Filename: 2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 16.5655469894 seconds
Hash: 59994f08e9dd9739c3a9b529ecf997d2
Uploaded: 1575876497

Logfiles


suricata-4.0.0-etopen-all-alert-2019-12-09-T-07-28-34-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (1679381 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
05/18/2017-08:12:07.219861  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49368 -> 192.168.116.138:445
05/18/2017-08:12:07.740322  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49377 -> 192.168.116.143:445
05/18/2017-08:12:08.412324  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49391 -> 192.168.116.150:445
05/18/2017-08:12:10.218660  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49419 -> 192.168.116.138:445
05/18/2017-08:12:10.761739  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49427 -> 192.168.116.143:445
05/18/2017-08:12:11.419541  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49440 -> 192.168.116.150:445
05/18/2017-08:12:11.552893  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49444 -> 192.168.116.172:445
05/18/2017-08:12:13.280501  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49472 -> 192.168.116.138:445
05/18/2017-08:12:13.810264  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:13.890547  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:13.980148  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49480 -> 192.168.116.143:445
05/18/2017-08:12:14.555289  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49496 -> 192.168.116.172:445
05/18/2017-08:12:17.616959  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49608 -> 192.168.116.172:445
05/18/2017-08:12:19.484251  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:49608
05/18/2017-08:12:20.016462  [**] [1:2001569:15] ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.116.149:49667 -> 192.168.116.172:445
05/18/2017-08:12:20.873674  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49690 -> 192.168.116.138:445
05/18/2017-08:12:21.130265  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:49608
05/18/2017-08:12:21.374666  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49700 -> 192.168.116.143:445
05/18/2017-08:12:24.448708  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:24.585532  [**] [1:2024217:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:25.786015  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:26.316396  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:27.462730  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:27.963824  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:49767
05/18/2017-08:12:31.318842  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:31.350832  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:49767 -> 192.168.116.143:445
05/18/2017-08:12:35.364846  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49988 -> 192.168.116.172:445
05/18/2017-08:12:35.364850  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:49989 -> 192.168.116.143:445
05/18/2017-08:12:38.429065  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50069 -> 192.168.116.143:445
05/18/2017-08:12:38.439618  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50069 -> 192.168.116.143:445
05/18/2017-08:12:40.293141  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:41.965190  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:42.119672  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50164 -> 192.168.116.138:445
05/18/2017-08:12:42.150152  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.143:445 -> 192.168.116.149:50069
05/18/2017-08:12:45.180396  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50240 -> 192.168.116.138:445
05/18/2017-08:12:47.047976  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50240
05/18/2017-08:12:48.703788  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50240
05/18/2017-08:12:52.341470  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.149:50240 -> 192.168.116.138:445
05/18/2017-08:12:55.350736  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50522 -> 192.168.116.143:445
05/18/2017-08:12:58.411383  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50610 -> 192.168.116.143:445
05/18/2017-08:12:59.373043  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50642 -> 192.168.116.172:445
05/18/2017-08:13:01.962414  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50725 -> 192.168.116.138:445
05/18/2017-08:13:01.963256  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50725
05/18/2017-08:13:02.455562  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50742 -> 192.168.116.172:445
05/18/2017-08:13:04.302431  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50799 -> 192.168.116.143:445
05/18/2017-08:13:04.394538  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.172:445 -> 192.168.116.149:50742
05/18/2017-08:13:04.972919  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50837 -> 192.168.116.138:445
05/18/2017-08:13:04.973179  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50837
05/18/2017-08:13:04.973952  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.149:50838 -> 192.168.116.138:445
05/18/2017-08:13:04.974146  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.984819  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985001  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985263  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985502  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985595  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.985775  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:04.986049  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011586  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011600  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011613  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011739  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011783  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011794  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011846  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011894  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011908  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.011950  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012005  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012017  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012044  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012054  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012064  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012078  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012088  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012099  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012114  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.149:50838
05/18/2017-08:13:05.012132  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classifi

This file has been truncated. Go here to download in full.


suricata-report-2019-12-09-T-07-28-34-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (18176 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/59994f08e9dd9739c3a9b529ecf997d2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap -vvv -k none
elapsedtime:15.523039
stderr:
stdout:
9/12/2019 -- 07:28:18 - <Info> - Configuration node 'rule-files' redefined.
9/12/2019 -- 07:28:18 - <Notice> - This is Suricata version 4.0.0 RELEASE
9/12/2019 -- 07:28:18 - <Info> - CPUs/cores online: 1
9/12/2019 -- 07:28:18 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31503 and 'request-body-inspect-window' set to 16641 after randomization.
9/12/2019 -- 07:28:18 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33977 and 'response-body-inspect-window' set to 15817 after randomization.
9/12/2019 -- 07:28:18 - <Config> - DNS request flood protection level: 500
9/12/2019 -- 07:28:18 - <Config> - DNS per flow memcap (state-memcap): 524288
9/12/2019 -- 07:28:18 - <Config> - DNS global memcap: 16777216
9/12/2019 -- 07:28:18 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
9/12/2019 -- 07:28:18 - <Config> - preallocated 1000 hosts of size 136
9/12/2019 -- 07:28:18 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
9/12/2019 -- 07:28:18 - <Config> - using magic-file /usr/share/file/magic
9/12/2019 -- 07:28:18 - <Config> - Core dump size is unlimited.
9/12/2019 -- 07:28:18 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
9/12/2019 -- 07:28:18 - <Config> - preallocated 1000 defrag trackers of size 168
9/12/2019 -- 07:28:18 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
9/12/2019 -- 07:28:18 - <Config> - stream "prealloc-sessions": 2048 (per thread)
9/12/2019 -- 07:28:18 - <Config> - stream "memcap": 33554432
9/12/2019 -- 07:28:18 - <Config> - stream "midstream" session pickups: disabled
9/12/2019 -- 07:28:18 - <Config> - stream "async-oneside": disabled
9/12/2019 -- 07:28:18 - <Config> - stream "checksum-validation": disabled
9/12/2019 -- 07:28:18 - <Config> - stream."inline": disabled
9/12/2019 -- 07:28:18 - <Config> - stream "bypass": disabled
9/12/2019 -- 07:28:18 - <Config> - stream "max-synack-queued": 5
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly "memcap": 134217728
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly "depth": 0
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly "toserver-chunk-size": 2500
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly "toclient-chunk-size": 2625
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly.raw: enabled
9/12/2019 -- 07:28:18 - <Config> - stream.reassembly "segment-prealloc": 2048
9/12/2019 -- 07:28:18 - <Config> - Delayed detect disabled
9/12/2019 -- 07:28:18 - <Config> - pattern matchers: MPM: ac, SPM: bm
9/12/2019 -- 07:28:18 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
9/12/2019 -- 07:28:18 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
9/12/2019 -- 07:28:18 - <Config> - prefilter engines: MPM
9/12/2019 -- 07:28:18 - <Config> - IP reputation disabled
9/12/2019 -- 07:28:18 - <Perf> - Registered 148 keyword profiling counters.
9/12/2019 -- 07:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
9/12/2019 -- 07:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
9/12/2019 -- 07:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
9/12/2019 -- 07:28:20 - <Config> - No rules loaded from ET-emerging-icmp.rules.
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
9/12/2019 -- 07:28:20 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
9/12/2019 -- 07:28:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
9/12/2019 -- 07:28:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
9/12/2019 -- 07:28:21 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
9/12/2019 -- 07:28:23 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
9/12/2019 -- 07:28:23 - <Config> - No rules loaded from local.rules.
9/12/2019 -- 07:28:23 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
9/12/2019 -- 07:28:23 - <Info> - Threshold config parsed: 0 rule(s) found
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tcp-packet
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tcp-stream
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for udp-packet
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for other-ip
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_uri
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_request_line
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_client_body
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_response_line
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_header
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_header
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_header_names
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_header_names
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_accept
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_accept_enc
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_accept_lang
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_referer
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_connection
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_content_len
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_content_len
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_content_type
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_content_type
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_protocol
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_protocol
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_start
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_start
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_raw_header
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_raw_header
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_method
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_cookie
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_cookie
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_raw_uri
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_user_agent
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_host
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_raw_host
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_stat_msg
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_stat_code
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for dns_query
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tls_sni
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tls_cert_issuer
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tls_cert_subject
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for tls_cert_serial
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for dce_stub_data
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for dce_stub_data
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for ssh_protocol
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for ssh_protocol
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for ssh_software
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for ssh_software
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for file_data
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for file_data
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_request_line
9/12/2019 -- 07:28:23 - <Perf> - using shared mpm ctx' for http_response_line
9/12/2019 -- 07:28:23 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
9/12/2019 -- 07:28:23 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
9/12/2019 -- 07:28:23 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
9/12/2019 -- 07:28:23 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
9/12/2019 -- 07:28:23 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
9/12/2019 -- 07:28:23 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
9/12/2019 -- 07:28:23 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
9/12/2019 -- 07:28:23 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
9/12/2019 -- 07:28:24 - <Perf> - Unique rule groups: 111
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toserver TCP packet": 31
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toclient TCP packet": 20
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toserver TCP stream": 31
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toclient TCP stream": 21
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toserver UDP packet": 33
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "toclient UDP packet": 15
9/12/2019 -- 07:28:24 - <Perf> - Builtin MPM "other IP packet": 2
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_uri": 8
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_request_line": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_client_body": 6
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_response_line": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_header": 6
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_header": 3
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_header_names": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_accept": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_referer": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_content_len": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_content_type": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_content_type": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_start": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_method": 3
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_cookie": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_cookie": 2
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver http_host": 2
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver dns_query": 4
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver tls_sni": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toserver file_data": 1
9/12/2019 -- 07:28:24 - <Perf> - AppLayer MPM "toclient file_data": 5
9/12/2019 -- 07:28:25 - <Perf> - Registered 18241 rule profiling counters.
9/12/2019 -- 07:28:25 - <Info> - fast output device (regular) initialized: alert
9/12/2019 -- 07:28:25 - <Info> - eve-log output device (regular) initialized: eve.json
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'alert'
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'http'
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'dns'
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'tls'
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'files'
9/12/2019 -- 07:28:25 - <Config> - enabling 'eve-log' module 'ssh'
9/12/2019 -- 07:28:25 - <Info> - Unified2-alert initialized: filename unified2.alert, 

This file has been truncated. Go here to download in full.


packet_stats.log - (19940 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2         65123484      165336624     115230054        230.5m    0.00
 IPv4       2            11        756638930     8411724862    4239888826         46.6b    0.02
 IPv4       6         43596          7572892     8748123542    5854186819     255219.1b   99.45
 IPv4      17           354          2158344     8456983056    1317702100        466.5b    0.18
 IPv6       6           340         13454986     8428691130     732629880        249.1b    0.10
 IPv6      17            91         12432536     8456768216    2147780109        195.4b    0.08
 IPv6      58            92         26909306     8431134840    5020777662        461.9b    0.18
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             2           177842         223332        200587        401.2k    0.00
TMM_FLOWWORKER              IPv4       2            11           113356         130794        121128          1.3m    0.01
TMM_FLOWWORKER              IPv4       6         43596           113452       17774922        367456         16.0b   93.83
TMM_FLOWWORKER              IPv4      17           354           213526       21006656        608758        215.5m    1.26
TMM_RECEIVEPCAPFILE         IPv4       1             2             4740           4774          4757          9.5k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            11             4450           5834          4613         50.7k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6         43295             4420         149216          4846        209.8m    1.23
TMM_RECEIVEPCAPFILE         IPv4      17           354             4432          28964          5000          1.8m    0.01
TMM_DECODEPCAPFILE          IPv4       1             2             5146           6804          5975         11.9k    0.00
TMM_DECODEPCAPFILE          IPv4       2            11             4570           7956          5124         56.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6         43295             4542       14981174          9473        410.2m    2.40
TMM_DECODEPCAPFILE          IPv4      17           354             4566          52682          5207          1.8m    0.01
TMM_FLOWWORKER              IPv6       6           340           114908       15868464        404412        137.5m    0.81
TMM_FLOWWORKER              IPv6      17            91           177534        7587596        398913         36.3m    0.21
TMM_FLOWWORKER              IPv6      58            92           113488         197526        133922         12.3m    0.07
TMM_RECEIVEPCAPFILE         IPv6       6           330             4436          20228          4894          1.6m    0.01
TMM_RECEIVEPCAPFILE         IPv6      17            91             4440          29378          5131        467.0k    0.00
TMM_RECEIVEPCAPFILE         IPv6      58            92             4430           6780          4652        428.0k    0.00
TMM_DECODEPCAPFILE          IPv6       6           330             4560        5351648         21269          7.0m    0.04
TMM_DECODEPCAPFILE          IPv6      17            91             4588          28896          5581        508.0k    0.00
TMM_DECODEPCAPFILE          IPv6      58            92             4572       15321214        171997         15.8m    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             2             5766           6718          6242         12.5k  0.00  
flow                    IPv4       6         43295             4550        7276736          5457        236.3m  1.64  
flow                    IPv4      17           354             4744          50048          6084          2.2m  0.01  
stream                  IPv4       6         43596             4594        2344490         11414        497.6m  3.44  
app-layer               IPv4      17           354             4424       15150086         50043         17.7m  0.12  
detect                  IPv4       1             2           156348         199924        178136        356.3k  0.00  
detect                  IPv4       2            11           104056         121428        111658          1.2m  0.01  
detect                  IPv4       6         43596            76218       17709456        299780         13.1b  90.44 
detect                  IPv4      17           354           185544       20954244        532780        188.6m  1.31  
tcp-prune               IPv4       6         43596             4428       16535282          6038        263.2m  1.82  
flow                    IPv6       6           330             4738          72200          5589          1.8m  0.01  
flow                    IPv6      17            91             4742          27066          6436        585.7k  0.00  
flow                    IPv6      58            92             4740          14912          6003        552.3k  0.00  
stream                  IPv6       6           340             4456         156126         14043          4.8m  0.03  
app-layer               IPv6      17            91             4432          35108         10389        945.4k  0.01  
detect                  IPv6       6           340            77046       15823028        356116        121.1m  0.84  
detect                  IPv6      17            91           149778        7537490        362458         33.0m  0.23  
detect                  IPv6      58            92            95018         176330        112306         10.3m  0.07  
tcp-prune               IPv6       6           340             4406          36674          5115          1.7m  0.01  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6           212             4528          26992          5145          1.1m  51.90 
smb                     IPv4      17            26             4596           7642          5284        137.4k  6.54  
smb2                    IPv4       6           121             4420           5312          4514        546.2k  25.99 
smb2                    IPv4      17            25             4426           4952          4513        112.8k  5.37  
smb                     IPv6       6             6             4554           9820          5691         34.1k  1.62  
smb                     IPv6      17            22             4596           9176          5417        119.2k  5.67  
smb2                    IPv6       6             4             4474           5992          5093         20.4k  0.97  
smb2                    IPv6      17             9             4436           4952          4527         40.7k  1.94  
Proto detect            IPv4       6           228             4504          20838          5034          1.1m
Proto detect            IPv4      17            76             4570          69750          7043        535.3k
Proto detect            IPv6      17            44             4576          24910          6651        292.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6          7860            12022       13180234         22758        178.9m  24.25 
LOGGER_UNIFIED2             IPv4       6          7860            19330        5044604         24654        193.8m  26.28 
LOGGER_JSON_ALERT           IPv4       6          7860            32738        3034098         46416        364.8m  49.47 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             2            16192          51066         33629        67.3k  0.00  
payload                           IPv4       6         33529             4420        9803128         21496       720.8m  48.81 
payload                           IPv4      17           354             4976         296950         20877         7.4m  0.50  
stream                            IPv4       6         33529             4398        7728972         20793       697.2m  47.21 
Total                             IPv4                 67414                                         21144         1.4b
payload                           IPv6       6           282             4446       15556226        150251        42.4m  2.87  
payload                           IPv6      17            91             5042          70822         15103         1.4m  0.09  
payload                           IPv6      58            92             4700          25562          6288       578.5k  0.04  
stream                            IPv6       6           282             4424         980208         24773         7.0m  0.47  
Total                             IPv6                   747                                         68687        51.3m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            24098          27342         25720         51.4k  0.00  
PROF_DETECT_IPONLY          IPv4       2            11            22188          38686         27346        300.8k  0.00  
PROF_DETECT_IPONLY          IPv4       6           641            21754         106988         25888         16.6m  0.12  
PROF_DETECT_IPONLY          IPv4      17            82            22130        6733388        119794          9.8m  0.07  
PROF_DETECT_RULES           IPv4       1             2            15184          20144         17664         35.3k  0.00  
PROF_DETECT_RULES           IPv4       2            11             4422           4484          4442         48.9k  0.00  
PROF_DETECT_RULES           IPv4       6         43596             4408       17437658        145088          6.3b  44.84 
PROF_DETECT_RULES           IPv4      17           354            73130       20667924        367892        130.2m  0.92  
PROF_DETECT_STATEFUL_CONT    IPv4       1             2             4406           6256          5331         10.7k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            11             4434           4728          4623         50.9k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         43596             4392       13159664          6772        295.2m  2.09  
PROF_DETECT_STATEFUL_CONT    IPv4      17           354             4394           7756          4793          1.7m  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6         40710             4434         428056          4774        194.4m  1.38  
PROF_DETECT_PREFILTER       IPv4       1             2            44112          85598         64855        129.7k  0.00  
PROF_DETECT_PREFILTER       IPv4       2            11            13526          15086         14080        154.9k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         43596            13318        9980040         79305          3.5b  24.51 
PROF_DETECT_PREFILTER       IPv4      17           354            41052         358580         60163         21.3m  0.15  
PROF_DETECT_PF_PAYLOAD      IPv4       1             2            25382          60104         42743         85.5k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6         33529            22722        9933640         57785          1.9b  13.74 
PROF_DETECT_PF_PAYLOAD      IPv4      17           354            13882         305898         30098         10.7m  0.08  
PROF_DETECT_PF_TX           IPv4       6         40710             4522        3397344          5139        209.2m  1.48  
PROF_DETECT_PF_SORT1        IPv4       6         28512             4410         433564          5867        167.3m  1.19  
PROF_DETECT_PF_SORT1        IPv4      17           354             4490          37278          5816          2.1m  0.01  
PROF_DETECT_PF_SORT2        IPv4       1             2             4858          11694          8276         16.6k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            11             4406           5094          4608         50.7k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         43596             4396         281186          4851        211.5m  1.50  
PROF_DETECT_PF_SORT2        IPv4      17           354             4440          33812          5036          1.8m  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1             2             4724           7614          6169         12.3k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            11             4626           4726          4676         51.4k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         43596             4404        2465480          5075        221.3m  1.57  
PROF_DETECT_NONMPMLIST      IPv4      17           354             4416          15086          4901          1.7m  0.01  
PROF_DETECT_ALERT           IPv4       1             2             4470           4474          4472          8.9k  0.00  
PROF_DETECT_ALERT           IPv4       2            11             4410           4808          4507         49.6k  0.00  
PROF_DETECT_ALERT           IPv4       6         43596             4400        7081592          5067        220.9m  1.57  
PROF_DETECT_ALERT           IPv4      17           354             4412          26488          4825          1.7m  0.01  
PROF_DETECT_CLEANUP         IPv4       1             2             4810           4992          4901          9.8k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            11             4408          19882          5874         64.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         43596             4436       16682980          5287        230.5m  1.63  
PROF_DETECT_CLEANUP         IPv4      17           354             4402          18206          4848          1.7m  0.01  
PROF_DETECT_GETSGH          IPv4       1             2             5282           5976          5629         11.3k  0.00  
PROF_DETECT_GETSGH          IPv4       2            11             4634           6706          4879         53.7k  0.00  
PROF_DETECT_GETSGH          IPv4       6         43596             4400        1561080          5136        223.9m  1.59  
PROF_DETECT_GETSGH          IPv4      17           354             4416         175454          7832          2.8m  0.02  
PROF_DETECT_IPONLY          IPv6       6            20             4710           6488          5031        100.6k  0.00  
PROF_DETECT_IPONLY          IPv6      17            44             4754          33746          7868        346.2k  0.00  
PROF_DETECT_IPONLY          IPv6      58            45             4706          24956          6684        300.8k  0.00  
PROF_DETECT_RULES           IPv6       6           340             4412        6495838         97019         33.0m  0.23  
PROF_DETECT_RULES           IPv6      17            91            49538         248114        132627         12.1m  0.09  
PROF_DETECT_RULES

This file has been truncated. Go here to download in full.


stats.log - (6944 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
------------------------------------------------------------------------------------
Date: 12/9/2019 -- 07:28:33 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 46654
decoder.bytes                              | Total                     | 37044839
decoder.ipv4                               | Total                     | 43662
decoder.ipv6                               | Total                     | 513
decoder.ethernet                           | Total                     | 46654
decoder.tcp                                | Total                     | 43625
decoder.udp                                | Total                     | 445
decoder.icmpv4                             | Total                     | 2
decoder.icmpv6                             | Total                     | 92
decoder.avg_pkt_size                       | Total                     | 794
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 331
flow.udp                                   | Total                     | 102
flow.icmpv6                                | Total                     | 37
tcp.sessions                               | Total                     | 327
tcp.syn                                    | Total                     | 327
tcp.synack                                 | Total                     | 325
tcp.rst                                    | Total                     | 301
tcp.overlap                                | Total                     | 2
detect.alert                               | Total                     | 5990
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 6
app_layer.flow.smb                         | Total                     | 93
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 102
flow_mgr.closed_pruned                     | Total                     | 5
flow_mgr.new_pruned                        | Total                     | 128
flow_mgr.est_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 75
flow_mgr.flows_notimeout                   | Total                     | 67
flow_mgr.flows_timeout                     | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65462
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 1652736
flow.memuse                                | Total                     | 7171648
------------------------------------------------------------------------------------
Date: 12/9/2019 -- 07:28:34 (uptime: 0d, 00h 00m 09s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 46654
decoder.bytes                              | Total                     | 37044839
decoder.ipv4                               | Total                     | 43662
decoder.ipv6                               | Total                     | 513
decoder.ethernet                           | Total                     | 46654
decoder.tcp                                | Total                     | 43625
decoder.udp                                | Total                     | 445
decoder.icmpv4                             | Total                     | 2
decoder.icmpv6                             | Total                     | 92
decoder.avg_pkt_size                       | Total                     | 794
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 332
flow.udp                                   | Total                     | 120
flow.icmpv6                                | Total                     | 45
tcp.sessions                               | Total                     | 328
tcp.syn                                    | Total                     | 328
tcp.synack                                 | Total                     | 325
tcp.rst                                    | Total                     | 323
tcp.overlap                                | Total                     | 2
detect.alert                               | Total                     | 7860
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 6
app_layer.flow.smb                         | Total                     | 93
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 120
flow_mgr.closed_pruned                     | Total                     | 5
flow_mgr.new_pruned                        | Total                     | 128
flow_mgr.est_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 75
flow_mgr.flows_notimeout                   | Total                     | 67
flow_mgr.flows_timeout                     | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65462
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7171648


eve.json - (3295909 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
{"timestamp":"2017-05-18T08:12:07.219861+0000","flow_id":1568667403235895,"pcap_cnt":1123,"event_type":"alert","src_ip":"192.168.116.149","src_port":49368,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:07.740322+0000","flow_id":1742927111341281,"pcap_cnt":1159,"event_type":"alert","src_ip":"192.168.116.149","src_port":49377,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:08.412324+0000","flow_id":1537163818187790,"pcap_cnt":1197,"event_type":"alert","src_ip":"192.168.116.149","src_port":49391,"dest_ip":"192.168.116.150","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:10.218660+0000","flow_id":2088083568349595,"pcap_cnt":1249,"event_type":"alert","src_ip":"192.168.116.149","src_port":49419,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:10.761739+0000","flow_id":1412944774199625,"pcap_cnt":1274,"event_type":"alert","src_ip":"192.168.116.149","src_port":49427,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:11.419541+0000","flow_id":1641164303983674,"pcap_cnt":1308,"event_type":"alert","src_ip":"192.168.116.149","src_port":49440,"dest_ip":"192.168.116.150","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:11.552893+0000","flow_id":1513573710516099,"pcap_cnt":1334,"event_type":"alert","src_ip":"192.168.116.149","src_port":49444,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:13.280501+0000","flow_id":197844839268854,"pcap_cnt":1385,"event_type":"alert","src_ip":"192.168.116.149","src_port":49472,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:13.810264+0000","flow_id":1865587082761628,"pcap_cnt":1467,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:13.890547+0000","flow_id":1865587082761628,"pcap_cnt":1484,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:13.980148+0000","flow_id":1865587082761628,"pcap_cnt":1530,"event_type":"alert","src_ip":"192.168.116.149","src_port":49480,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:14.555289+0000","flow_id":735941964494132,"pcap_cnt":1565,"event_type":"alert","src_ip":"192.168.116.149","src_port":49496,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:17.616959+0000","flow_id":780813635526366,"pcap_cnt":1872,"event_type":"alert","src_ip":"192.168.116.149","src_port":49608,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:19.484251+0000","flow_id":780813635526366,"pcap_cnt":1971,"event_type":"alert","src_ip":"192.168.116.172","src_port":445,"dest_ip":"192.168.116.149","dest_port":49608,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:20.016462+0000","flow_id":917960531394638,"pcap_cnt":2048,"event_type":"alert","src_ip":"192.168.116.149","src_port":49667,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001569,"rev":15,"signature":"ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection","category":"Misc activity","severity":3}}
{"timestamp":"2017-05-18T08:12:20.873674+0000","flow_id":1122536266158340,"pcap_cnt":2122,"event_type":"alert","src_ip":"192.168.116.149","src_port":49690,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:21.130265+0000","flow_id":780813635526366,"pcap_cnt":2136,"event_type":"alert","src_ip":"192.168.116.172","src_port":445,"dest_ip":"192.168.116.149","dest_port":49608,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:21.374666+0000","flow_id":1273293913305687,"pcap_cnt":2226,"event_type":"alert","src_ip":"192.168.116.149","src_port":49700,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:24.448708+0000","flow_id":930413789319774,"pcap_cnt":2339,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:24.585532+0000","flow_id":930413789319774,"pcap_cnt":2391,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024217,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:25.786015+0000","flow_id":930413789319774,"pcap_cnt":2440,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:26.316396+0000","flow_id":930413789319774,"pcap_cnt":2508,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:27.462730+0000","flow_id":930413789319774,"pcap_cnt":2678,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:27.963824+0000","flow_id":930413789319774,"pcap_cnt":2685,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":49767,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:31.318842+0000","flow_id":930413789319774,"pcap_cnt":2838,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:31.350832+0000","flow_id":930413789319774,"pcap_cnt":2854,"event_type":"alert","src_ip":"192.168.116.149","src_port":49767,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:35.364846+0000","flow_id":1134078991764621,"pcap_cnt":2870,"event_type":"alert","src_ip":"192.168.116.149","src_port":49988,"dest_ip":"192.168.116.172","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:35.364850+0000","flow_id":381212026965360,"pcap_cnt":2871,"event_type":"alert","src_ip":"192.168.116.149","src_port":49989,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:38.429065+0000","flow_id":370208320966148,"pcap_cnt":2898,"event_type":"alert","src_ip":"192.168.116.149","src_port":50069,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:38.439618+0000","flow_id":370208320966148,"pcap_cnt":2900,"event_type":"alert","src_ip":"192.168.116.149","src_port":50069,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:40.293141+0000","flow_id":370208320966148,"pcap_cnt":2976,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:41.965190+0000","flow_id":370208320966148,"pcap_cnt":3164,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:42.119672+0000","flow_id":922090143927830,"pcap_cnt":3178,"event_type":"alert","src_ip":"192.168.116.149","src_port":50164,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:42.150152+0000","flow_id":370208320966148,"pcap_cnt":3186,"event_type":"alert","src_ip":"192.168.116.143","src_port":445,"dest_ip":"192.168.116.149","dest_port":50069,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:45.180396+0000","flow_id":2113013708355878,"pcap_cnt":3396,"event_type":"alert","src_ip":"192.168.116.149","src_port":50240,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:47.047976+0000","flow_id":2113013708355878,"pcap_cnt":3465,"event_type":"alert","src_ip":"192.168.116.138","src_port":445,"dest_ip":"192.168.116.149","dest_port":50240,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:48.703788+0000","flow_id":2113013708355878,"pcap_cnt":3579,"event_type":"alert","src_ip":"192.168.116.138","src_port":445,"dest_ip":"192.168.116.149","dest_port":50240,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:52.341470+0000","flow_id":2113013708355878,"pcap_cnt":3755,"event_type":"alert","src_ip":"192.168.116.149","src_port":50240,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:55.350736+0000","flow_id":1717432188620893,"pcap_cnt":3768,"event_type":"alert","src_ip":"192.168.116.149","src_port":50522,"dest_ip":"192.168.116.143","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:12:58.411383+0000","flow_id":1799474

This file has been truncated. Go here to download in full.


keyword_perf.log - (5659 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/9/2019 -- 07:28:34
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            1562152         321             321             18290           4866.00         4866.00         0.00           
  flow             40986516        8329            8329            75464           4920.00         4920.00         0.00           
  threshold        2182978         365             4               26550           5980.00         5165.00         5989.00        
  content          1408048652      219869          140597          12311544        6404.00         7129.00         5116.00        
  pcre             90196860        13074           7932            13170092        6898.00         5737.00         8690.00        
  byte_test        11903334        2282            645             38030           5216.00         5020.00         5293.00        
  byte_jump        145419620       28748           142             3387470         5058.00         5073.00         5058.00        
  flowbits         1126614         170             170             45350           6627.00         6627.00         0.00           
  byte_extract     4391106         794             794             22934           5530.00         5530.00         0.00           
  asn1             707096          24              0               70826           29462.00        0.00            29462.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            1562152         321             321             18290           4866.00         4866.00         0.00           
  flow             40986516        8329            8329            75464           4920.00         4920.00         0.00           
  flowbits         105616          21              21              6648            5029.00         5029.00         0.00           
  asn1             707096          24              0               70826           29462.00        0.00            29462.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1408048652      219869          140597          12311544        6404.00         7129.00         5116.00        
  pcre             90196860        13074           7932            13170092        6898.00         5737.00         8690.00        
  byte_test        11903334        2282            645             38030           5216.00         5020.00         5293.00        
  byte_jump        145419620       28748           142             3387470         5058.00         5073.00         5058.00        
  byte_extract     4391106         794             794             22934           5530.00         5530.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         1020998         149             149             45350           6852.00         6852.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        2182978         365             4               26550           5980.00         5165.00         5989.00        


unified2.alert.1575876505 - (1510978 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
4YWWZÕ Á	À¨t•À¨tŠÀؽŸYWWYWWZÕƒ»OLØ%³õútEu?@€ÓÀ¨t•À¨tŠÀؽÿs £"1%úPÿW	IÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????4YWWKâ Á	À¨t•À¨tÀá½±YWWYWWK╤r T%³õútE‡S@€¨À¨t•À¨tÀá½ïfìEqOí©Pÿ4Î[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YWXJ¤ Á	À¨t•À¨t–Àï½±YWXYWXJ¤•ƒç:%³õútE‡‚@€rÀ¨t•À¨t–Àï½MüTÄ5Dñ?Pÿ¦[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YWZV$ Â	À¨t•À¨tŠÁ½²YWZYWZV$–»OLØ%³õútEˆ§@€XÀ¨t•À¨tŠÁ½ãGG²P-éPÿec\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWZŸ‹ Â	À¨t•À¨tÁ½²YWZYWZŸ‹–¤r T%³õútEˆ´@€FÀ¨t•À¨tÁ½¶ë†Al¯[¦Pÿº\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YW[fÕ Â	À¨t•À¨t–Á ½²YW[YW[fÕ–ƒç:%³õútEˆÙ@€À¨t•À¨t–Á ½¼PÌ
®]Pÿx«\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YW[o½ Á	À¨t•À¨t¬Á$½±YW[YW[o½•Ä3ÆÝ%³õútE‡æ@€ŒøÀ¨t•À¨t¬Á$½Ü+–dSÑ=Pÿu[ÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????TH_REPLACE__?????4YW]Gµ Â	À¨t•À¨tŠÁ@½®YW]YW]Gµ’»OLØ%³õútE„@€À¨t•À¨tŠÁ@½¨¹t1º´ÉPÿáðXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4	YW]] Â	À¨t•À¨tÁH½®	YW]YW]]’¤r T%³õútE„;@€ŒÃÀ¨t•À¨tÁH½Z«iAÅ»è8Pÿü6XÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4
YW]
–³ãÀ¨t•À¨tÁH½
YW]YW]
–³ê¤r T%³õútEÜF@€‡`À¨t•À¨tÁH½Z«ž„Å»è›PþÛ	5ÿSMB3Àÿþ@	5Ð3GCYPv9lQlkfTV1+aTMUTA0VfaLFyhZq68nTvu6n4pfUV30t9T3TFceGCIx4zTnCQ6S5EjjToosWCxmsltoACAot76+pWFnqcM81lhzddyobk6y7FHmjg68R4aFhZxnGaWE98CXh+wNXxpVQrRWuXsT/exO9Fgq3iJa9YrhsWDVrNddlLhlPZSjd+r7Vb1N42DLbI3TsRC6QTWTCW/u9CZP5OtTLfF5RtGJpRD1w7ATC3MGMEx3ecXVNTq93wT9UOpAdiYhTfRbbGSc3CQYjiZAQeP8+9l+vBMXIVPix9JjXoMpMMNALmtmyPcDktAfCRTNLvWW7/Yr/ZO80z7zqvqhJEEdffn8QkT9e5IWcMjcgV3Gglscqoh41iMXn7hUxI2bGaD2DPEQvGkIM1b/vVlcwQZ5hgqlHRLOCDWdMiIPJOyikWBpc0XExEycIbYGOOlrO1qmrdigNdT1yDJQK0Iv0NrdhqHw2+YH85NqAoCiWHU9cXoGYyaYsAy2tz1FEVsu6ci4R/YbYYSf6bOJo/jNWi/2Cpy6YkwJLe5+AMfbY2EaKnFOiMNs9lrNFzpwbfa7F+K9HYIis1Xtz0A4vXrvJashxkwrYVcchVKnccoXc5Q0mj2emCkx7YyU+DWEhpL705osvQUIkjXM4bmBD/8t5Fa2ByIChQeolaJJ3sDLApsbVoDd+8ZbRGl4964iBIMaHFxSapRYrdlwk29AS3LXPiJBFdQQZXwCOROaz7PZfs086Nt3A8Zq8FKpL6/ALGQDfNi2GdixRe8LNkFWt8ZIy8kzuf9uR6sUivF8FZKwniB9XioG9S0Oe0fHmIG8vPISlcD5hQlRVhnbHFybZAECaqzV97MMKdCi1oIys9aUz7r4H1AqrHiS/FXMyd/EP21A6cM3zGjxyktGoQx0hV3sYvthjyIwQAcUKpgmL+VETTLp8QV8kqV2rrzpqzHgbmgFThT13t6mHf9ELtg8wovtONtS0VBsTCaMSSpDwo5Jo7OayvdM0ZgmSJF3q+QK0avgLv/4CGSWX5CdAY5bVOmiK3URqJGG6MCpTC5MBP8V6IrNOldfEQVMiQQBV0YOvd9UJG/o2DBKOdevpotJOuju2dkTBfStGf0T9V2v763rEQ2Fr8OVR7cGy9e26kP6k1WZJ3F4nBoZc3Oyzavsxmq1paVdYOaRvd0zdjXBCkXrw0oR2vL6QapaV0X7+OBw/jxeTZaj0+joCVdFY5a7G3sJGbn43UA2bwLMyAJSw/LvYI1T7LYM30eQPcikfYEIz63QNgc9c3JX5OEh8sCWMAJlduF/JTWsj4fTSH/aJQDkv0ZJr8cgFe+62RiZI0whnXF1AhBkdoOGbaxwA8BeHxaDX296Z0Tqg8BZXLyw1jS7ZhANKqYFjG/XIT1/p4YW]ô´ãÀ¨t•À¨tÁH½YW]YW]ô´ê¤r T%³õútEÜe@€‡AÀ¨t•À¨tÁH½Z¬@¾Å»è›PþÛØ5ÿSMB3Àÿþ@	5ÐÓjmrDxlSLx+xH5g8FOfE2cTHyOtjqd6S1Y4eiHN6d+BFxS6y2K5pkWQ3XjXsV9dM0uK9CNykc833bluEUu+UndX/LZOidix/C1/kT5iPaQodLnCNRRXwSpGisagFUQ1kPTDE5DaEv7DHh7+cDobnaPw0ZNYYgJISUR/kQ1zLE67rBN2haIl7MRXoEdLSJmrFl79xGu+5mt8gtVP7CYsoceDmfkJymPyZ0d8+N7iXdF3Ji7woeKJqzvE+qBve/a8t90k2E/BhmKM6pOO3bDuts/AM0oL97ChwOvou33qZfkAX0Pzz643jrfILwv/NXeKl+PUr/XwPUDrRolLnRvCy7EgxE3XYWj3YfcPDOQIlpIu9EsLMhqZF/gTrLGXBHoSMaV+lpmMUcnn7DqZ/gQ4ExwCCy8RJ0HtErUtlQFYVto187x1faqQceYawldO8lEeNiT/LQe3Fg+4H40Mu5gDXRx4hkig9OZHIkbw5k3DIYS24tEbLEGZQmJCU9px4pPQFVn6lr3p22oOPIgEjZ65SvMPwyXi8aO2f5AgNNIBC7t7pnSpTJyWas3U9gTo5BDmerdeAh1bDqarM61KCBRfdQ1RVGSazoC/zZZXcEcLO6Moi9Z6gE5duAo0aXrByRwnuuOTV/77KHepFl34nHeW6zSb/TIrRHQBBuQ6EimmWtUsjID+LHKrGxRgFbS0y2937EHPiU2WTFl2sg/jZr95EkGp3mmUP8NAo68Fwi8C/4n+ycc0d2o7OyH76a75h9ofch0u50bz9pOnQVSN/KwyJtkqMNUKf8XaYvwBhXob1RWYrK/IqHPRx7+hcGYAijIzZknS9cMyNkjy9C2ph6AC5TpHqC4i0enEQW9b5kaeBv6+2Puq6DMKCjSPNb982W0lI+2vO48/eaDhIXlKIsquM+mkQe4TF9RLaUopAoCFc3TCiwifMRNkKpwYSnaOwJVeARwQIBqVJDafo+/Mk0eMkYLSYhdkAED+4pyjvBzju4hu70PUKcQ6jNuBAsee1OQybI22YAffbkMtZyUSe9zq4Qa2s6cfxQtp+MUTd+WHLbm+nHOxX8WdP2vwfULRmXdOCFWtOXqNhxPxY1F9rIpEyfg6MVepyqn8QmJo+LHMHDZj7MZpvXuLrgX8lPIrpvrU7viCf4T/wwEZNyVWyLs2UUWe93cLPUU9S0DcsNUlFH5evrsj3lVXXMiEPVzVECa6ugpv9qcnq0tbHAMxTbcB14jvyDLL7yPTQ0pFCW1TkpQrYhACCh11HuTyS3NdXlQ+lUyWFOutUxi9NzaCqsRcl6J789h2y39JwpvXzYUdZKFSSP7gAbUqWFnXe/0168TpB2LdoHagxK6D20YfKOIr6tHhckA6RJGfmQxv9vUltqxuFZaJlausy9JcgA1Lu4YW^y Â	À¨t•À¨t¬ÁX½²YW^YW^y–Ä3ÆÝ%³õútEˆÛ@€ŒÀ¨t•À¨t¬ÁX½
?`.ƒ½Pÿñ¼\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4
YWa	iÿ Â	À¨t•À¨t¬ÁȽ®
YWaYWa	iÿ’Ä3ÆÝ%³õútE„1@€Š°À¨t•À¨t¬ÁȽˆhÏmØÀçPÿ+ýXÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4YWcc›ãÀ¨t¬À¨t•½ÁȇYWcYWcc›k%³õútÄ3ÆÝE]M@€Ž»À¨t¬À¨t•½ÁÈØÀJˆiǑPûcl1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWd@NŠ¡À¨t•À¨t¬Â½^YWdYWd@NBÄ3ÆÝ%³õútE4­@€Š„À¨t•À¨t¬Â½iBDˆ€ rò´4YWd
TÊ Â	À¨t•À¨tŠÂ½²YWdYWd
TÊ–»OLØ%³õútEˆæ@€ŠÀ¨t•À¨tŠÂ½rqQ‚_
pÊPù¦€Ç\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWeüÙãÀ¨t¬À¨t•½ÁȇYWeYWeüÙk%³õútÄ3ÆÝE]{@€ŽÀ¨t¬À¨t•½ÁÈØÀˆiÇÆPûc1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWe·Š Â	À¨t•À¨tÂ$½²YWeYWe·Š–¤r T%³õútEˆ.@€‰ÌÀ¨t•À¨tÂ$½`)7A65ÕPÿjm\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWhØÄ Â	À¨t•À¨tÂg½®YWhYWhØÄ’¤r T%³õútE„Þ@€‰ À¨t•À¨tÂg½;ú{@l)ãPÿ74XÿSMBuÀÿþ@ÿX-\\172.16.99.5\IPC$?????4YWhï<ãÀ¨t•À¨tÂg½YWhYWhï<ê¤r T%³õútEÜ@€ƒ¦À¨t•À¨tÂg½;û&@l*FPþå25ÿSMB3Àÿþ@	5ГD/DXw05uM3nsKZBSrFpwHeVpMmti7+YU8twUxi/fmETh29EoL5zY+hbjAfOhm7hi5Rx2pvGAqquVaFJmRwAIT3by2C9Wxr+nF6B/GvQVstWcvFtl4fODivFcF9UleKLaZrjGi1Vb3LPBVq7I3/PkvGvqiGVbUvij5UE9KbOFH/J/t+l+m6Sj6gyKn6HBgoDLjXfLpHryGK79wEkn/iR6+uL0JwRhihfRQsS5sFe193tX4Tf3r/9Sk6zSLA6AvMUsqU2ndylrj98y2jv1hNBQFIeWeqiomegyny4p6a5bOXVkPo5jvaZzwyTREVVbzvsq16mYPCn00euJ+E8I1OgCnKJ0Ycjipny8TwX6tJ2QvUROtiL+UNkiK847XVv2IQmo7eluLJALJxOnOx09qDvH7ma6Qrc3hI9gm/v+KwVvSSNizjrvPezj/hSaESPbMA8cDFLCiHK3+8Re7QcNdIwruULbvNMYHReW4ik827va2X1tPG5Q4M45z83Viz1HQRU+W/1MLFiunllzvUDqZfdMHpd8XzhbFGLLFQdyiTBJKnQW9QohiJIL2/0wNufrJppomx4hmRpjU+eiJCYoMHENCyLuE5oA6Uc6gORTQiz3Np5Pg6dvV9GX+QydQgSwRWrER7voykEBzV9Gh+zgU9ojACqCuSNvhZYt5ZzVQh/erePCYnH16wvWRTIQEClK8mXKSNAeJL6yWuRpcb1TbyWpw/OZGpWCTeeerYwHdgvxJgF8PGGilDTjtBJObZSAvq9rWdE8C03LC/wp92WIlt6e4RhiwtPC7UgQ+iV4g0sTXIjn71VGijhiWenZNw36R0dZPm0t8uHTMdq/Lrc0Ph+omA4T1LAz21vCMy+MKJBXO2ThykAozvOGs6JCtt40KA1iF8xMS3rZPwUwPsGHH3BkkdE9sCzggb7tkO3uWnoWgv9h92qU1TPNTI24xd7AMpliVrZcAUxL9HmystQHKXx2Jr1LaLXnRrMZs/USmneQd/k8f1rAK6VqKwRsNaecaKTveb0q12gFGo/ONN8r2hYqxKJt7YHupl1DMeZPAdJTG87XnFHT3JdBjdKLsugH1Xwx4BMx3z4FVd8YFTI9syt/MySjeDhxjdM3gFKUjUF2APza3Ee55Mqa7PxGkE9QYt7g2Ps784Y7hxgynQD4IttfsgKt9hkOFexzMmv9jKwMGJFdN4RsqHu/4+AGmpAWblMb78iMLZkhd3IUwJA7f4nERdjVE99CqXCqh4Xuvb8gD16B0qeCsToEGCsZX9ZsdoSqFOVJXR38VLz1Tiw3ERUQfyhKkFtkRfahKoxsdIreCEjsYjCX7xm+CCCS6yG7D0OLmRnP6U9CFR+5I1YU3fUjR9NCPTldOI5VCQ7OXbNTPeSPg/vVd43jGuprhyv4YWiþ_ãÀ¨tÀ¨t•½Âg‡YWiYWiþ_k%³õút¤r TE]SÄ@€<aÀ¨tÀ¨t•½Âg@l*F;û‡ŸPûl£1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWjÓìãÀ¨tÀ¨t•½Âg‡YWjYWjÓìk%³õút¤r TE]SÅ@€<`À¨tÀ¨t•½Âg@l*{;û‡ÔPûn91ÿSMB+˜Àÿþ@JlJmIhClBsr4YWkŠãÀ¨tÀ¨t•½Âg‡YWkYWkŠk%³õút¤r TE]Sö@€</À¨tÀ¨t•½Âg@l*°;ûˆ	PûkÏ1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWk´ðãÀ¨tÀ¨t•½Âg‡YWkYWk´ðk%³õút¤r TE]Sù@€<,À¨tÀ¨t•½Âg@l*å;û˜wPû],1ÿSMB+˜Àÿþ@JlJmIhClBsr4YWoÝzãiÀ¨t•À¨tÂg½#YWoYWoÝzEùKŠÀ¨t•À¨tÂg½Pý¨GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8KgrAP3loQnkmQdvP0QF9j8CIF9EdmNK3KEnH2CBme0Xxbx/WOOCBCDPvvjJYvcvf95egcjZ+dWquiACPOkTFW3JS6M+sLa/pa6uVzjjWOIeBX+V3Pu12C9PjUWOoRfFOAX+SFzVJL4ugpzxsVRvgFvIgqXupq+y6bfWsK90pWeE5qzBSTKcSepm0GPGr/rJg0hJn4aVBbsdnXxM2ZCDorVUsFUsF9vXC2UIJlsx5yEdThqQ5MoEd6tRwRSfYA87dvMJrPfpB8qLIaFHNX684tJJn30Bx0vnkLW3oRcGKuBqZdJ/PI4yIm++QVKkBLVa106S2gpwejplTs510cW0VN+8yVJAuZhPZSij7FLlAE4zS0bjSo6lP098nSduB9h9eziOeLhd1KG16h+g8xP2CV1VsNhr9ao+2cmCeiHYhbceDilST+ASGztHMWarFIlJUL6qlCrptzEJTk+er2j7SfHHT0nNtEa4+JRvPq5C21Kd1pcQ7vKlvZ5flQs1vvXTGZhYZKTv5lrdWNEtVEzGh+KvTFJxqKz5LNvLPT/0yRqcO6deL/nmv3UCt+B0Ut2X6cNonJG76Ut78wcRv4YP2MwApDS9fSz2AGGVxm246qiUiKWWtM6w40aDjuPH7gCQEoDHwhJgvLgmSaibPwjJrDzO0hMGDrp6SxwIFNS1G2oAPcvOn4CL4JDuLCBs08NtDrQysl0WMgCIBM+1O5D8Lue0J0359/4fCzqNCvBoqgyss9YWZb6wy6C/Kz4ak/Qmt74uXsA71fduIs3zEs6CAPpQQlvXMlZYWczpenAS2b+gO6aHHEFZBJmJ6Vy9I4RoLIPH/8Ig1ManJzkgPODvGvcuE/WUDFmiIiwGMlFMFTchBTVUQSPaLFWMUk6FqeO1LTY2/Rc3lSWSuBVeAAtlUNa6kfXqh/9==‡YWoYWoÝzkE]P&À¨t•À¨tÂg½Pžƒ1ÿSMB+Àÿþ@JlJmIhClBsr¤YWoYWoÝzˆEzP	À¨t•À¨tÂg½P© NÿSMB2ÀÿþBYWoYWoÝzêEÜJ§À¨t•À¨tÂg½PG[5ÿSMB3Àÿþ@	5Ðój2we/eOEgsdJaALstzzVll0rPXIF501SIOmrcFEJh8lIEf8pW1daYqgEMXZ/1BpUzwMWD5jXvWQa+axhtIilVnEC1OwTGy3wi/r9LcDedgTXOnANzcYcUctIQTk1i2YSbSbAXQGfcsOz8WuTaRM6izqBTyXIK9tN11KVs795Y4BbKeIypCrVHOUY6Y2OtaHS9GhqoGojWs39jjKb9sPkWulrHwPEUl9A42NyUza+S6awW/ySODRkWkTKYS2zyEAso0k4KR4hl2KvJFDnwX157Hp1rsfwS2BCFjByigWVbdT5GMi0HaSukFUskn3ghnVP1G9fWhI7XzVi4XXu+uzDfYNainzFux7CUA33IhPTet1KPoVrQZYwzyjpv52sBPWG4RSCKDYRR+QUo0Pte8/0ix4PGf/VFzxDB+C3pHP2HGNsNX9zT9FJZLgOld40WLdof0IsgNeTLUVyy+o0FL/xp1+J0UQgpb71qWilo8RDEZqcFle9+FdGTlnR4ZcbgG7j1Td/YltwmCAZsTFbCQwmDls8KmZlvzaz4qOOLTuVAyX2e6HKfuPQmzs8X6rGnDTqtFvEELPjWtEQsxs8d1krRZO3FYFUUTeWphjMefQjj745faY6AHmnLK8sir5aG7B6v6OsqHGZ/UXDTPDCCbIBdz2ohdHbKAMH0rka/vVZXeQ8AdSwIOK8j792KDUQFq2BoEEHoOLmwCCg4D0Sbuyh+CcSDYyRiwsczJQE4XaI5LAsPBqpZhKnk6hvi+BYFJQPY3EErRBlIh1MFL7KnW3hroMlMUOaICr+hANsZvjgdN2HTldlqqwzUppld56Mjpy0lLCHljvKmjZyJhfgIwzlgk+wd4qQQGh1XAAV9d0Q5nTA9nWn8x5epjMix1c2jLx+Vdsz3DmzJ5hH32kHEdrxs3iIypHAdC4LXlzG8oKa1+XeHsGFyHSD1qFewdGpRdw4ilEHJHTT9XAKTFOzlP3iM8c9VJXAo96k4GU1EYMobVLqnC9zLwG2+eKzZsgPNE1gtMuXPnM2lOhFzai4FY2YFzQVT2ria1Uza4FKWrOniTXcWRUWKMyhmglP4S1yOtRjD9LEPTOhOeF85DFOtJPRVbIPl8QOjm2IE1rwQt4AbVR2o6YK5pUGXNLCZxXroI8l+mQX3gudA56Bcb/I7hfyeWZy5zaWa5BRrI1Ss+7D3v9knvDj8unV3n9SFY4n/tSxMhRPAF5WlNnTyXmwiWu37r8oWJHCv737uO8horQjTprukSyUEhfRPTnFAkNas3f2Dkf4scXeay8Xl0m5BBeCF2Uum25+98WKvjt988Fllxah/9ENvZyO0XLAJ2RFRcdZhEsXvJP+6RvXTR+zTStn+833TmvQZogXeY5NK9mXw8epopDiwcnR1b0KYlWYWoYWoÝzêEÜJ§À¨t•À¨tÂg½PUî2BgHDYu9M1ROg1FmsTm7jJg08idOnT97CVvLvCD/iGEit/o9ILECFLJh6nPHZIx2QTlMTWmT6m8SCDdvkCZGSmkmhyQYEMwgW+SxQG/WJxk5S87hAxZ8pFBkdbdYbv0TuM6N01xux/A88GDW7Ec/0sLDWM4j+rdKEcoKd+QdV/4XGxkr8Bm05FWwhAldsSsVjl6Hs2Fl645VswUWp1/F4phKmIc9K13XOR72bBoPtfm5SDEdhFZAEBbExSawLmCttNAnepuAcs6NXbNf9KMQN7OEmD/4TUy5qtNKk38o6eSycRpKon+V/9a7Z0MuCtAGKlNqWaQJ2kE/DayT0jUYpZjOriWrBDO1JvPSDeT8KUz69GgaefkUK/MKbqU9uzQ58e+PhJn5syo8cfmvr/WcWU01xKPJPv7qV633aOw4KdBNSKhHZHU3UMMjl7iGfmmZ0abo8Ku7cF5Po1seA7eb829Z/c4QyOKOCVexDQfVv0R7WSfX1FAGB1aCAU+usoxBVIHcdOYx2CW8cWiQf/JsigH08HmBl4n+yl93wgyAnKBBUSUz5mPSTMEVA2LbNj5s7WWgVqxbd/IlGz9VeRTMeJtSZVBihCnEjmBuIpBDe/kPpjWohNu/+fMLe0o77UmvP6fFj5PGLQVZbBLAT43E5Z/1CUEn8U5JKDzvCN0ErOvj2OKMaVG8DHaDKv76iEx0bUchORFfgVVbzIgLopHEBrRQ2nfnHYHMEMIF1mYp6t8ERWM8qG6GN+lihN8u1rA70NJMtcGPm/Y9JU5m8+N9havGpr+oJbNbLH23690Jgz48ANbhi/sb7jMRAnPdGj88jskgbZiQU1cV7pvTwNFUDNKDy7JglOw2cTe57K5krfjKuNe/GuF3P+RlP8P+nePLQopg+D4QJIIw8kKc0KO/emVJeDdX5v9NSny+xya10d1VLvaqWTlfbuiBsqUHM3yy0oS1IGFfcHsE+d5PaaxRm/3polguoVhY/i2hHsskV+kUAukZGRq5r3ATX9aJxAzq/TgBhiCBjEUWKZ3cE5u2P9+4dR3jfU23tlCz/tCU8hgjapCOWZv9fexHIRiyk6zayNSHAh2iVimiE0iOxS/OuRpbpunWetUNUi99Qdn/77VgXoArmoKDc76T3E+7ZhAfuDwN3OlSK91LZOK6dIwkKmnGRK3X4xV2yO5aKv+9CVnoun6MC4OSmdKQrtN4zZnAShPGa3yLpqS3VvaD+W5IRkA9dhgJi1NlYPDhKQB2pr7GgprbLruE8xtGkqWGFtDoqzIXeXU3XV6NOsK7TlcHbBf5Al7hQA8QCIbE5g4ZfwyOEVURorlqBIt+8ILoXLDHd4XF8D8MOtDq2xGmU1IAd1PgxNHG+92GH8TnERYGX9VnUZtXsc5UYavH/ofc195afb6eDIyQMoe9TRTwtMqt/4hUf9WsgchDdcnuMO3cuT3t6WIJuf794YWoZpãiÀ¨t•À¨tÂg½#YWoYWoZpEùKŠÀ¨t•À¨tÂg½Pý¨GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8KgrAP3loQnkmQdvP0QF9j8CIF9EdmNK3KEnH2CBme0Xxbx/WOOCBCDPvvjJYvcvf95egcjZ+dWquiACPOkTFW3JS6M+sLa/pa6uVzjjWOIeBX+V3Pu12C9PjUWOoRfFOAX+SFzVJL4ugpzxsVRvgFvIgqXupq+y6bfWsK90pWeE5qzBSTKcSepm0GPGr/rJg0hJn4aVBbsdnXxM2ZCDorVUsFUsF9vXC2UIJlsx5yEdThqQ5MoEd6tRwRSfYA87dvMJrPfpB8qLIaFHNX684tJJn30Bx0vnkLW3oRcGKuBqZdJ/PI4yIm++QVKkBLVa106S2gpwejplTs510cW0VN+8yVJAuZhPZSij7FLlAE4zS0bjSo6lP098nSduB9h9eziOeLhd1KG16h+g8xP2CV1VsNhr9ao+2cmCeiHYhbceDilST+ASGztHMWarFIlJUL6qlCrptzEJTk+er2j7SfHHT0nNtEa4+JRvPq5C21Kd1pcQ7vKlvZ5flQs1vvXTGZhYZKTv5lrdWNEtVEzGh+KvTFJxqKz5LNvLPT/0yRqcO6deL/nmv3UCt+B0Ut2X6cNonJG76Ut78wcRv4YP2MwApDS9fSz2AGGVxm246qiUiKWWtM6w40aDjuPH7gCQEoDHwhJgvLgmSaibPwjJrDzO0hMGDrp6SxwIFNS1G2oAPcvOn4CL4JDuLCBs08NtDrQysl0WMgCIBM+1O5D8Lue0J0359/4fCzqNCvBoqgyss9YWZb6wy6C/Kz4ak/Qmt74uXsA71fduIs3zEs6CAPpQQlvXMlZYWczpenAS2b+gO6aHHEFZBJmJ6Vy9I4RoLIPH/8Ig1ManJzkgPODvGvcuE/WUDFmiIiwGMlFMFTchBTVUQSPaLFWMUk6FqeO1LTY2/Rc3lSWSuBVeAAtlUNa6kfXqh/9==yYWoYWoZp]EOP4À¨t•À¨tÂg½P{‚#ÿSMBqÀÿþ@4YWs‘. Â	À¨t•À¨t¬ÃD½²YWsYWs‘.–Ä3ÆÝ%³õútEˆ	@€‡ÔÀ¨t•À¨t¬ÃD½ˆØ,ÚNPù¢ðl\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWs‘2 Â	À¨t•À¨tÃE½²YWsYWs‘2–¤r T%³õútEˆ
@€‡ðÀ¨t•À¨tÃE½9P°øè(PÿïX\ÿSMBuÀÿþ@ÿ\1\\192.1

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-12-09-T-07-28-34-08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap.txt - (50262 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/9/2019 -- 07:28:34. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2012094      1        2        670680238    14.07  8185     0        16671208    81940.16    0.00        81940.16   
  2        2018064      1        2        45958484     0.96   497      0        13241802    92471.80    0.00        92471.80   
  3        2024430      1        3        506643590    10.63  8508     0        12371900    59549.08    0.00        59549.08   
  4        2024216      1        1        445913608    9.36   8013     7760     8199100     55648.77    55258.78    67610.55   
  5        2020791      1        3        22040794     0.46   326      0        7719130     67609.80    0.00        67609.80   
  6        2018880      1        2        22981112     0.48   337      0        7491448     68193.21    0.00        68193.21   
  7        2020787      1        2        20334708     0.43   346      0        7467770     58770.83    0.00        58770.83   
  8        2023618      1        3        8271110      0.17   200      0        7354728     41355.55    0.00        41355.55   
  9        2024217      1        2        215565178    4.52   8508     44       7108920     25336.76    73017.27    25088.90   
  10       2008116      1        4        8319596      0.17   258      0        7092180     32246.50    0.00        32246.50   
  11       2018067      1        3        37839048     0.79   466      0        6798778     81199.67    0.00        81199.67   
  12       2102511      1        10       50546326     1.06   8957     0        6730784     5643.22     0.00        5643.22    
  13       2023617      1        3        7177748      0.15   173      0        6354814     41489.87    0.00        41489.87   
  14       2018060      1        2        37476558     0.79   481      0        5649784     77913.84    0.00        77913.84   
  15       2020691      1        1        15238326     0.32   319      0        3443688     47769.05    0.00        47769.05   
  16       2103001      1        5        45816168     0.96   8957     0        3153086     5115.12     0.00        5115.12    
  17       2018068      1        2        31490570     0.66   425      0        2897902     74095.46    0.00        74095.46   
  18       2102402      1        6        8185852      0.17   177      0        2826006     46247.75    0.00        46247.75   
  19       2103002      1        5        46055904     0.97   8957     0        2776892     5141.89     0.00        5141.89    
  20       2024219      1        1        202886080    4.26   8514     0        2672008     23829.70    0.00        23829.70   
  21       2014958      1        1        6292414      0.13   218      0        2476278     28864.28    0.00        28864.28   
  22       2022401      1        3        6675490      0.14   322      0        1331358     20731.34    0.00        20731.34   
  23       2020783      1        3        13662328     0.29   341      0        1108644     40065.48    0.00        40065.48   
  24       2021716      1        1        12895326     0.27   322      0        785856      40047.60    0.00        40047.60   
  25       2020796      1        2        12935684     0.27   335      0        508396      38613.98    0.00        38613.98   
  26       2020776      1        2        12492564     0.26   332      0        453800      37628.20    0.00        37628.20   
  27       2020784      1        2        14602414     0.31   368      0        445812      39680.47    0.00        39680.47   
  28       2021976      1        2        38725608     0.81   7983     0        439728      4851.01     0.00        4851.01    
  29       2102103      1        10       39619744     0.83   8185     0        438820      4840.53     0.00        4840.53    
  30       2008306      1        3        43197956     0.91   8726     0        430096      4950.49     0.00        4950.49    
  31       2017935      1        3        45404326     0.95   9300     0        427792      4882.19     0.00        4882.19    
  32       2103027      1        6        43254354     0.91   8957     0        422904      4829.11     0.00        4829.11    
  33       2018059      1        2        36808484     0.77   702      0        351142      52433.74    0.00        52433.74   
  34       2102955      1        4        4724076      0.10   108      0        339316      43741.44    0.00        43741.44   
  35       2018062      1        2        29085612     0.61   452      0        308986      64348.70    0.00        64348.70   
  36       2103159      1        4        39541578     0.83   8140     0        296778      4857.69     0.00        4857.69    
  37       2103158      1        6        44972692     0.94   9325     0        291912      4822.81     0.00        4822.81    
  38       2018065      1        2        28763820     0.60   438      0        290782      65670.82    0.00        65670.82   
  39       2020765      1        2        11234772     0.24   293      0        230912      38343.93    0.00        38343.93   
  40       2020695      1        1        12654566     0.27   335      0        215810      37774.82    0.00        37774.82   
  41       2018378      1        5        13960838     0.29   635      0        192342      21985.57    0.00        21985.57   
  42       2017707      1        4        11011978     0.23   326      0        189346      33779.07    0.00        33779.07   
  43       2020795      1        2        12500046     0.26   334      0        184756      37425.29    0.00        37425.29   
  44       2020775      1        2        10978036     0.23   294      0        172812      37340.26    0.00        37340.26   
  45       2001263      1        5        16155362     0.34   729      0        172416      22160.99    0.00        22160.99   
  46       2018061      1        2        31032116     0.65   476      0        151714      65193.52    0.00        65193.52   
  47       2103003      1        7        7535868      0.16   177      0        150874      42575.53    0.00        42575.53   
  48       2018558      1        5        6510094      0.14   1304     0        146744      4992.40     0.00        4992.40    
  49       2103421      1        4        832652       0.02   18       0        146462      46258.44    0.00        46258.44   
  50       2020790      1        2        11980484     0.25   315      0        134684      38033.28    0.00        38033.28   
  51       2102383      1        21       7139284      0.15   177      0        132960      40334.94    0.00        40334.94   
  52       2018066      1        2        32688372     0.69   504      0        122024      64857.88    0.00        64857.88   
  53       2102954      1        4        1112194      0.02   24       0        121652      46341.42    0.00        46341.42   
  54       2020613      1        3        11595426     0.24   315      0        120960      36810.88    0.00        36810.88   
  55       2018153      1        4        12026862     0.25   316      0        118294      38059.69    0.00        38059.69   
  56       2018063      1        3        30987034     0.65   469      0        116918      66070.43    0.00        66070.43   
  57       2018166      1        3        12321966     0.26   332      0        112704      37114.36    0.00        37114.36   
  58       2020781      1        5        12216542     0.26   326      0        109014      37474.06    0.00        37474.06   
  59       2021753      1        3        12142618     0.25   322      0        108958      37709.99    0.00        37709.99   
  60       2020609      1        4        12880854     0.27   345      0        108792      37335.81    0.00        37335.81   
  61       2020692      1        1        12004688     0.25   322      0        106298      37281.64    0.00        37281.64   
  62       2019602      1        1        12492258     0.26   328      0        106214      38086.15    0.00        38086.15   
  63       2020612      1        3        11629258     0.24   318      0        104948      36569.99    0.00        36569.99   
  64       2018085      1        2        10794078     0.23   335      0        98458       32221.13    0.00        32221.13   
  65       2018057      1        4        12641292     0.27   335      0        96560       37735.20    0.00        37735.20   
  66       2102466      1        9        5815518      0.12   108      53       94350       53847.39    76165.96    32340.40   
  67       2024220      1        2        1776014      0.04   34       31       93396       52235.71    54865.81    25058.00   
  68       2020768      1        2        11754646     0.25   321      0        92590       36618.83    0.00        36618.83   
  69       2020792      1        2        10914922     0.23   294      0        91520       37125.59    0.00        37125.59   
  70       2018636      1        2        13666588     0.29   369      0        91436       37036.82    0.00        37036.82   
  71       2102465      1        9        1345262      0.03   24       12       90944       56052.58    77967.33    34137.83   
  72       2018076      1        3        10418976     0.22   327      0        90808       31862.31    0.00        31862.31   
  73       2018487      1        4        4705808      0.10   292      0        90770       16115.78    0.00        16115.78   
  74       2020798      1        2        11688056     0.25   316      0        89360       36987.52    0.00        36987.52   
  75       2020777      1        2        12545774     0.26   340      0        88058       36899.34    0.00        36899.34   
  76       2018193      1        3        5944604      0.12   367      0        85866       16197.83    0.00        16197.83   
  77       2103231      1        4        773348       0.02   18       0        84992       42963.78    0.00        42963.78   
  78       2103029      1        6        42666364     0.90   8957     0        84626       4763.47     0.00        4763.47    
  79       2018281      1        4        39789924     0.83   8127     0        83838       4896.02     0.00        4896.02    
  80       2020694      1        1        11497034     0.24   310      0        83810       37087.21    0.00        37087.21   
  81       2020782      1        2        12022484     0.25   320      0        83790       37570.26    0.00        37570.26   
  82       2018376      1        4        13543856     0.28   635      0        82622       21328.91    0.00        21328.91   
  83       2102471      1        12       4943232      0.10   129      0        81704       38319.63    0.00        38319.63   
  84       2020772      1        2        11809182     0.25   324      0        81276       36448.09    0.00        36448.09   
  85       2102190      1        5        78869054     1.65   16726    0        80430       4715.36     0.00        4715.36    
  86       2020785      1        3        11108792     0.23   303      0        79064       36662.68    0.00        36662.68   
  87       2020586      1        3        12980900     0.27   341      0        78676       38067.16    0.00        38067.16   
  88       2103265      1        5        747254       0.02   18       0        78208       41514.11    0.00        41514.11   
  89       2023611      1        3        15618640     0.33   326      0        78014       47909.94    0.00        47909.94   
  90       2020778      1        2        11850598     0.25   322      0        77222       36803.10    0.00        36803.10   
  91       2020789      1        2        12133600     0.25   328      0        76788       36992.68    0.00        36992.68   
  92       2102472      1        11       5103942      0.11   108      0        76186       47258.72    0.00        47258.72   
  93       2103019      1        5        43186654     0.91   8957     0        75802       4821.55     0.00        4821.55    
  94       2020779      1        3        12164538     0.26   325      0        75402       37429.35    0.00        37429.35   
  95       2102468      1        9        4751922      0.10   129      0        75400       36836.60    0.00        36836.60   
  96       2020800      1        2        12440364     0.26   331      0        75176       37584.18    0.00        37584.18   
  97       2016922      1        12       12331018     0.26   322      0        75088       38295.09    0.00        38295.09   
  98       2025090      1        1        5156204      0.11   108      53       74786       47742.63    59785.13    36138.04   
  99       2018372      1        2        14244492     0.30   635      0        74728       22432.27    0.00        22432.27   
  100      2020767      1        2        11770496     0.25   316      0        74326       37248.41    0.00        37248.41   
  101      2018069      1        1        12696072     0.27   336      0        73916       37785.93    0.00        37785.93   
  102      2014703      1        9        431704       0.01   72       0        73408       5995.89     0.00        5995.89    
  103      2017877      1        3        14404638     0.30   322      0        73266       44734.90    0.00        44734.90   
  104      2020606      1        4        11070112     0.23   302      0        73090       36656.00    0.00        36656.00   
  105      2020607      1        3        11748106     0.25   320      0        72884       36712.83    0.00        36712.83   
  106      2018075      1        3        12029724     0.25   322      0        71896       37359.39    0.00        37359.39   
  107      2103035      1        9        43240808     0.91   8957     0        71862       4827.60     0.00        4827.60    
  108      2103230      1        4        751112       0.02   18       0        71764       41728.44    0.00        41728.44   
  109      2103024      1        3        1252144      0.03   27       0        71580       46375.70    0.00        46375.70   
  110      2018054      1        1        12725710     0.27   343      0        71518       37101.20    0.00        37101.20   
  111      2021065      1        2        12949440     0.27   348      0        71450       37211.03    0.00        37211.03   
  112      2020786      1        4        10989434     0.23   299      0        71210       36753.96    0.00        36753.96   
  113      2020766      1        2        11935500     0.25   322      0        70572       37066.77    0.00        37066.77   
  114      2020799      1        2        12181728     0.26   324      0        70566       37597.93    0.00        37597.93   
  115      2018485      1        3        5296108      0.11   336      0        70200       15762.23    0.00        15762.23   
  116      2018013      1        3        11461536     0.24   308      0        70172       37212.78    0.00        37212.78   
  117      2020788      1        2        12990710     0.27   353      0        69902       36800.88    0.00        36800.88   
  118      2017934      1        4        10033690     0.21   308      0        69874       32576.92    0.00        32576.92   
  119      2020611      1        4        12618976     0.26   336      0        69660       37556.48    0.00        37556.48   
  120      2103030      1        5        1000744      0.02   27       0        69310       37064.59    0.00        37064.59   
  121      2102979      1        4        4217986      0.09   108      0        69254       39055.43    0.00        39055.43   
  122      2020608      1        4        10425644     0.22   278      0        69250       37502.32    0.00        37502.32   
  123      2019083      1        2        12529632     0.26   338      0        68906       37069.92    0.00        37069.92   
  124      2103032      1        5        1107176      0.02   27       0        68886       41006.52    0.00        41006.52   
  125      2020770      1        2        1

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1200 bytes) - download
1
2
3
4
5
6
7
8
2019-12-09 07:28:17,869 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-12-09 07:28:18,660 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-12-09 07:28:18,661 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-12-09 07:28:18,661 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-12-09 07:28:18,661 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-12-09 07:28:18,662 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/59994f08e9dd9739c3a9b529ecf997d2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08112019.0024-2017-05-18-WannaCry-ransomware-using-EnternalBlue-exploit.pcap -vvv -k none
2019-12-09 07:28:34,187 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-12-09 07:28:34,188 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 16.3265669346