3k  11.59 
LOGGER_JSON_DNS             IPv4      17            38            29736         774477         78082          3.0m  52.88 
LOGGER_JSON_HTTP            IPv4       6            11            34047          81770         44440        488.9k  8.71  
LOGGER_JSON_FILE            IPv4       6            11            49433         128370         67274        740.0k  13.19 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            46             2569         102140         18490       850.6k  14.85 
payload                           IPv4      17           124             3225          60176         10815         1.3m  23.41 
stream                            IPv4       6            46             2555         180993         17683       813.4k  14.20 
http_uri                          IPv4       6            11            20233          59043         34503       379.5k  6.63  
http_request_line                 IPv4       6            11             5158           8190          6215        68.4k  1.19  
http_client_body                  IPv4       6            11             2835           9823          3725        41.0k  0.72  
http_header (request)             IPv4       6            11            13867          59580         26493       291.4k  5.09  
http_header (request trailer)     IPv4       6            11             2593          17692          3988        43.9k  0.77  
http_header_names (request)       IPv4       6            11             7102          22302         11848       130.3k  2.28  
http_accept (request)             IPv4       6            11             3803           7429          4660        51.3k  0.89  
http_referer (request)            IPv4       6            11             2818           3929          3018        33.2k  0.58  
http_content_len (request)        IPv4       6            11             2868           3493          3057        33.6k  0.59  
http_content_type (request)       IPv4       6            11             2825           3772          3177        35.0k  0.61  
http_protocol (request)           IPv4       6            11             4220           9239          5762        63.4k  1.11  
http_start (request)              IPv4       6            11             6982          13127          9262       101.9k  1.78  
http_raw_header (request)         IPv4       6            11             8325         407614         46301       509.3k  8.89  
http_method                       IPv4       6            11             3939           8093          4914        54.1k  0.94  
http_cookie (request)             IPv4       6            11             2943          16820          4534        49.9k  0.87  
http_raw_uri                      IPv4       6            11             5910          12736          7294        80.2k  1.40  
http_user_agent                   IPv4       6            11             5303          33473          9662       106.3k  1.86  
http_host                         IPv4       6            11             4177           9241          5421        59.6k  1.04  
dns_query                         IPv4      17            19             3370          39914          8928       169.6k  2.96  
http_response_line                IPv4       6            11             2969          10293          4102        45.1k  0.79  
http_header (response)            IPv4       6            11             5444          47786         12940       142.3k  2.48  
http_header (response trailer)    IPv4       6            11             2561           6911          3015        33.2k  0.58  
http_content_type (response)      IPv4       6            11             3158          10493          4497        49.5k  0.86  
http_raw_header (response)        IPv4       6            11             6679           9640          7347        80.8k  1.41  
http_cookie (response)            IPv4       6            11             2816           3516          3032        33.4k  0.58  
http_stat_code                    IPv4       6            11             2720           5834          3398        37.4k  0.65  
Total                             IPv4                   510                                         11232         5.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            14            36786          69513         40662        569.3k  0.53  
PROF_DETECT_IPONLY          IPv4       6            45             3496          61063         27297          1.2m  1.15  
PROF_DETECT_IPONLY          IPv4      17            46            37161        8218155        228694         10.5m  9.86  
PROF_DETECT_RULES           IPv4       2            14             2531           3173          2654         37.2k  0.03  
PROF_DETECT_RULES           IPv4       6           162             2539        5010584        202963         32.9m  30.82 
PROF_DETECT_RULES           IPv4      17           124            44032         708867        143175         17.8m  16.64 
PROF_DETECT_STATEFUL_START    IPv4       6            24             5127        2398925        651579         15.6m  14.66 
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2513           2905          2634         36.9k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6           162             2516          16299          4024        651.9k  0.61  
PROF_DETECT_STATEFUL_CONT    IPv4      17           124             2507         433592          7535        934.4k  0.88  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            49             2565          19746          3103        152.1k  0.14  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            38             2591           4090          2890        109.8k  0.10  
PROF_DETECT_PREFILTER       IPv4       2            14             7675          12144          8488        118.8k  0.11  
PROF_DETECT_PREFILTER       IPv4       6           162             7791         773510         47799          7.7m  7.26  
PROF_DETECT_PREFILTER       IPv4      17           124            23788          93651         37172          4.6m  4.32  
PROF_DETECT_PF_PAYLOAD      IPv4       6            46            16394         191503         44742          2.1m  1.93  
PROF_DETECT_PF_PAYLOAD      IPv4      17           124             8285          65901         16344          2.0m  1.90  
PROF_DETECT_PF_TX           IPv4       6            49             2726         670796         72801          3.6m  3.34  
PROF_DETECT_PF_TX           IPv4      17            19             8570          45678         14672        278.8k  0.26  
PROF_DETECT_PF_SORT1        IPv4       6            46             2700          13359          5163        237.5k  0.22  
PROF_DETECT_PF_SORT1        IPv4      17           124             2621           5476          3583        444.3k  0.42  
PROF_DETECT_PF_SORT2        IPv4       2            14             2510           2831          2613         36.6k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           162             2533          18048          3007        487.3k  0.46  
PROF_DETECT_PF_SORT2        IPv4      17           124             2546          27015          3056        379.0k  0.36  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2531           3134          2675         37.5k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6           162             2533          21007          3001        486.2k  0.46  
PROF_DETECT_NONMPMLIST      IPv4      17           124             2524          16971          2910        361.0k  0.34  
PROF_DETECT_ALERT           IPv4       2            14             2523           2815          2568         36.0k  0.03  
PROF_DETECT_ALERT           IPv4       6           162             2517          19071          2977        482.4k  0.45  
PROF_DETECT_ALERT           IPv4      17           124             2525           5105          2688        333.4k  0.31  
PROF_DETECT_CLEANUP         IPv4       2            14             2511           2853          2562         35.9k  0.03  
PROF_DETECT_CLEANUP         IPv4       6           162             2549          15129          3086        500.0k  0.47  
PROF_DETECT_CLEANUP         IPv4      17           124             2521           5625          2888        358.2k  0.34  
PROF_DETECT_GETSGH          IPv4       2            14             2546           2838          2680         37.5k  0.04  
PROF_DETECT_GETSGH          IPv4       6           162             2521         384962          6146        995.7k  0.93  
PROF_DETECT_GETSGH          IPv4      17           124             2516          22307          4131        512.3k  0.48  


suricata-4.0.0-etpro-all-alert-2019-04-02-T-11-51-18-04022019.1150-pcap.pcap.txt - (2100 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
03/02/2019-19:11:47.260466  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49166 -> 74.82.198.253:80
03/02/2019-19:11:52.395347  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49173 -> 74.82.198.253:80
03/02/2019-19:12:00.428720  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49183 -> 74.82.198.253:80
03/02/2019-19:12:08.419109  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49187 -> 74.82.198.253:80
03/02/2019-19:12:16.384495  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49197 -> 74.82.198.253:80
03/02/2019-19:12:22.380046  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49199 -> 74.82.198.253:80
03/02/2019-19:12:28.847068  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49201 -> 74.82.198.253:80
03/02/2019-19:12:35.766157  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49213 -> 74.82.198.253:80
03/02/2019-19:12:42.226610  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49215 -> 74.82.198.253:80
03/02/2019-19:12:48.225838  [**] [1:2012619:7] ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.109:49218 -> 74.82.198.253:80


suricata-4.0.0-etpro-all-perf.txt-2019-04-02-T-11-51-18-04022019.1150-pcap.pcap.txt - (24789 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/2/2019 -- 11:51:18. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816895      1        2        793435       2.05   11       0        428875      72130.45    0.00        72130.45   
  2        2017556      1        3        765885       1.98   11       0        425200      69625.91    0.00        69625.91   
  3        2809850      1        2        580533       1.50   10       0        423305      58053.30    0.00        58053.30   
  4        2021418      1        9        735427       1.90   11       0        420669      66857.00    0.00        66857.00   
  5        2012619      1        7        641502       1.65   10       10       412852      64150.20    64150.20    0.00       
  6        2803760      1        3        703094       1.81   19       0        402394      37004.95    0.00        37004.95   
  7        2023627      1        3        960402       2.48   72       0        392602      13338.92    0.00        13338.92   
  8        2008118      1        3        533623       1.38   55       0        384367      9702.24     0.00        9702.24    
  9        2023622      1        3        720236       1.86   124      0        383957      5808.35     0.00        5808.35    
  10       2807682      1        2        471155       1.22   11       0        274589      42832.27    0.00        42832.27   
  11       2017456      1        3        482346       1.24   11       0        118397      43849.64    0.00        43849.64   
  12       2821471      1        2        355483       0.92   11       0        83141       32316.64    0.00        32316.64   
  13       2811905      1        3        468874       1.21   11       0        75691       42624.91    0.00        42624.91   
  14       2816328      1        5        72993        0.19   1        0        72993       72993.00    0.00        72993.00   
  15       2016706      1        20       436870       1.13   11       0        67592       39715.45    0.00        39715.45   
  16       2805348      1        4        495228       1.28   10       0        65982       49522.80    0.00        49522.80   
  17       2816931      1        3        62249        0.16   1        0        62249       62249.00    0.00        62249.00   
  18       2021073      1        2        61352        0.16   1        1        61352       61352.00    61352.00    0.00       
  19       2017948      1        2        358440       0.92   11       0        61351       32585.45    0.00        32585.45   
  20       2014442      1        6        455373       1.17   11       0        59490       41397.55    0.00        41397.55   
  21       2816909      1        2        59472        0.15   1        0        59472       59472.00    0.00        59472.00   
  22       2810055      1        2        110678       0.29   20       0        58434       5533.90     0.00        5533.90    
  23       2816910      1        2        53993        0.14   1        0        53993       53993.00    0.00        53993.00   
  24       2816669      1        4        53652        0.14   1        0        53652       53652.00    0.00        53652.00   
  25       2816394      1        2        53000        0.14   1        0        53000       53000.00    0.00        53000.00   
  26       2017076      1        9        404586       1.04   11       0        52432       36780.55    0.00        36780.55   
  27       2816927      1        3        52042        0.13   1        0        52042       52042.00    0.00        52042.00   
  28       2020963      1        2        338438       0.87   11       0        51952       30767.09    0.00        30767.09   
  29       2815568      1        2        374468       0.97   11       0        51283       34042.55    0.00        34042.55   
  30       2821615      1        2        332052       0.86   11       0        50960       30186.55    0.00        30186.55   
  31       2806068      1        2        349669       0.90   11       0        50927       31788.09    0.00        31788.09   
  32       2824910      1        2        378954       0.98   11       0        50724       34450.36    0.00        34450.36   
  33       2021718      1        4        357922       0.92   11       0        48440       32538.36    0.00        32538.36   
  34       2016809      1        5        383586       0.99   11       0        48101       34871.45    0.00        34871.45   
  35       2017036      1        3        394633       1.02   11       0        47458       35875.73    0.00        35875.73   
  36       2816925      1        3        46690        0.12   1        0        46690       46690.00    0.00        46690.00   
  37       2815181      1        3        327681       0.85   11       0        46127       29789.18    0.00        29789.18   
  38       2828986      1        2        352283       0.91   11       0        45697       32025.73    0.00        32025.73   
  39       2816922      1        5        45612        0.12   1        0        45612       45612.00    0.00        45612.00   
  40       2017454      1        12       386285       1.00   11       0        45080       35116.82    0.00        35116.82   
  41       2024771      1        1        278394       0.72   10       0        44767       27839.40    0.00        27839.40   
  42       2813027      1        3        338286       0.87   11       0        44763       30753.27    0.00        30753.27   
  43       2809511      1        4        255389       0.66   11       0        44483       23217.18    0.00        23217.18   
  44       2025064      1        5        44124        0.11   1        0        44124       44124.00    0.00        44124.00   
  45       2826256      1        2        294437       0.76   11       0        44043       26767.00    0.00        26767.00   
  46       2020962      1        3        317237       0.82   11       0        43549       28839.73    0.00        28839.73   
  47       2816928      1        3        42872        0.11   1        0        42872       42872.00    0.00        42872.00   
  48       2019378      1        12       332031       0.86   11       0        42845       30184.64    0.00        30184.64   
  49       2811826      1        7        365509       0.94   11       0        42803       33228.09    0.00        33228.09   
  50       2829848      1        2        338869       0.87   11       0        42770       30806.27    0.00        30806.27   
  51       2809363      1        3        333317       0.86   11       0        42763       30301.55    0.00        30301.55   
  52       2016759      1        1        389370       1.00   10       0        42704       38937.00    0.00        38937.00   
  53       2820680      1        3        217817       0.56   10       0        42435       21781.70    0.00        21781.70   
  54       2017552      1        6        345602       0.89   13       0        41771       26584.77    0.00        26584.77   
  55       2807440      1        3        316074       0.82   11       0        41126       28734.00    0.00        28734.00   
  56       2816710      1        2        301749       0.78   11       0        40741       27431.73    0.00        27431.73   
  57       2815156      1        2        307912       0.79   11       0        40147       27992.00    0.00        27992.00   
  58       2828008      1        2        291552       0.75   11       0        39888       26504.73    0.00        26504.73   
  59       2815220      1        2        276352       0.71   11       0        39809       25122.91    0.00        25122.91   
  60       2022901      1        2        307273       0.79   11       0        39695       27933.91    0.00        27933.91   
  61       2017119      1        4        352543       0.91   11       0        39694       32049.36    0.00        32049.36   
  62       2102523      1        8        69753        0.18   11       0        39279       6341.18     0.00        6341.18    
  63       2806873      1        4        296183       0.76   10       0        39277       29618.30    0.00        29618.30   
  64       2021413      1        2        313397       0.81   11       0        38772       28490.64    0.00        28490.64   
  65       2807793      1        4        305011       0.79   11       0        38409       27728.27    0.00        27728.27   
  66       2010140      1        7        575075       1.48   112      0        37694       5134.60     0.00        5134.60    
  67       2014701      1        12       457467       1.18   38       0        37275       12038.61    0.00        12038.61   
  68       2828060      1        4        295056       0.76   11       0        37015       26823.27    0.00        26823.27   
  69       2815180      1        3        332010       0.86   11       0        36249       30182.73    0.00        30182.73   
  70       2821561      1        2        35040        0.09   1        0        35040       35040.00    0.00        35040.00   
  71       2821569      1        7        251650       0.65   11       0        35030       22877.27    0.00        22877.27   
  72       2015877      1        6        330709       0.85   11       0        34832       30064.45    0.00        30064.45   
  73       2823858      1        3        298126       0.77   11       0        34828       27102.36    0.00        27102.36   
  74       2816165      1        5        251082       0.65   11       0        33548       22825.64    0.00        22825.64   
  75       2020964      1        2        290853       0.75   11       0        33364       26441.18    0.00        26441.18   
  76       2815182      1        3        312460       0.81   11       0        33244       28405.45    0.00        28405.45   
  77       2816668      1        3        228508       0.59   11       0        33003       20773.45    0.00        20773.45   
  78       2824220      1        3        247925       0.64   11       0        32815       22538.64    0.00        22538.64   
  79       2822633      1        3        232570       0.60   11       0        32084       21142.73    0.00        21142.73   
  80       2014967      1        3        234965       0.61   11       0        32080       21360.45    0.00        21360.45   
  81       2827279      1        5        287987       0.74   11       0        31774       26180.64    0.00        26180.64   
  82       2014844      1        3        286704       0.74   11       0        31758       26064.00    0.00        26064.00   
  83       2017261      1        3        295836       0.76   11       0        31620       26894.18    0.00        26894.18   
  84       2816327      1        4        31559        0.08   1        0        31559       31559.00    0.00        31559.00   
  85       2827610      1        1        298693       0.77   11       0        31507       27153.91    0.00        27153.91   
  86       2812433      1        2        291238       0.75   11       0        31020       26476.18    0.00        26476.18   
  87       2008377      1        5        296461       0.76   11       0        30699       26951.00    0.00        26951.00   
  88       2019094      1        5        299386       0.77   11       0        30673       27216.91    0.00        27216.91   
  89       2021399      1        3        285251       0.74   11       0        30459       25931.91    0.00        25931.91   
  90       2815817      1        5        30220        0.08   1        0        30220       30220.00    0.00        30220.00   
  91       2816940      1        2        30169        0.08   1        0        30169       30169.00    0.00        30169.00   
  92       2830613      1        2        273629       0.71   10       0        30038       27362.90    0.00        27362.90   
  93       2807970      1        8        294413       0.76   11       0        29786       26764.82    0.00        26764.82   
  94       2820851      1        5        29367        0.08   1        0        29367       29367.00    0.00        29367.00   
  95       2020181      1        8        287978       0.74   11       0        29338       26179.82    0.00        26179.82   
  96       2816525      1        10       29277        0.08   1        0        29277       29277.00    0.00        29277.00   
  97       2022203      1        2        29155        0.08   1        0        29155       29155.00    0.00        29155.00   
  98       2816526      1        13       28927        0.07   1        0        28927       28927.00    0.00        28927.00   
  99       2816924      1        4        27940        0.07   1        0        27940       27940.00    0.00        27940.00   
  100      2017264      1        2        277663       0.72   11       0        27605       25242.09    0.00        25242.09   
  101      2819673      1        4        27249        0.07   1        0        27249       27249.00    0.00        27249.00   
  102      2024606      1        2        277851       0.72   11       0        27164       25259.18    0.00        25259.18   
  103      2815824      1        2        53411        0.14   11       0        27083       4855.55     0.00        4855.55    
  104      2816930      1        4        26910        0.07   1        0        26910       26910.00    0.00        26910.00   
  105      2816929      1        4        26843        0.07   1        0        26843       26843.00    0.00        26843.00   
  106      2014703      1        9        343167       0.89   38       0        26681       9030.71     0.00        9030.71    
  107      2815886      1        2        25742        0.07   1        0        25742       25742.00    0.00        25742.00   
  108      2022502      1        4        213997       0.55   10       0        25571       21399.70    0.00        21399.70   
  109      2009702      1        5        433238       1.12   38       0        23972       11401.00    0.00        11401.00   
  110      2804626      1        9        225214       0.58   11       0        23815       20474.00    0.00        20474.00   
  111      2023620      1        3        244236       0.63   79       0        23482       3091.59     0.00        3091.59    
  112      2802876      1        3        50148        0.13   11       0        23475       4558.91     0.00        4558.91    
  113      2023617      1        3        140622       0.36   46       0        23462       3057.00     0.00        3057.00    
  114      2012612      1        16       23198        0.06   1        0        23198       23198.00    0.00        23198.00   
  115      2010143      1        3        444006       1.15   112      0        22976       3964.34     0.00        3964.34    
  116      2820273      1        3        198075       0.51   10       0        22720       19807.50    0.00        19807.50   
  117      2830036      1        1        224244       0.58   11       0        22689       20385.82    0.00        20385.82   
  118      2828190      1        2        22515        0.06   1        0        22515       22515.00    0.00        22515.00   
  119      2012707      1        5        22376        0.06   1        0        22376       22376.00    0.00        22376.00   
  120      2802881      1        3        21924        0.06   1        0        21924       21924.00    0.00        21924.00   
  121      2816857      1        2        21732        0.06   1        0        21732       21732.00    0.00        21732.00   
  122      2816899      1        2        210530       0.54   11       0        20946       19139.09    0.00        19139.09   
  123      2018793      1        4        215358       0.56   11       0        20926       19578.00    0.00        19578.00   
  124      2806659      1        4        20922        0.05   1        0        20922       20922.00    0.00        20922.00   
  125      2023624      1        3        22

This file has been truncated. Go here to download in full.


unified2.alert.1554205877 - (4376 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
4\zÕsùrµËÀ¨8mJRÆýÀP#\zÕs\zÕsùrEù¯šÀ¨8mJRÆýÀPP½NGET /index.php?3b3976=mNjf0tXm1J2a1tS2yczh0ZLOl9Ki2dipmZKll5dhqZWqwtDQy52ZkKKdptfTlcLVmWRgqpid HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zÕxSµËÀ¨8mJRÆýÀPu\zÕx\zÕxSYEK¯HÀ¨8mJRÆýÀPPGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zՀŠ°µËÀ¨8mJRÆýÀPu\zՀ\zՀŠ°YEK¯HÀ¨8mJRÆýÀPPwGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zՈe%µËÀ¨8mJRÆýÀ#Pu\zՈ\zՈe%YEK¯HÀ¨8mJRÆýÀ#PPsGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zՐÝïµËÀ¨8mJRÆýÀ-P…\zՐ\zՐÝïiE[¯8À¨8mJRÆýÀ-PPèWGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7HyqWj4bTezdDP3NG5fpzI1deW2NXgolee2sa2h%2BDXzamYVNvO2LLVx5qplmJg15WxlJzPzs7DX6bHqK2ixsSlxpJipJSyl48%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zՖ̎µËÀ¨8mJRÆýÀ/P…\zՖ\zՖ̎iE[¯8À¨8mJRÆýÀ/PPèUGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7HyqWj4bTezdDP3NG5fpzI1deW2NXgolee2sa2h%2BDXzamYVNvO2LLVx5qplmJg15WxlJzPzs7DX6bHqK2ixsSlxpJipJSyl48%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\z՜ìܵËÀ¨8mJRÆýÀ1P…\z՜\z՜ìÜiE[¯8À¨8mJRÆýÀ1PPèSGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7HyqWj4bTezdDP3NG5fpzI1deW2NXgolee2sa2h%2BDXzamYVNvO2LLVx5qplmJg15WxlJzPzs7DX6bHqK2ixsSlxpJipJSyl48%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4\zÕ£°ÍµËÀ¨8mJRÆýÀ=Pu\zÕ£\zÕ£°ÍYEK¯HÀ¨8mJRÆýÀ=PPYGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4	\zÕªu2µËÀ¨8mJRÆýÀ?Pu	\zÕª\zÕªu2YEK¯HÀ¨8mJRÆýÀ?PPWGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net

4
\zÕ°r.µËÀ¨8mJRÆýÀBPu
\zÕ°\zÕ°r.YEK¯HÀ¨8mJRÆýÀBPPTGET /index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D HTTP/1.0
User-Agent: Mozilla/3.0
Accept: text/html, */*
Connection: Keep-Alive
Host: update1.qbyaknila.net


stats.log - (2919 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 4/2/2019 -- 11:51:18 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 311
decoder.bytes                              | Total                     | 33344
decoder.ipv4                               | Total                     | 290
decoder.ethernet                           | Total                     | 311
decoder.tcp                                | Total                     | 152
decoder.udp                                | Total                     | 124
decoder.avg_pkt_size                       | Total                     | 107
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 23
flow.udp                                   | Total                     | 27
tcp.sessions                               | Total                     | 23
tcp.syn                                    | Total                     | 47
tcp.synack                                 | Total                     | 11
tcp.rst                                    | Total                     | 43
detect.alert                               | Total                     | 10
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 11
app_layer.tx.http                          | Total                     | 11
app_layer.flow.dns_udp                     | Total                     | 19
app_layer.tx.dns_udp                       | Total                     | 19
app_layer.flow.failed_udp                  | Total                     | 8
flow.spare                                 | Total                     | 9997
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076032


eve.json - (29912 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-03-02T19:11:45.863315+0000","flow_id":1527856592137299,"pcap_cnt":66,"event_type":"dns","src_ip":"192.168.56.109","src_port":52094,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43239,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:46.128514+0000","flow_id":1527856592137299,"pcap_cnt":67,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":52094,"proto":"UDP","dns":{"type":"answer","id":43239,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:46.726355+0000","flow_id":175264016504147,"pcap_cnt":78,"event_type":"dns","src_ip":"192.168.56.109","src_port":63076,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26971,"rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:47.000513+0000","flow_id":175264016504147,"pcap_cnt":86,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":63076,"proto":"UDP","dns":{"type":"answer","id":26971,"rcode":"NOERROR","rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:47.260466+0000","flow_id":235767220817879,"pcap_cnt":98,"event_type":"alert","src_ip":"192.168.56.109","src_port":49166,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:11:47.260466+0000","flow_id":235767220817879,"pcap_cnt":98,"event_type":"http","src_ip":"192.168.56.109","src_port":49166,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2yczh0ZLOl9Ki2dipmZKll5dhqZWqwtDQy52ZkKKdptfTlcLVmWRgqpid","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:11:47.364860+0000","flow_id":2209257448771900,"pcap_cnt":100,"event_type":"dns","src_ip":"192.168.56.109","src_port":61896,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15870,"rrname":"253.198.82.74.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:47.365803+0000","flow_id":1452810628732139,"pcap_cnt":101,"event_type":"dns","src_ip":"192.168.56.109","src_port":64417,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23133,"rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:47.366370+0000","flow_id":2148337632646946,"pcap_cnt":102,"event_type":"dns","src_ip":"192.168.56.109","src_port":60958,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49916,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:47.634381+0000","flow_id":2148337632646946,"pcap_cnt":106,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":60958,"proto":"UDP","dns":{"type":"answer","id":49916,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:47.645202+0000","flow_id":1452810628732139,"pcap_cnt":107,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":64417,"proto":"UDP","dns":{"type":"answer","id":23133,"rcode":"NOERROR","rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:47.798548+0000","flow_id":2209257448771900,"pcap_cnt":111,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":61896,"proto":"UDP","dns":{"type":"answer","id":15870,"rcode":"NOERROR","rrname":"253.198.82.74.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:47.813892+0000","flow_id":2145146471942231,"pcap_cnt":115,"event_type":"http","src_ip":"192.168.56.109","src_port":49168,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"74.82.198.253","url":"\/index.php?3b3976=V5qjnKyknZ2lnaBvnZSqnFSlm5JunptnZ2ZkaZphcGVfkp6akGNtlWtsYJqVX5KabGFkbmlb","http_user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 5.1; en;)","http_content_type":"text\/html"}}
{"timestamp":"2019-03-02T19:11:48.795324+0000","flow_id":1116003588383420,"pcap_cnt":122,"event_type":"dns","src_ip":"192.168.56.109","src_port":57848,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47077,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:49.063693+0000","flow_id":1116003588383420,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":57848,"proto":"UDP","dns":{"type":"answer","id":47077,"rcode":"NOERROR","rrname":"102.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:52.395347+0000","flow_id":699361696172589,"pcap_cnt":149,"event_type":"alert","src_ip":"192.168.56.109","src_port":49173,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:11:52.395347+0000","flow_id":699361696172589,"pcap_cnt":149,"event_type":"http","src_ip":"192.168.56.109","src_port":49173,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:11:53.794382+0000","flow_id":2238128219299598,"pcap_cnt":156,"event_type":"dns","src_ip":"192.168.56.109","src_port":52125,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22295,"rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:53.796849+0000","flow_id":878998703384753,"pcap_cnt":157,"event_type":"dns","src_ip":"192.168.56.109","src_port":49234,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24224,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:54.063772+0000","flow_id":878998703384753,"pcap_cnt":161,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":49234,"proto":"UDP","dns":{"type":"answer","id":24224,"rcode":"NOERROR","rrname":"112.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:54.075574+0000","flow_id":2238128219299598,"pcap_cnt":162,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":52125,"proto":"UDP","dns":{"type":"answer","id":22295,"rcode":"NOERROR","rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:11:58.798014+0000","flow_id":1459789951282494,"pcap_cnt":165,"event_type":"dns","src_ip":"192.168.56.109","src_port":49398,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21490,"rrname":"f.0.7.f.3.f.5.9.6.c.2.9.a.c.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:11:59.071302+0000","flow_id":1459789951282494,"pcap_cnt":166,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":49398,"proto":"UDP","dns":{"type":"answer","id":21490,"rcode":"NOERROR","rrname":"f.0.7.f.3.f.5.9.6.c.2.9.a.c.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:00.428720+0000","flow_id":590814988253573,"pcap_cnt":174,"event_type":"alert","src_ip":"192.168.56.109","src_port":49183,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:12:00.428720+0000","flow_id":590814988253573,"pcap_cnt":174,"event_type":"http","src_ip":"192.168.56.109","src_port":49183,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:12:03.794508+0000","flow_id":1322054645391244,"pcap_cnt":181,"event_type":"dns","src_ip":"192.168.56.109","src_port":62326,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36471,"rrname":"7.7.6.8.b.5.2.b.3.c.b.3.4.9.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:03.794938+0000","flow_id":1039389962740026,"pcap_cnt":182,"event_type":"dns","src_ip":"192.168.56.109","src_port":58752,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64976,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:04.060295+0000","flow_id":1039389962740026,"pcap_cnt":183,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":58752,"proto":"UDP","dns":{"type":"answer","id":64976,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:04.066513+0000","flow_id":1322054645391244,"pcap_cnt":184,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":62326,"proto":"UDP","dns":{"type":"answer","id":36471,"rcode":"NOERROR","rrname":"7.7.6.8.b.5.2.b.3.c.b.3.4.9.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:07.794069+0000","flow_id":2147981151641045,"pcap_cnt":185,"event_type":"dns","src_ip":"192.168.56.109","src_port":52234,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13848,"rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:08.070972+0000","flow_id":2147981151641045,"pcap_cnt":187,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":52234,"proto":"UDP","dns":{"type":"answer","id":13848,"rcode":"NOERROR","rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:08.419109+0000","flow_id":1022871518871737,"pcap_cnt":193,"event_type":"alert","src_ip":"192.168.56.109","src_port":49187,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:12:08.419109+0000","flow_id":1022871518871737,"pcap_cnt":193,"event_type":"http","src_ip":"192.168.56.109","src_port":49187,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7s1Vei5c62h9vXzamHo9fJsayW0crYopaRqpeqkp3UnKSUX8%2FK1tehnMOonWOQ1JPawp%2Bhm6WXUg%3D%3D","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:12:15.815807+0000","flow_id":89905838387903,"pcap_cnt":200,"event_type":"dns","src_ip":"192.168.56.109","src_port":60421,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27474,"rrname":"1.e.4.1.e.a.b.8.8.d.b.8.a.0.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:15.816087+0000","flow_id":1711071309034455,"pcap_cnt":201,"event_type":"dns","src_ip":"192.168.56.109","src_port":57414,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1351,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:16.084271+0000","flow_id":1711071309034455,"pcap_cnt":203,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":57414,"proto":"UDP","dns":{"type":"answer","id":1351,"rcode":"NOERROR","rrname":"113.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:16.088874+0000","flow_id":89905838387903,"pcap_cnt":204,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":60421,"proto":"UDP","dns":{"type":"answer","id":27474,"rcode":"NOERROR","rrname":"1.e.4.1.e.a.b.8.8.d.b.8.a.0.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-02T19:12:16.384495+0000","flow_id":805687908108028,"pcap_cnt":210,"event_type":"alert","src_ip":"192.168.56.109","src_port":49197,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:12:16.384495+0000","flow_id":805687908108028,"pcap_cnt":210,"event_type":"http","src_ip":"192.168.56.109","src_port":49197,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7HyqWj4bTezdDP3NG5fpzI1deW2NXgolee2sa2h%2BDXzamYVNvO2LLVx5qplmJg15WxlJzPzs7DX6bHqK2ixsSlxpJipJSyl48%3D","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:12:22.380046+0000","flow_id":526682537924608,"pcap_cnt":223,"event_type":"alert","src_ip":"192.168.56.109","src_port":49199,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012619,"rev":7,"signature":"ET USER_AGENTS Suspicious User-Agent Mozilla\/3.0","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-02T19:12:22.380046+0000","flow_id":526682537924608,"pcap_cnt":223,"event_type":"http","src_ip":"192.168.56.109","src_port":49199,"dest_ip":"74.82.198.253","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"update1.qbyaknila.net","url":"\/index.php?3b3976=mNjf0tXm1J2a1tS2ztTR29vKnOHZ1eHcydOaxpOQ45%2FMori%2Bj9%2FGouPVyO7gyZ7HyqWj4bTezdDP3NG5fpzI1deW2NXgolee2sa2h%2BDXzamYVNvO2LLVx5qplmJg15WxlJzPzs7DX6bHqK2ixsSlxpJipJSyl48%3D","http_user_agent":"Mozilla\/3.0"}}
{"timestamp":"2019-03-02T19:12:24.795144+0000","flow_id":1553536204153352,"pcap_cnt":230,"event_type":"dns","src_ip":"192.168.56.109","src_port":52594,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53331,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:24.795375+0000","flow_id":168173027992303,"pcap_cnt":231,"event_type":"dns","src_ip":"192.168.56.109","src_port":54915,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11502,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-02T19:12:25.061588+0000","flow_id":168173027992303,"pcap_cnt":232,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.109","dest_port":54915,"proto":"UDP","dns":{"type":"answer","id":11502,"rcode":"NOERROR","rrname"

This file has been truncated. Go here to download in full.


keyword_perf.log - (11550 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/2/2019 -- 11:51:18
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2833616         866             866             58255           3272.00         3272.00         0.00           
  content          4721673         1362            893             33907           3466.00         3534.00         3338.00        
  pcre             2667623         369             5               410091          7229.00         83711.00        6178.00        
  byte_test        512707          175             87              15987           2929.00         2867.00         2991.00        
  byte_jump        29578           10              10              4285            2957.00         2957.00         0.00           
  flowbits         21358           6               1               5933            3559.00         5933.00         3085.00        
  urilen           1188347         307             191             255288          3870.00         3004.00         5297.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2833616         866             866             58255           3272.00         3272.00         0.00           
  flowbits         15425           5               0               4124            3085.00         0.00            3085.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          849675          250             160             26856           3398.00         3327.00         3524.00        
  pcre             467101          13              0               410091          35930.00        0.00            35930.00       
  byte_test        512707          175             87              15987           2929.00         2867.00         2991.00        
  byte_jump        29578           10              10              4285            2957.00         2957.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         5933            1               1               5933            5933.00         5933.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2463635         688             548             33907           3580.00         3595.00         3523.00        
  pcre             2106043         336             4               390679          6267.00         103160.00       5100.00        
  urilen           1188347         307             191             255288          3870.00         3004.00         5297.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3540            1               0               3540            3540.00         0.00            3540.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          54796           20              0               3661            2739.00         0.00            2739.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          724547          200             109             16301           3622.00         3763.00         3454.00        
  pcre             84301           18              1               7845            4683.00         5918.00         4610.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          139521          43              0               4813            3244.00         0.00            3244.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          62257           22              22              3557            2829.00         2829.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31535           10              10              3511            3153.00         3153.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          236077          81              11              4163            2914.00         3180.00         2872.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          80251           25              13              4190            3210.00         3465.00         2933.00        
  pcre             10178           2               0               5472            5089.00         0.00            5089.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          75839           22              20              17968           3447.00         3466.00         3259.00        


IDSDeathBlossom.py.log - (1143 bytes) - download
1
2
3
4
5
6
7
8
2019-04-02 11:50:57,424 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-02 11:50:58,147 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-02 11:50:58,147 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-02 11:50:58,147 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-02 11:50:58,148 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-02 11:50:58,148 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/583716d58c82fb4793339e229ac245b856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04022019.1150-pcap.pcap -vvv -k none
2019-04-02 11:51:18,273 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-02 11:51:18,274 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.858082056