Filename: merged.pcap
Status: Analysis complete
IDS: suricata-3.2
Ruleset: etpro-all
Runtime: 31.5232560635 seconds
Hash: 58408e977582ade6ed1e1efee27c9628
Uploaded: 1538686787

Logfiles


suricata-report-2018-10-04-T-21-00-19-10042018.2048-merged.pcap.txt - (15818 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata32/bin/suricata -c /opt/suricata32/etc/etpro/suricata32-etpro-all.yaml -l /var/www/html/58408e977582ade6ed1e1efee27c9628e65afc3bedcae76de1512a208581b911 -r /var/pcap/10042018.2048-merged.pcap -vvv -k none
elapsedtime:29.945959
stderr:
stdout:
4/10/2018 -- 20:59:49 - <Info> - Configuration node 'rule-files' redefined.
4/10/2018 -- 20:59:49 - <Notice> - This is Suricata version 3.2 RELEASE
4/10/2018 -- 20:59:49 - <Info> - CPUs/cores online: 1
4/10/2018 -- 20:59:49 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
4/10/2018 -- 20:59:49 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
4/10/2018 -- 20:59:49 - <Config> - DNS request flood protection level: 500
4/10/2018 -- 20:59:49 - <Config> - DNS per flow memcap (state-memcap): 524288
4/10/2018 -- 20:59:49 - <Config> - DNS global memcap: 16777216
4/10/2018 -- 20:59:49 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/10/2018 -- 20:59:49 - <Config> - preallocated 1000 defrag trackers of size 168
4/10/2018 -- 20:59:49 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/10/2018 -- 20:59:49 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/10/2018 -- 20:59:49 - <Config> - preallocated 1000 hosts of size 136
4/10/2018 -- 20:59:49 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/10/2018 -- 20:59:49 - <Config> - using magic-file /usr/share/file/magic
4/10/2018 -- 20:59:49 - <Config> - Core dump size is unlimited.
4/10/2018 -- 20:59:49 - <Config> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
4/10/2018 -- 20:59:49 - <Config> - preallocated 10000 flows of size 288
4/10/2018 -- 20:59:49 - <Config> - flow memory usage: 7074304 bytes, maximum: 67108864
4/10/2018 -- 20:59:49 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/10/2018 -- 20:59:49 - <Config> - stream "memcap": 33554432
4/10/2018 -- 20:59:49 - <Config> - stream "midstream" session pickups: disabled
4/10/2018 -- 20:59:49 - <Config> - stream "async-oneside": disabled
4/10/2018 -- 20:59:49 - <Config> - stream "checksum-validation": disabled
4/10/2018 -- 20:59:49 - <Config> - stream."inline": disabled
4/10/2018 -- 20:59:49 - <Config> - stream "bypass": disabled
4/10/2018 -- 20:59:49 - <Config> - stream "max-synack-queued": 5
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "memcap": 134217728
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "depth": 0
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "toserver-chunk-size": 2586
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "toclient-chunk-size": 2598
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly.raw: enabled
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 4, prealloc 256
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 16, prealloc 512
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 112, prealloc 512
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 248, prealloc 512
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 512, prealloc 512
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 768, prealloc 1024
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 1448, prealloc 1024
4/10/2018 -- 20:59:49 - <Config> - segment pool: pktsize 65535, prealloc 128
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "chunk-prealloc": 250
4/10/2018 -- 20:59:49 - <Config> - stream.reassembly "zero-copy-size": 128
4/10/2018 -- 20:59:49 - <Config> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
4/10/2018 -- 20:59:49 - <Config> - preallocated 1000 ippairs of size 136
4/10/2018 -- 20:59:49 - <Config> - ippair memory usage: 398144 bytes, maximum: 16777216
4/10/2018 -- 20:59:49 - <Config> - Delayed detect disabled
4/10/2018 -- 20:59:49 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/10/2018 -- 20:59:49 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/10/2018 -- 20:59:49 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/10/2018 -- 20:59:49 - <Config> - prefilter engines: MPM
4/10/2018 -- 20:59:49 - <Config> - IP reputation disabled
4/10/2018 -- 20:59:49 - <Perf> - Registered 132 keyword profiling counters.
4/10/2018 -- 20:59:49 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-ftp.rules
4/10/2018 -- 20:59:49 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-policy.rules
4/10/2018 -- 20:59:49 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-trojan.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-games.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-pop3.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-user_agents.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-activex.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-rpc.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-attack_response.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-icmp.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-scan.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-voip.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-chat.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-icmp_info.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-info.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-shellcode.rules
4/10/2018 -- 20:59:57 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-web_client.rules
4/10/2018 -- 20:59:58 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-imap.rules
4/10/2018 -- 20:59:58 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-web_server.rules
4/10/2018 -- 20:59:58 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-current_events.rules
4/10/2018 -- 21:00:03 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-inappropriate.rules
4/10/2018 -- 21:00:03 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-smtp.rules
4/10/2018 -- 21:00:03 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-web_specific_apps.rules
4/10/2018 -- 21:00:06 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-deleted.rules
4/10/2018 -- 21:00:06 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-malware.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-snmp.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-worm.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-dns.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-misc.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-sql.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-dos.rules
4/10/2018 -- 21:00:07 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-netbios.rules
4/10/2018 -- 21:00:08 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-telnet.rules
4/10/2018 -- 21:00:08 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-exploit.rules
4/10/2018 -- 21:00:08 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-p2p.rules
4/10/2018 -- 21:00:08 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-tftp.rules
4/10/2018 -- 21:00:08 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-mobile_malware.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-botcc.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-compromised.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-drop.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-dshield.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-tor.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/ET-ciarmy.rules
4/10/2018 -- 21:00:10 - <Config> - Loading rule file: /opt/suricata32/etc/etpro/local.rules
4/10/2018 -- 21:00:10 - <Info> - 44 rule files processed. 39396 rules successfully loaded, 0 rules failed
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for tcp-packet
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for tcp-stream
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for udp-packet
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for other-ip
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_uri
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_request_line
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_client_body
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_response_line
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_header
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_header
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_raw_header
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_raw_header
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_method
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_cookie
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_cookie
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_raw_uri
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_user_agent
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_host
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_raw_host
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_stat_msg
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_stat_code
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for dns_query
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for tls_sni
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for file_data
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for file_data
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_request_line
4/10/2018 -- 21:00:11 - <Perf> - using shared mpm ctx' for http_response_line
4/10/2018 -- 21:00:11 - <Info> - 39401 signatures processed. 1190 are IP-only rules, 15658 are inspecting packet payload, 27301 inspect application layer, 0 are decoder event only
4/10/2018 -- 21:00:11 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/10/2018 -- 21:00:11 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/10/2018 -- 21:00:11 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/10/2018 -- 21:00:11 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/10/2018 -- 21:00:11 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
4/10/2018 -- 21:00:11 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/10/2018 -- 21:00:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/10/2018 -- 21:00:15 - <Perf> - Unique rule groups: 104
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "toclient UDP packet": 17
4/10/2018 -- 21:00:15 - <Perf> - Builtin MPM "other IP packet": 3
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_uri": 15
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_header": 10
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toclient http_header": 6
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_method": 5
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_user_agent": 5
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver http_host": 1
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/10/2018 -- 21:00:15 - <Perf> - AppLayer MPM "toclient file_data": 7
4/10/2018 -- 21:00:18 - <Perf> - Registered 39401 rule profiling counters.
4/10/2018 -- 21:00:18 - <Info> - Threshold config parsed: 0 rule(s) found
4/10/2018 -- 21:00:18 - <Info> - fast output device (regular) initialized: alert
4/10/2018 -- 21:00:18 - <Info> - eve-log output device (regular) initialized: eve.json
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'alert'
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'http'
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'dns'
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'tls'
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'files'
4/10/2018 -- 21:00:18 - <Config> - enabling 'eve-log' module 'ssh'
4/10/2018 -- 21:00:18 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/10/2018 -- 21:00:18 - <Info> - stats output device (regular) initialized: stats.log
4/10/2018 -- 21:00:18 - <Config> - AutoFP mode using "Hash" flow load balancer
4/10/2018 -- 21:00:18 - <Info> - reading pcap file /var/pcap/10042018.2048-merged.pcap
4/10/2018 -- 21:00:18 - <Config> - using 1 flow manager threads
4/10/2018 -- 21:00:18 - <Config> - using 1 flow recycler threads
4/10/2018 -- 21:00:18 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
4/10/2018 -- 21:00:18 - <Info> - pcap file end of file reached (pcap err code 0)
4/10/2018 -- 21:00:18 - <Notice> - Signal Received.  Stopping engine.
4/10/2018 -- 21:00:18 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
4/10/2018 -- 21:00:18 - <Info> - time elapsed 0.136s
4/10/2018 -- 21:00:19 - <Perf> - 129 flows processed
4/10/2018 -- 21:00:19 - <Notice> - Pcap-file module read 511 packets, 51900 bytes
4/10/2018 -- 21:00:19 - <Perf> - AutoFP - Total flow handler queues - 1
4/10/2018 -- 21:00:19 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
4/10/2018 -- 21:00:19 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
4/10/2018 -- 21:00:19 - <Perf> - Dumping profiling data for 39401 rules.
4/10/2018 -- 21:00:19 - <Perf> - Done dumping profiling data.
4/10/2018 -- 21:00:19 - <Perf> - Done dumping keyword profiling data.
4/10/2018 -- 21:00:19 - <Info> - cleaning up signature grouping structure... complete
4/10/2018 -- 21:00:19 - <Perf> - Done dumping profiling data.
returncode:
0errors:
warnings:


unified2.alert.1538686818 - (19240 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
4Zõ‰Ž#³’$À¨¬
¸iÀPaZõ‰ŽZõ‰Ž#³EE7Ô¢À¨¬
¸iÀPP÷­POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœz6–α*žÕ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|óßƎo%Ãû¦#x;\›ä¯€¦#,4Zõ‰Ž#³*ßRÀ¨¬
¸iÀPaZõ‰ŽZõ‰Ž#³EE7Ô¢À¨¬
¸iÀPP÷­POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœz6–α*žÕ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|óßƎo%Ãû¦#x;\›ä¯€¦#,4Zõ‰Ž9’$À¨¬
¸iÀPaZõ‰ŽZõ‰Ž9EE7Ô¢À¨¬
¸iÀPPöªPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœz6–α*žÕ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|óßƎo%Ãû¦#x;\›ä¯€¦#,4Zõ‰Ž9*ßRÀ¨¬
¸iÀPaZõ‰ŽZõ‰Ž9EE7Ô¢À¨¬
¸iÀPPöªPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœz6–α*žÕ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|óßƎo%Ãû¦#x;\›ä¯€¦#,4Z÷#a°Ú’$

¸iÀP`Z÷#aZ÷#a°ÚDE6ªK

¸iÀPPpüPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#a°Ú*ßR

¸iÀP`Z÷#aZ÷#a°ÚDE6ªK

¸iÀPPpüPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#aa®’$

¸iÀP`Z÷#aZ÷#aa®DE6ªK

¸iÀPPoùPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#aa®*ßR

¸iÀP`Z÷#aZ÷#aa®DE6ªK

¸iÀPPoùPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4	Z÷# †É’$

¸iÀP`	Z÷# Z÷# †ÉDE6ªK

¸iÀPPpòPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4
Z÷# †É*ßR

¸iÀP`
Z÷# Z÷# †ÉDE6ªK

¸iÀPPpòPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷# 6Í’$

¸iÀP`Z÷# Z÷# 6ÍDE6ªK

¸iÀPPoïPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷# 6Í*ßR

¸iÀP`Z÷# Z÷# 6ÍDE6ªK

¸iÀPPoïPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4
Z÷#ß²j’$

¸iÀ"P`
Z÷#ßZ÷#ß²jDE6ªK

¸iÀ"PPpèPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#ß²j*ßR

¸iÀ"P`Z÷#ßZ÷#ß²jDE6ªK

¸iÀ"PPpèPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#ß	@z’$

¸iÀ%P`Z÷#ßZ÷#ß	@zDE6ªK

¸iÀ%PPoåPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷#ß	@z*ßR

¸iÀ%P`Z÷#ßZ÷#ß	@zDE6ªK

¸iÀ%PPoåPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$Mí’$

¸iÀ,P`Z÷$Z÷$MíDE6ªK

¸iÀ,PPpÞPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$Mí*ßR

¸iÀ,P`Z÷$Z÷$MíDE6ªK

¸iÀ,PPpÞPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$^)’$

¸iÀ/P`Z÷$Z÷$^)DE6ªK

¸iÀ/PPoÛPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$^)*ßR

¸iÀ/P`Z÷$Z÷$^)DE6ªK

¸iÀ/PPoÛPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$\Ëz’$

¸iÀ6P`Z÷$\Z÷$\ËzDE6ªK

¸iÀ6PPpÔPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$\Ëz*ßR

¸iÀ6P`Z÷$\Z÷$\ËzDE6ªK

¸iÀ6PPpÔPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$\Ý)’$

¸iÀ9P`Z÷$\Z÷$\Ý)DE6ªK

¸iÀ9PPoÑPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Z÷$\Ý)*ßR

¸iÀ9P`Z÷$\Z÷$\Ý)DE6ªK

¸iÀ9PPoÑPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 70
Cache-Control: no-cache
Pragma: no-cache

²y#5ÃäŸt4›Î·)žÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶†»Ñv÷ÞÊq+“îã;s&RÛän4Zû”~.?’$À¨Zg¸iÀPaZû”~Zû”~.?EE7&FÀ¨Zg¸iÀPPPQPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”~.?*ßRÀ¨Zg¸iÀPaZû”~Zû”~.?EE7&FÀ¨Zg¸iÀPPPQPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”~÷’$À¨Zg¸iÀPaZû”~Zû”~÷EE7&FÀ¨Zg¸iÀPPONPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”~÷*ßRÀ¨Zg¸iÀPaZû”~Zû”~÷EE7&FÀ¨Zg¸iÀPPONPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”½!’$À¨Zg¸iÀ PaZû”½Zû”½!EE7&FÀ¨Zg¸iÀ PPPCPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”½!*ßRÀ¨Zg¸iÀ PaZû”½Zû”½!EE7&FÀ¨Zg¸iÀ PPPCPOST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4Zû”½õ´’$À¨Zg¸iÀ#PaZû”½Zû”½õ´EE7&FÀ¨Zg¸iÀ#PPO@POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4 Zû”½õ´*ßRÀ¨Zg¸iÀ#Pa Zû”½Zû”½õ´EE7&FÀ¨Zg¸iÀ#PPO@POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4!Zû”ü<Ð’$À¨Zg¸iÀ*Pa!Zû”üZû”ü<ÐEE7&FÀ¨Zg¸iÀ*PPP9POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4"Zû”ü<Ð*ßRÀ¨Zg¸iÀ*Pa"Zû”üZû”ü<ÐEE7&FÀ¨Zg¸iÀ*PPP9POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow2.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4#Zû”ü>r’$À¨Zg¸iÀ-Pa#Zû”üZû”ü>rEE7&FÀ¨Zg¸iÀ-PPO6POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4$Zû”ü>r*ßRÀ¨Zg¸iÀ-Pa$Zû”üZû”ü>rEE7&FÀ¨Zg¸iÀ-PPO6POST /board/board.php HTTP/1.1
Content-Type: application/octet-stream
Connection: close
User-Agent: Mozilla/4.0
Host: dnswow3.com
Content-Length: 71
Cache-Control: no-cache
Pragma: no-cache

²y#5Ãäœt2—Ì´/šÙ†ÎÉÞe Äis©Ÿå;3ƒkÜΖ‘ÄÈ8JŸ¶„¿Õ|ñÞŎn%Ãû¦#x;\›ä¯€¦#,4%[žäË€Õ’$À¨g¸iÀÀP%[žäË[žäË€ÕþEð{À¨g¸iÀÀPPÍPOST /board/board.php HTTP/1.1
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0
Content-Length: 73
Host: dnswow2.com

›%[žäË[žäË€ÕEq|À¨g¸iÀÀPPù>²y#5Ãäœz7–ĵ.™Ð†ÎÉÞe Äis©Ÿå;3ƒkÜƟÅÜ#
Üø\•·Õ|öÔÀŽd9Ò¥ãs%(JˆªïÀþ1kò&4&[žäË€Õ*ßRÀ¨g¸iÀÀP&[žäË[žäË€ÕþEð{À¨g¸iÀÀPPÍPOST /board/board.php HTTP/1.1
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0
Content-Length: 73
Host: dnswow2.com

›&[žäË[žäË€ÕEq|À¨g¸iÀÀPPù>²y#5Ãäœz7–ĵ.™Ð†ÎÉÞe Äis©Ÿå;3ƒkÜƟÅÜ#
Üø\•·Õ|öÔÀŽd9Ò¥ãs%(JˆªïÀþ1kò&4'[žäÐ>Ë’$À¨g¸iÀÀP'[žäÐ[žäÐ>ËþEð{À¨g¸iÀÀPPËPOST /board/board.php HTTP/1.1
Cache-Control: no-cache
Connection: clo

This file has been truncated. Go here to download in full.


packet_stats.log - (10455 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           314           385872      259214200     157131458         49.3b   56.42
 IPv4      17           219          9135944      254702204     156611453         34.3b   39.22
 IPv4     256            44           385872      249763508      86803556          3.8b    4.37
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           292            68348       15266156        574458        167.7m   52.33
TMM_FLOWWORKER              IPv4      17           219           145908        7081140        516680        113.2m   35.30
TMM_RECEIVEPCAPFILE         IPv4       6           292             2904         328516          4437          1.3m    0.40
TMM_RECEIVEPCAPFILE         IPv4      17           219             2916          12428          3345        732.8k    0.23
TMM_DECODEPCAPFILE          IPv4       6           292             2992       19232276        126105         36.8m   11.49
TMM_DECODEPCAPFILE          IPv4      17           219             3024          43488          3517        770.3k    0.24

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           292             3316          33960          4479          1.3m  0.58  
flow                    IPv4      17           219             3192          56720          5671          1.2m  0.55  
stream                  IPv4       6           292             3668        2112656         33276          9.7m  4.33  
app-layer               IPv4      17           219             2832         303800         17859          3.9m  1.74  
detect                  IPv4       6           314            49368       12817696        400353        125.7m  56.04 
detect                  IPv4      17           219           127476        1145948        376424         82.4m  36.75 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            92             3264        1554176         57309          5.3m  79.04 
http                    IPv4      17             4             3404           4652          4340         17.4k  0.26  
dns                     IPv4      17           188             4200         167996          7344          1.4m  20.70 
Proto detect            IPv4       6            55             4368         430052         17423        958.3k
Proto detect            IPv4      17           193             3872         229432          6757          1.3m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            22            41944         176196         69554          1.5m  4.78  
LOGGER_UNIFIED2             IPv4       6            22            41296         152352         64876          1.4m  4.46  
LOGGER_JSON_ALERT           IPv4       6            22           103752         594004        163472          3.6m  11.23 
LOGGER_JSON_DNS             IPv4      17           182            41040        6328840        117278         21.3m  66.63 
LOGGER_JSON_HTTP            IPv4       6            22            43648         531944         73991          1.6m  5.08  
LOGGER_JSON_FILE            IPv4       6            22            61984         797468        113953          2.5m  7.83  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           114             2916         783204         38403         4.4m  20.82 
payload                           IPv4      17           219             4804         379296         24420         5.3m  25.43 
stream                            IPv4       6           114             2832         742408         35812         4.1m  19.42 
http_uri                          IPv4       6            22             8216          27364         13091       288.0k  1.37  
http_client_body                  IPv4       6            22            10680          34576         15855       348.8k  1.66  
http_header (request)             IPv4       6            22            50788         686972        110330         2.4m  11.54 
http_raw_header (request)         IPv4       6            22            11460          56308         16520       363.5k  1.73  
http_method                       IPv4       6            22             5820          37752         12506       275.1k  1.31  
http_cookie (request)             IPv4       6            22             3856           8304          4701       103.4k  0.49  
http_raw_uri                      IPv4       6            22             4832          12100          6380       140.4k  0.67  
http_user_agent                   IPv4       6            22             7848         404736         27653       608.4k  2.89  
http_host                         IPv4       6            22             5016           9016          7023       154.5k  0.73  
dns_query                         IPv4      17            91             3556          45528          6224       566.4k  2.69  
http_header (response)            IPv4       6            22            21412         555536         55466         1.2m  5.80  
http_raw_header (response)        IPv4       6            22             9080          13348         10271       226.0k  1.07  
http_cookie (response)            IPv4       6            22             3424           5860          3902        85.8k  0.41  
http_stat_code                    IPv4       6            22             3560         189560         12920       284.2k  1.35  
file_data (http response)         IPv4       6            22             3388          40652          5762       126.8k  0.60  
Total                             IPv4                   846                                         24855        21.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            66             8132         187304         44289          2.9m  1.17  
PROF_DETECT_IPONLY          IPv4      17           185             4320         399840         44856          8.3m  3.31  
PROF_DETECT_RULES           IPv4       6           314             2820       12739960        261448         82.1m  32.75 
PROF_DETECT_RULES           IPv4      17           219            27740         631760        208610         45.7m  18.23 
PROF_DETECT_STATEFUL        IPv4       6           314             2816        2875716        102289         32.1m  12.81 
PROF_DETECT_STATEFUL        IPv4      17           219             2812          83008         10889          2.4m  0.95  
PROF_DETECT_PREFILTER       IPv4       6           314             8732        1464604         75698         23.8m  9.48  
PROF_DETECT_PREFILTER       IPv4      17           219            28192         416728         62072         13.6m  5.42  
PROF_DETECT_PF_PAYLOAD      IPv4       6           114            15552         797072         84559          9.6m  3.85  
PROF_DETECT_PF_PAYLOAD      IPv4      17           219            10644         385076         30535          6.7m  2.67  
PROF_DETECT_PF_TX           IPv4       6           167             2884        1219592         50478          8.4m  3.36  
PROF_DETECT_PF_TX           IPv4      17            91             9488          53696         13015          1.2m  0.47  
PROF_DETECT_PF_SORT1        IPv4       6           110             2904          38940          5715        628.7k  0.25  
PROF_DETECT_PF_SORT1        IPv4      17           219             2980         175240          5857          1.3m  0.51  
PROF_DETECT_PF_SORT2        IPv4       6           314             2804          90800          4223          1.3m  0.53  
PROF_DETECT_PF_SORT2        IPv4      17           219             2848          45444          4913          1.1m  0.43  
PROF_DETECT_NONMPMLIST      IPv4       6           314             2828          23920          3423          1.1m  0.43  
PROF_DETECT_NONMPMLIST      IPv4      17           219             2848           5932          3364        736.9k  0.29  
PROF_DETECT_ALERT           IPv4       6           314             2808          27520          3458          1.1m  0.43  
PROF_DETECT_ALERT           IPv4      17           219             2812          84044          5160          1.1m  0.45  
PROF_DETECT_CLEANUP         IPv4       6           314             2856          38364          4007          1.3m  0.50  
PROF_DETECT_CLEANUP         IPv4      17           219             2856          50396          4674          1.0m  0.41  
PROF_DETECT_GETSGH          IPv4       6           314             2816          29224          4195          1.3m  0.53  
PROF_DETECT_GETSGH          IPv4      17           219             2920         217704          8683          1.9m  0.76  


suricata-3.2-etpro-all-alert-2018-10-04-T-21-00-19-10042018.2048-merged.pcap.txt - (9312 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
05/11/2018-12:16:14.271283  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.172.10:1038 -> 184.105.192.2:80
05/11/2018-12:16:14.271283  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.172.10:1038 -> 184.105.192.2:80
05/11/2018-12:16:14.793145  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.172.10:1041 -> 184.105.192.2:80
05/11/2018-12:16:14.793145  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.172.10:1041 -> 184.105.192.2:80
05/12/2018-17:24:49.372954  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1038 -> 184.105.192.2:80
05/12/2018-17:24:49.372954  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1038 -> 184.105.192.2:80
05/12/2018-17:24:49.745902  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1041 -> 184.105.192.2:80
05/12/2018-17:24:49.745902  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1041 -> 184.105.192.2:80
05/12/2018-17:25:52.231113  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1048 -> 184.105.192.2:80
05/12/2018-17:25:52.231113  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1048 -> 184.105.192.2:80
05/12/2018-17:25:52.538317  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1051 -> 184.105.192.2:80
05/12/2018-17:25:52.538317  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1051 -> 184.105.192.2:80
05/12/2018-17:26:55.176746  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1058 -> 184.105.192.2:80
05/12/2018-17:26:55.176746  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1058 -> 184.105.192.2:80
05/12/2018-17:26:55.606330  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1061 -> 184.105.192.2:80
05/12/2018-17:26:55.606330  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1061 -> 184.105.192.2:80
05/12/2018-17:27:58.216557  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1068 -> 184.105.192.2:80
05/12/2018-17:27:58.216557  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1068 -> 184.105.192.2:80
05/12/2018-17:27:58.351785  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1071 -> 184.105.192.2:80
05/12/2018-17:27:58.351785  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1071 -> 184.105.192.2:80
05/12/2018-17:29:00.838522  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1078 -> 184.105.192.2:80
05/12/2018-17:29:00.838522  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1078 -> 184.105.192.2:80
05/12/2018-17:29:00.974121  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1081 -> 184.105.192.2:80
05/12/2018-17:29:00.974121  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.141.10:1081 -> 184.105.192.2:80
05/16/2018-02:16:30.208447  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1042 -> 184.105.192.2:80
05/16/2018-02:16:30.208447  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1042 -> 184.105.192.2:80
05/16/2018-02:16:30.786935  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1045 -> 184.105.192.2:80
05/16/2018-02:16:30.786935  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1045 -> 184.105.192.2:80
05/16/2018-02:17:33.525089  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1056 -> 184.105.192.2:80
05/16/2018-02:17:33.525089  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1056 -> 184.105.192.2:80
05/16/2018-02:17:33.783796  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1059 -> 184.105.192.2:80
05/16/2018-02:17:33.783796  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1059 -> 184.105.192.2:80
05/16/2018-02:18:36.277712  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1066 -> 184.105.192.2:80
05/16/2018-02:18:36.277712  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1066 -> 184.105.192.2:80
05/16/2018-02:18:36.409202  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1069 -> 184.105.192.2:80
05/16/2018-02:18:36.409202  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.90.103:1069 -> 184.105.192.2:80
09/16/2018-23:18:35.426197  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49166 -> 184.105.192.2:80
09/16/2018-23:18:35.426197  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49166 -> 184.105.192.2:80
09/16/2018-23:18:40.343755  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49167 -> 184.105.192.2:80
09/16/2018-23:18:40.343755  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49167 -> 184.105.192.2:80
09/16/2018-23:19:43.774670  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49169 -> 184.105.192.2:80
09/16/2018-23:19:43.774670  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49169 -> 184.105.192.2:80
09/16/2018-23:19:44.466620  [**] [1:2003492:29] ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49170 -> 184.105.192.2:80
09/16/2018-23:19:44.466620  [**] [1:2809682:4] ETPRO TROJAN Andromeda/Gamarue Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.103:49170 -> 184.105.192.2:80


stats.log - (2847 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 10/4/2018 -- 21:00:19 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 511
decoder.bytes                              | Total                     | 51900
decoder.ipv4                               | Total                     | 511
decoder.ethernet                           | Total                     | 511
decoder.tcp                                | Total                     | 292
decoder.udp                                | Total                     | 219
decoder.avg_pkt_size                       | Total                     | 101
decoder.max_pkt_size                       | Total                     | 373
tcp.sessions                               | Total                     | 33
tcp.pseudo                                 | Total                     | 22
tcp.syn                                    | Total                     | 33
tcp.synack                                 | Total                     | 33
tcp.rst                                    | Total                     | 29
detect.alert                               | Total                     | 44
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 2
detect.match_list                          | Total                     | 11
app_layer.flow.http                        | Total                     | 22
app_layer.tx.http                          | Total                     | 22
app_layer.flow.dns_udp                     | Total                     | 83
app_layer.tx.dns_udp                       | Total                     | 91
app_layer.flow.failed_udp                  | Total                     | 13
flow.spare                                 | Total                     | 9992
flow_mgr.flows_checked                     | Total                     | 6
flow_mgr.flows_notimeout                   | Total                     | 6
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65530
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 409600
tcp.reassembly_memuse                      | Total                     | 12320544
flow.memuse                                | Total                     | 7075456


eve.json - (123402 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{"timestamp":"2018-05-11T12:16:11.060369+0000","flow_id":1868532124740561,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.172.10","src_port":1030,"dest_ip":"10.55.99.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10328,"rrname":"europe.pool.ntp.org","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"europe.pool.ntp.org","rrtype":"A","ttl":5,"rdata":"93.93.129.102"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"europe.pool.ntp.org","rrtype":"A","ttl":5,"rdata":"147.156.7.50"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"europe.pool.ntp.org","rrtype":"A","ttl":5,"rdata":"195.219.205.9"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"europe.pool.ntp.org","rrtype":"A","ttl":5,"rdata":"5.103.139.163"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"d0.org.afilias-nst.org"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"a2.org.afilias-nst.info"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"b0.org.afilias-nst.org"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"c0.org.afilias-nst.info"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"a0.org.afilias-nst.info"}}
{"timestamp":"2018-05-11T12:16:11.129853+0000","flow_id":1868532124740561,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":10328,"rcode":"NOERROR","rrname":"org","rrtype":"NS","ttl":25976,"rdata":"b2.org.afilias-nst.org"}}
{"timestamp":"2018-05-11T12:16:11.392971+0000","flow_id":1434018873343755,"pcap_cnt":11,"event_type":"dns","src_ip":"192.168.172.10","src_port":1032,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:11.398160+0000","flow_id":1434018873343755,"pcap_cnt":12,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1032,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"microsoft.com","rrtype":"A","ttl":894,"rdata":"191.239.213.197"}}
{"timestamp":"2018-05-11T12:16:11.398160+0000","flow_id":1434018873343755,"pcap_cnt":12,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1032,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"microsoft.com","rrtype":"A","ttl":894,"rdata":"104.40.211.35"}}
{"timestamp":"2018-05-11T12:16:11.398160+0000","flow_id":1434018873343755,"pcap_cnt":12,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1032,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"microsoft.com","rrtype":"A","ttl":894,"rdata":"104.43.195.251"}}
{"timestamp":"2018-05-11T12:16:11.398160+0000","flow_id":1434018873343755,"pcap_cnt":12,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1032,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"microsoft.com","rrtype":"A","ttl":894,"rdata":"23.100.122.175"}}
{"timestamp":"2018-05-11T12:16:11.398160+0000","flow_id":1434018873343755,"pcap_cnt":12,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1032,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"microsoft.com","rrtype":"A","ttl":894,"rdata":"23.96.52.53"}}
{"timestamp":"2018-05-11T12:16:11.510713+0000","flow_id":125265028827897,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.172.10","src_port":1034,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"dnswow.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:11.565915+0000","flow_id":125265028827897,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1034,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NXDOMAIN","rrname":"dnswow.com"}}
{"timestamp":"2018-05-11T12:16:11.565915+0000","flow_id":125265028827897,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1034,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2018-05-11T12:16:11.568151+0000","flow_id":1685102661446487,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.172.10","src_port":1035,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"dnswow.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:11.603507+0000","flow_id":1685102661446487,"pcap_cnt":20,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1035,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NXDOMAIN","rrname":"dnswow.com"}}
{"timestamp":"2018-05-11T12:16:11.603507+0000","flow_id":1685102661446487,"pcap_cnt":20,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1035,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2018-05-11T12:16:11.604420+0000","flow_id":1868532124740561,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.172.10","src_port":1030,"dest_ip":"10.55.99.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52342,"rrname":"dnswow.com","rrtype":"A","tx_id":1}}
{"timestamp":"2018-05-11T12:16:11.639543+0000","flow_id":1868532124740561,"pcap_cnt":23,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":52342,"rcode":"NXDOMAIN","rrname":"dnswow.com"}}
{"timestamp":"2018-05-11T12:16:11.639543+0000","flow_id":1868532124740561,"pcap_cnt":23,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":52342,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":900}}
{"timestamp":"2018-05-11T12:16:13.887587+0000","flow_id":931503404845859,"pcap_cnt":24,"event_type":"dns","src_ip":"192.168.172.10","src_port":1036,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"dnswow2.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:13.903614+0000","flow_id":931503404845859,"pcap_cnt":25,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1036,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"dnswow2.com","rrtype":"A","ttl":21388,"rdata":"184.105.192.2"}}
{"timestamp":"2018-05-11T12:16:13.905244+0000","flow_id":1364384568692764,"pcap_cnt":26,"event_type":"dns","src_ip":"192.168.172.10","src_port":1037,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"dnswow2.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:13.923295+0000","flow_id":1364384568692764,"pcap_cnt":27,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1037,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"dnswow2.com","rrtype":"A","ttl":21134,"rdata":"184.105.192.2"}}
{"timestamp":"2018-05-11T12:16:13.923972+0000","flow_id":1868532124740561,"pcap_cnt":28,"event_type":"dns","src_ip":"192.168.172.10","src_port":1030,"dest_ip":"10.55.99.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20478,"rrname":"dnswow2.com","rrtype":"A","tx_id":2}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"dnswow2.com","rrtype":"A","ttl":20864,"rdata":"184.105.192.2"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"i.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"b.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"h.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"f.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"c.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"m.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"d.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"a.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"e.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"l.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"k.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"j.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.125157+0000","flow_id":1868532124740561,"pcap_cnt":29,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.172.10","dest_port":1030,"proto":"UDP","dns":{"type":"answer","id":20478,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":23743,"rdata":"g.gtld-servers.net"}}
{"timestamp":"2018-05-11T12:16:14.271283+0000","flow_id":2237345261612940,"pcap_cnt":37,"event_type":"alert","src_ip":"192.168.172.10","src_port":1038,"dest_ip":"184.105.192.2","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2003492,"rev":29,"signature":"ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla\/4.0)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-05-11T12:16:14.271283+0000","flow_id":2237345261612940,"pcap_cnt":37,"event_type":"alert","src_ip":"192.168.172.10","src_port":1038,"dest_ip":"184.105.192.2","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2809682,"rev":4,"signature":"ETPRO TROJAN Andromeda\/Gamarue Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-05-11T12:16:14.271283+0000","flow_id":2237345261612940,"pcap_cnt":37,"event_type":"http","src_ip":"192.168.172.10","src_port":1038,"dest_ip":"184.105.192.2","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnswow2.com","url":"\/board\/board.php","http_user_agent":"Mozilla\/4.0"}}
{"timestamp":"2018-05-11T12:16:14.271283+0000","flow_id":2237345261612940,"pcap_cnt":37,"event_type":"fileinfo","src_ip":"192.168.172.10","src_port":1038,"dest_ip":"184.105.192.2","dest_port":80,"proto":"TCP","http":{"hostname":"dnswow2.com","url":"\/board\/board.php","http_user_agent":"Mozilla\/4.0","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/board\/board.php","state":"CLOSED","stored":false,"size":71,"tx_id":0}}
{"timestamp":"2018-05-11T12:16:14.273492+0000","flow_id":1953675556564052,"pcap_cnt":39,"event_type":"dns","src_ip":"192.168.172.10","src_port":1039,"dest_ip":"8.8.4.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":0,"rrname":"dnswow3.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-11T12:16:14.425875+0000","flow_id":1953675556564052,"pcap_cnt":40,"event_type":"dns","src_ip":"8.8.4.4","src_port":53,"dest_ip":"192.168.172.10","dest_port":1039,"proto":"UDP","dns":{"type":"answer","id":0,"rcode":"NOERROR","rrname":"dnswow3.com","rrtype":"A","ttl":21599,"rdata":"184.105.192.2"}}
{"timestamp":"2018-05-11T12:16:14.427780+0000","flow_id":52491103143684,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.172.10","src_port":1040,"dest_ip":"8.8.4.4","dest_

This file has been truncated. Go here to download in full.


keyword_perf.log - (8945 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/4/2018 -- 21:00:19
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6039872         1330            1330            403244          4541.00         4541.00         0.00           
  threshold        219288          24              0               33736           9137.00         0.00            9137.00        
  content          14638560        3268            2090            443828          4479.00         4418.00         4586.00        
  pcre             4790328         711             332             421776          6737.00         7429.00         6131.00        
  byte_test        4417680         1362            885             45824           3243.00         3263.00         3206.00        
  byte_jump        12092           1               1               12092           12092.00        12092.00        0.00           
  isdataat         280748          91              0               4948            3085.00         0.00            3085.00        
  urilen           1157504         330             22              45024           3507.00         3354.00         3518.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6039872         1330            1330            403244          4541.00         4541.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6354716         1615            1038            49580           3934.00         4029.00         3765.00        
  pcre             646552          95              24              75336           6805.00         5512.00         7242.00        
  byte_test        4417680         1362            885             45824           3243.00         3263.00         3206.00        
  byte_jump        12092           1               1               12092           12092.00        12092.00        0.00           
  isdataat         280748          91              0               4948            3085.00         0.00            3085.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3809040         796             462             392416          4785.00         4609.00         5028.00        
  pcre             2351100         330             242             421776          7124.00         7589.00         5846.00        
  urilen           1157504         330             22              45024           3507.00         3354.00         3518.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http client body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          747800          176             0               25436           4248.00         0.00            4248.00        
  pcre             1639556         264             66              155968          6210.00         7539.00         5767.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http headers
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3521108         634             546             443828          5553.00         5001.00         8978.00        
  pcre             153120          22              0               22584           6960.00         0.00            6960.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http raw headers
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          114784          22              22              21336           5217.00         5217.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77684           22              22              4816            3531.00         3531.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns query name
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13428           3               0               5316            4476.00         0.00            4476.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        219288          24              0               33736           9137.00         0.00            9137.00        


suricata-3.2-etpro-all-perf.txt-2018-10-04-T-21-00-19-10042018.2048-merged.pcap.txt - (20543 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 10/4/2018 -- 21:00:19
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2016537      1        2        13375204     12.92  36       0        12692720    371533.44   0.00        371533.44  
  2        2807970      1        7        2084748      2.01   22       0        1243864     94761.27    0.00        94761.27   
  3        2003492      1        29       3796736      3.67   22       22       557788      172578.91   172578.91   0.00       
  4        2021995      1        2        2056400      1.99   22       0        486388      93472.73    0.00        93472.73   
  5        2812034      1        2        1026144      0.99   22       0        467036      46642.91    0.00        46642.91   
  6        2821569      1        6        1302596      1.26   22       0        464472      59208.91    0.00        59208.91   
  7        2019094      1        5        1354636      1.31   22       0        458812      61574.36    0.00        61574.36   
  8        2814990      1        2        1039412      1.00   22       0        458808      47246.00    0.00        47246.00   
  9        2016706      1        20       982140       0.95   22       0        424552      44642.73    0.00        44642.73   
  10       2014029      1        3        981780       0.95   22       0        415016      44626.36    0.00        44626.36   
  11       2816899      1        2        1002272      0.97   22       0        414356      45557.82    0.00        45557.82   
  12       2809547      1        4        863492       0.83   22       0        348848      39249.64    0.00        39249.64   
  13       2809670      1        3        738440       0.71   22       0        230512      33565.45    0.00        33565.45   
  14       2824781      1        3        1438392      1.39   22       0        209108      65381.45    0.00        65381.45   
  15       2015877      1        6        1013148      0.98   22       0        170936      46052.18    0.00        46052.18   
  16       2022543      1        1        1834176      1.77   91       0        169048      20155.78    0.00        20155.78   
  17       2809363      1        3        1084344      1.05   22       0        153584      49288.36    0.00        49288.36   
  18       2819881      1        2        877420       0.85   22       0        149212      39882.73    0.00        39882.73   
  19       2826256      1        2        693128       0.67   22       0        138908      31505.82    0.00        31505.82   
  20       2809682      1        4        1553088      1.50   22       22       113740      70594.91    70594.91    0.00       
  21       2018316      1        4        1056428      1.02   24       0        109112      44017.83    0.00        44017.83   
  22       2805348      1        4        102292       0.10   1        0        102292      102292.00   0.00        102292.00  
  23       2827580      1        7        981496       0.95   22       0        99124       44613.45    0.00        44613.45   
  24       2022901      1        2        1264244      1.22   22       0        98172       57465.64    0.00        57465.64   
  25       2811577      1        2        2605192      2.52   176      24       86252       14802.23    53752.50    8652.18    
  26       2021413      1        2        1046276      1.01   22       0        85368       47558.00    0.00        47558.00   
  27       2017261      1        3        847764       0.82   22       0        83092       38534.73    0.00        38534.73   
  28       2816394      1        2        878460       0.85   22       0        79968       39930.00    0.00        39930.00   
  29       2821471      1        2        931248       0.90   22       0        78080       42329.45    0.00        42329.45   
  30       2807793      1        3        780648       0.75   22       0        77292       35484.00    0.00        35484.00   
  31       2809511      1        3        1330480      1.29   22       0        76996       60476.36    0.00        60476.36   
  32       2812433      1        2        861336       0.83   22       0        71892       39151.64    0.00        39151.64   
  33       2014967      1        3        634364       0.61   22       0        68556       28834.73    0.00        28834.73   
  34       2827279      1        5        826844       0.80   22       0        67760       37583.82    0.00        37583.82   
  35       2017948      1        2        765168       0.74   22       0        67692       34780.36    0.00        34780.36   
  36       2823858      1        3        739448       0.71   22       0        67264       33611.27    0.00        33611.27   
  37       2810487      1        1        84356        0.08   2        0        67000       42178.00    0.00        42178.00   
  38       2024373      1        2        590036       0.57   22       0        64860       26819.82    0.00        26819.82   
  39       2805260      1        4        599364       0.58   22       0        64772       27243.82    0.00        27243.82   
  40       2021418      1        8        961868       0.93   22       0        63392       43721.27    0.00        43721.27   
  41       2810816      1        2        918736       0.89   22       0        62864       41760.73    0.00        41760.73   
  42       2018666      1        4        893704       0.86   24       0        60820       37237.67    0.00        37237.67   
  43       2809356      1        2        551020       0.53   22       0        57680       25046.36    0.00        25046.36   
  44       2803760      1        3        1612872      1.56   91       0        57028       17723.87    0.00        17723.87   
  45       2828008      1        2        879108       0.85   22       0        56936       39959.45    0.00        39959.45   
  46       2014702      1        9        1853808      1.79   188      0        56572       9860.68     0.00        9860.68    
  47       2816165      1        5        588272       0.57   22       0        56124       26739.64    0.00        26739.64   
  48       2025200      1        1        767136       0.74   182      0        55892       4215.03     0.00        4215.03    
  49       2811542      1        1        977564       0.94   27       0        55352       36206.07    0.00        36206.07   
  50       2020741      1        1        829668       0.80   24       0        53464       34569.50    0.00        34569.50   
  51       2811544      1        1        2275192      2.20   176      0        53276       12927.23    0.00        12927.23   
  52       2815886      1        2        669368       0.65   22       0        52244       30425.82    0.00        30425.82   
  53       2020181      1        7        758188       0.73   22       0        52212       34463.09    0.00        34463.09   
  54       2020742      1        1        850508       0.82   24       0        49644       35437.83    0.00        35437.83   
  55       2014701      1        12       2553124      2.47   188      0        47068       13580.45    0.00        13580.45   
  56       2816669      1        3        566368       0.55   22       0        46820       25744.00    0.00        25744.00   
  57       2016223      1        9        637504       0.62   22       0        46572       28977.45    0.00        28977.45   
  58       2806906      1        2        563232       0.54   22       0        46396       25601.45    0.00        25601.45   
  59       2014703      1        9        1853124      1.79   188      0        46112       9857.04     0.00        9857.04    
  60       2009702      1        5        844848       0.82   188      0        45436       4493.87     0.00        4493.87    
  61       2020705      1        4        589012       0.57   22       0        44860       26773.27    0.00        26773.27   
  62       2826281      1        2        1517504      1.47   91       0        44028       16675.87    0.00        16675.87   
  63       2821561      1        2        614364       0.59   22       0        43024       27925.64    0.00        27925.64   
  64       2017552      1        6        1127488      1.09   58       0        42144       19439.45    0.00        19439.45   
  65       2819706      1        3        578612       0.56   22       0        41976       26300.55    0.00        26300.55   
  66       2022679      1        4        640384       0.62   22       0        41316       29108.36    0.00        29108.36   
  67       2021101      1        2        597880       0.58   22       0        40868       27176.36    0.00        27176.36   
  68       2022973      1        1        135560       0.13   6        0        40488       22593.33    0.00        22593.33   
  69       2020683      1        2        568024       0.55   22       0        40460       25819.27    0.00        25819.27   
  70       2019230      1        2        2234096      2.16   176      0        40080       12693.73    0.00        12693.73   
  71       2022689      1        2        583984       0.56   22       0        39912       26544.73    0.00        26544.73   
  72       2010142      1        4        416736       0.40   127      0        39444       3281.39     0.00        3281.39    
  73       2013075      1        8        334008       0.32   91       0        37848       3670.42     0.00        3670.42    
  74       2815568      1        2        506316       0.49   22       0        37752       23014.36    0.00        23014.36   
  75       2806882      1        2        517356       0.50   22       0        36864       23516.18    0.00        23516.18   
  76       2102523      1        8        139816       0.14   33       0        36772       4236.85     0.00        4236.85    
  77       2016819      1        5        534384       0.52   22       0        36716       24290.18    0.00        24290.18   
  78       2820665      1        2        532612       0.51   22       0        36488       24209.64    0.00        24209.64   
  79       2014380      1        4        936920       0.91   44       0        35664       21293.64    0.00        21293.64   
  80       2024606      1        2        530332       0.51   22       0        35052       24106.00    0.00        24106.00   
  81       2810912      1        2        516176       0.50   22       0        33560       23462.55    0.00        23462.55   
  82       2821148      1        4        549268       0.53   22       0        32388       24966.73    0.00        24966.73   
  83       2802822      1        1        157308       0.15   38       0        32376       4139.68     0.00        4139.68    
  84       2016809      1        5        513536       0.50   22       0        32288       23342.55    0.00        23342.55   
  85       2807141      1        2        518372       0.50   22       0        31628       23562.36    0.00        23562.36   
  86       2016178      1        2        40660        0.04   4        0        30428       10165.00    0.00        10165.00   
  87       2023626      1        3        182724       0.18   47       0        30292       3887.74     0.00        3887.74    
  88       2023625      1        3        642424       0.62   178      0        28708       3609.12     0.00        3609.12    
  89       2819828      1        2        82660        0.08   3        0        28520       27553.33    0.00        27553.33   
  90       2824971      1        3        399964       0.39   22       0        27784       18180.18    0.00        18180.18   
  91       2816382      1        1        91220        0.09   22       0        26892       4146.36     0.00        4146.36    
  92       2023624      1        3        736644       0.71   209      0        26696       3524.61     0.00        3524.61    
  93       2008117      1        3        161812       0.16   38       0        26052       4258.21     0.00        4258.21    
  94       2023615      1        3        231144       0.22   66       0        24748       3502.18     0.00        3502.18    
  95       2019074      1        4        95256        0.09   4        0        24692       23814.00    0.00        23814.00   
  96       2023627      1        3        173060       0.17   45       0        24316       3845.78     0.00        3845.78    
  97       2011588      1        21       387540       0.37   22       0        23996       17615.45    0.00        17615.45   
  98       2010143      1        3        454844       0.44   127      0        23384       3581.45     0.00        3581.45    
  99       2023612      1        4        55972        0.05   11       0        21956       5088.36     0.00        5088.36    
  100      2021585      1        3        185248       0.18   44       0        20988       4210.18     0.00        4210.18    
  101      2828877      1        1        163096       0.16   44       0        20272       3706.73     0.00        3706.73    
  102      2100540      1        12       181632       0.18   44       0        19192       4128.00     0.00        4128.00    
  103      2023614      1        3        199692       0.19   58       0        17624       3442.97     0.00        3442.97    
  104      2009243      1        2        237024       0.23   69       0        17588       3435.13     0.00        3435.13    
  105      2828876      1        1        168912       0.16   48       0        6364        3519.00     0.00        3519.00    
  106      2100327      1        10       50956        0.05   12       0        5924        4246.33     0.00        4246.33    
  107      2008120      1        4        603496       0.58   190      0        5844        3176.29     0.00        3176.29    
  108      2810792      1        5        78112        0.08   22       0        5720        3550.55     0.00        3550.55    
  109      2100540      1        12       168384       0.16   44       0        5696        3826.91     0.00        3826.91    
  110      2810793      1        5        84176        0.08   22       0        5684        3826.18     0.00        3826.18    
  111      2013926      1        8        78880        0.08   22       0        5568        3585.45     0.00        3585.45    
  112      2102523      1        8        118844       0.11   33       0        5532        3601.33     0.00        3601.33    
  113      2012287      1        4        80380        0.08   22       0        5508        3653.64     0.00        3653.64    
  114      2021584      1        4        82584        0.08   22       0        5484        3753.82     0.00        3753.82    
  115      2823788      1        4        314868       0.30   91       0        5476        3460.09     0.00        3460.09    
  116      2810795      1        5        19552        0.02   4        0        5368        4888.00     0.00        4888.00    
  117      2102257      1        10       18448        0.02   4        0        5364        4612.00     0.00        4612.00    
  118      2805442      1        2        8276         0.01   2        0        5228        4138.00     0.00        4138.00    
  119      2802823      1        1        124952       0.12   37       0        5212        3377.08     0.00        3377.08    
  120      2012286      1        5        82452        0.08   22       0        5204        3747.82     0.00        3747.82    
  121      2102190      1        5        120404       0.12   36       0        5152        3344.56     0.00        3344.56    
  122      2811445      1        4        79564        0.08   22       0        5080        3616.55     0.00        3616.55    
  123      2815823      1        2        75384        0.07   22       0        5076        3426.55     0.00        3426.55    
  124      2023618      1        3        62988        0.06   20       0        5076        3149.40     0.00        3149.40    
  125      2100518      1        8        37148        0.04   10  

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1141 bytes) - download
1
2
3
4
5
6
7
8
2018-10-04 20:59:48,273 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-10-04 20:59:49,524 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-10-04 20:59:49,525 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.2-etpro-all
2018-10-04 20:59:49,526 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-10-04 20:59:49,526 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-10-04 20:59:49,526 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata32/bin/suricata -c /opt/suricata32/etc/etpro/suricata32-etpro-all.yaml -l /var/www/html/58408e977582ade6ed1e1efee27c9628e65afc3bedcae76de1512a208581b911 -r /var/pcap/10042018.2048-merged.pcap -vvv -k none
2018-10-04 21:00:19,475 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-10-04 21:00:19,476 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 31.2238321304