Filename: 1234567.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.2650940418 seconds
Hash: 59b13420275980705c373edd7925b3f6
Uploaded: 1553523149

Logfiles


suricata-report-2019-03-25-T-14-12-53-03252019.1412-1234567.pcap.txt - (17760 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/59b13420275980705c373edd7925b3f656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03252019.1412-1234567.pcap -vvv -k none
elapsedtime:23.309916
stderr:
stdout:
25/3/2019 -- 14:12:29 - <Info> - Configuration node 'rule-files' redefined.
25/3/2019 -- 14:12:29 - <Notice> - This is Suricata version 4.0.0 RELEASE
25/3/2019 -- 14:12:29 - <Info> - CPUs/cores online: 1
25/3/2019 -- 14:12:29 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33456 and 'request-body-inspect-window' set to 16975 after randomization.
25/3/2019 -- 14:12:29 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32162 and 'response-body-inspect-window' set to 16923 after randomization.
25/3/2019 -- 14:12:29 - <Config> - DNS request flood protection level: 500
25/3/2019 -- 14:12:29 - <Config> - DNS per flow memcap (state-memcap): 524288
25/3/2019 -- 14:12:29 - <Config> - DNS global memcap: 16777216
25/3/2019 -- 14:12:30 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
25/3/2019 -- 14:12:30 - <Config> - preallocated 1000 hosts of size 136
25/3/2019 -- 14:12:30 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
25/3/2019 -- 14:12:30 - <Config> - using magic-file /usr/share/file/magic
25/3/2019 -- 14:12:30 - <Config> - Core dump size is unlimited.
25/3/2019 -- 14:12:30 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
25/3/2019 -- 14:12:30 - <Config> - preallocated 1000 defrag trackers of size 168
25/3/2019 -- 14:12:30 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
25/3/2019 -- 14:12:30 - <Config> - stream "prealloc-sessions": 2048 (per thread)
25/3/2019 -- 14:12:30 - <Config> - stream "memcap": 33554432
25/3/2019 -- 14:12:30 - <Config> - stream "midstream" session pickups: disabled
25/3/2019 -- 14:12:30 - <Config> - stream "async-oneside": disabled
25/3/2019 -- 14:12:30 - <Config> - stream "checksum-validation": disabled
25/3/2019 -- 14:12:30 - <Config> - stream."inline": disabled
25/3/2019 -- 14:12:30 - <Config> - stream "bypass": disabled
25/3/2019 -- 14:12:30 - <Config> - stream "max-synack-queued": 5
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly "memcap": 134217728
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly "depth": 0
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly "toserver-chunk-size": 2482
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly "toclient-chunk-size": 2542
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly.raw: enabled
25/3/2019 -- 14:12:30 - <Config> - stream.reassembly "segment-prealloc": 2048
25/3/2019 -- 14:12:30 - <Config> - Delayed detect disabled
25/3/2019 -- 14:12:30 - <Config> - pattern matchers: MPM: ac, SPM: bm
25/3/2019 -- 14:12:30 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
25/3/2019 -- 14:12:30 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
25/3/2019 -- 14:12:30 - <Config> - prefilter engines: MPM
25/3/2019 -- 14:12:30 - <Config> - IP reputation disabled
25/3/2019 -- 14:12:30 - <Perf> - Registered 148 keyword profiling counters.
25/3/2019 -- 14:12:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
25/3/2019 -- 14:12:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
25/3/2019 -- 14:12:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
25/3/2019 -- 14:12:35 - <Config> - No rules loaded from ET-icmp.rules.
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
25/3/2019 -- 14:12:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
25/3/2019 -- 14:12:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
25/3/2019 -- 14:12:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
25/3/2019 -- 14:12:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
25/3/2019 -- 14:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
25/3/2019 -- 14:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
25/3/2019 -- 14:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
25/3/2019 -- 14:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
25/3/2019 -- 14:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
25/3/2019 -- 14:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
25/3/2019 -- 14:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
25/3/2019 -- 14:12:42 - <Config> - No rules loaded from local.rules.
25/3/2019 -- 14:12:42 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
25/3/2019 -- 14:12:42 - <Info> - Threshold config parsed: 0 rule(s) found
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tcp-packet
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tcp-stream
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for udp-packet
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for other-ip
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_uri
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_request_line
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_client_body
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_response_line
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_header
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_header
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_header_names
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_header_names
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_accept
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_accept_enc
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_accept_lang
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_referer
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_connection
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_content_len
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_content_len
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_content_type
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_content_type
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_protocol
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_protocol
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_start
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_start
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_raw_header
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_raw_header
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_method
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_cookie
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_cookie
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_raw_uri
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_user_agent
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_host
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_raw_host
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_stat_msg
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_stat_code
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for dns_query
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tls_sni
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tls_cert_issuer
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tls_cert_subject
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for tls_cert_serial
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for dce_stub_data
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for dce_stub_data
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for ssh_protocol
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for ssh_protocol
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for ssh_software
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for ssh_software
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for file_data
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for file_data
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_request_line
25/3/2019 -- 14:12:43 - <Perf> - using shared mpm ctx' for http_response_line
25/3/2019 -- 14:12:43 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
25/3/2019 -- 14:12:43 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
25/3/2019 -- 14:12:43 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
25/3/2019 -- 14:12:43 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
25/3/2019 -- 14:12:43 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
25/3/2019 -- 14:12:43 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
25/3/2019 -- 14:12:43 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
25/3/2019 -- 14:12:43 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
25/3/2019 -- 14:12:49 - <Perf> - Unique rule groups: 104
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toserver TCP packet": 35
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toclient TCP packet": 17
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toserver TCP stream": 33
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toclient TCP stream": 19
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toserver UDP packet": 27
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "toclient UDP packet": 17
25/3/2019 -- 14:12:49 - <Perf> - Builtin MPM "other IP packet": 3
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_uri": 14
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_request_line": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_client_body": 6
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_response_line": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_header": 10
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_header": 6
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_header_names": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_accept": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_referer": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_content_len": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_content_type": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_content_type": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_protocol": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_start": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_method": 5
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_cookie": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_cookie": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver http_host": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver dns_query": 4
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver tls_sni": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toserver file_data": 1
25/3/2019 -- 14:12:49 - <Perf> - AppLayer MPM "toclient file_data": 7
25/3/2019 -- 14:12:51 - <Perf> - Registered 39590 rule profiling counters.
25/3/2019 -- 14:12:51 - <Info> - fast output device (regular) initialized: alert
25/3/2019 -- 14:12:51 - <Info> - eve-log output device (regular) initialized: eve.json
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'alert'
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'http'
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'dns'
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'tls'
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'files'
25/3/2019 -- 14:12:51 - <Config> - enabling 'eve-log' module 'ssh'
25/3/2019 -- 14:12:51 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
25/3/2019 -- 14:12:51 - <Info> - stats output device (regular) initialized: stats.log
25/3/2019 -- 14:12:51 - <Config> - AutoFP mode using "Hash" flow load balancer
25/3/2019 -- 14:12:51 - <Info> - reading pcap file /var/pcap/03252019.1412-1234567.pcap
25/3/2019 -- 14:12:51 - <Config> - using 1 flow manager threads
25/3/2019 -- 14:12:51 - <Config

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-03-25-T-14-12-53-03252019.1412-1234567.pcap.txt - (80342 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/25/2019 -- 14:12:53. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2802205      1        3        19574958     4.79   9        0        19551051    2174995.33  0.00        2174995.33 
  2        2022482      1        3        4410087      1.08   2        0        4378500     2205043.50  0.00        2205043.50 
  3        2822213      1        2        7675122      1.88   58       0        3702607     132329.69   0.00        132329.69  
  4        2815453      1        4        57025892     13.96  108      0        1014440     528017.52   0.00        528017.52  
  5        2017556      1        3        1168418      0.29   12       0        761862      97368.17    0.00        97368.17   
  6        2807932      1        6        1922781      0.47   7        0        301309      274683.00   0.00        274683.00  
  7        2820157      1        2        5722964      1.40   38       0        268079      150604.32   0.00        150604.32  
  8        2820158      1        2        5532967      1.35   38       0        258862      145604.39   0.00        145604.39  
  9        2819940      1        3        12741351     3.12   81       0        245048      157300.63   0.00        157300.63  
  10       2018342      1        2        14965970     3.66   124      0        236594      120693.31   0.00        120693.31  
  11       2019833      1        7        8876536      2.17   58       0        236210      153043.72   0.00        153043.72  
  12       2816510      1        3        12800025     3.13   81       0        234929      158025.00   0.00        158025.00  
  13       2021946      1        2        8638873      2.11   58       0        228884      148946.09   0.00        148946.09  
  14       2808990      1        5        3824353      0.94   27       0        223425      141642.70   0.00        141642.70  
  15       2017502      1        2        2107966      0.52   14       0        221824      150569.00   0.00        150569.00  
  16       2819930      1        2        12193079     2.99   74       0        212482      164771.34   0.00        164771.34  
  17       2017501      1        2        2170073      0.53   14       0        200534      155005.21   0.00        155005.21  
  18       2819664      1        2        11844073     2.90   74       0        198692      160055.04   0.00        160055.04  
  19       2017500      1        2        2188314      0.54   14       0        192395      156308.14   0.00        156308.14  
  20       2016174      1        3        909574       0.22   6        0        186244      151595.67   0.00        151595.67  
  21       2023476      1        5        8560546      2.10   58       0        185622      147595.62   0.00        147595.62  
  22       2019832      1        4        4836680      1.18   58       0        161406      83391.03    0.00        83391.03   
  23       2017499      1        2        1813536      0.44   14       0        158485      129538.29   0.00        129538.29  
  24       2814259      1        6        835707       0.20   6        0        144988      139284.50   0.00        139284.50  
  25       2024031      1        2        567351       0.14   5        0        138683      113470.20   0.00        113470.20  
  26       2809168      1        2        727695       0.18   7        0        133668      103956.43   0.00        103956.43  
  27       2016537      1        2        10551158     2.58   492      74       130329      21445.44    61147.19    14416.90   
  28       2018005      1        6        3545524      0.87   58       0        115862      61129.72    0.00        61129.72   
  29       2811745      1        4        661892       0.16   7        0        111935      94556.00    0.00        94556.00   
  30       2812616      1        2        1988547      0.49   55       0        110290      36155.40    0.00        36155.40   
  31       2814978      1        2        3626079      0.89   58       0        105514      62518.60    0.00        62518.60   
  32       2829607      1        1        472974       0.12   10       2        105103      47297.40    93545.50    35735.38   
  33       2022627      1        12       2941394      0.72   58       0        102853      50713.69    0.00        50713.69   
  34       2826256      1        2        3435853      0.84   75       0        99208       45811.37    0.00        45811.37   
  35       2024138      1        2        458049       0.11   13       0        97701       35234.54    0.00        35234.54   
  36       2014442      1        6        600641       0.15   12       0        96886       50053.42    0.00        50053.42   
  37       2830035      1        2        412954       0.10   10       0        94839       41295.40    0.00        41295.40   
  38       2024141      1        2        447282       0.11   13       0        87067       34406.31    0.00        34406.31   
  39       2821579      1        2        569682       0.14   7        0        86289       81383.14    0.00        81383.14   
  40       2814979      1        2        3527492      0.86   58       0        84773       60818.83    0.00        60818.83   
  41       2019083      1        2        111391       0.03   2        0        83945       55695.50    0.00        55695.50   
  42       2808793      1        3        1969681      0.48   55       0        83813       35812.38    0.00        35812.38   
  43       2805089      1        6        1991100      0.49   55       0        80377       36201.82    0.00        36201.82   
  44       2018457      1        1        2394708      0.59   58       0        79205       41288.07    0.00        41288.07   
  45       2812433      1        2        478201       0.12   14       0        78731       34157.21    0.00        34157.21   
  46       2815156      1        2        398898       0.10   12       0        78203       33241.50    0.00        33241.50   
  47       2022535      1        11       2987192      0.73   58       0        76365       51503.31    0.00        51503.31   
  48       2815568      1        2        829350       0.20   14       0        75383       59239.29    0.00        59239.29   
  49       2018191      1        2        97270        0.02   2        0        75079       48635.00    0.00        48635.00   
  50       2023083      1        2        2164275      0.53   74       0        74140       29246.96    0.00        29246.96   
  51       2816895      1        2        543699       0.13   12       0        73707       45308.25    0.00        45308.25   
  52       2821615      1        2        546922       0.13   10       0        73595       54692.20    0.00        54692.20   
  53       2804095      1        2        1726519      0.42   55       0        72861       31391.25    0.00        31391.25   
  54       2802881      1        3        405205       0.10   13       0        72800       31169.62    0.00        31169.62   
  55       2017119      1        4        399278       0.10   12       0        72278       33273.17    0.00        33273.17   
  56       2810686      1        6        72132        0.02   1        0        72132       72132.00    0.00        72132.00   
  57       2816619      1        2        5056992      1.24   683      0        71995       7404.09     0.00        7404.09    
  58       2816327      1        4        71511        0.02   1        0        71511       71511.00    0.00        71511.00   
  59       2830124      1        1        506138       0.12   10       0        70592       50613.80    0.00        50613.80   
  60       2823858      1        3        630502       0.15   14       0        68098       45035.86    0.00        45035.86   
  61       2816165      1        5        2951345      0.72   75       0        66532       39351.27    0.00        39351.27   
  62       2821227      1        2        2348803      0.58   160      0        65627       14680.02    0.00        14680.02   
  63       2815220      1        2        470471       0.12   12       0        65112       39205.92    0.00        39205.92   
  64       2811274      1        7        1184375      0.29   55       0        64359       21534.09    0.00        21534.09   
  65       2824636      1        2        1508941      0.37   58       0        64013       26016.22    0.00        26016.22   
  66       2020963      1        2        410456       0.10   12       0        63233       34204.67    0.00        34204.67   
  67       2805155      1        3        1925774      0.47   55       0        62100       35014.07    0.00        35014.07   
  68       2827279      1        5        62001        0.02   1        0        62001       62001.00    0.00        62001.00   
  69       2829644      1        1        314398       0.08   10       0        61587       31439.80    0.00        31439.80   
  70       2816940      1        2        61171        0.01   1        0        61171       61171.00    0.00        61171.00   
  71       2021067      1        2        546309       0.13   14       14       61138       39022.07    39022.07    0.00       
  72       2020960      1        2        88481        0.02   2        0        60939       44240.50    0.00        44240.50   
  73       2024771      1        1        4721320      1.16   532      0        60743       8874.66     0.00        8874.66    
  74       2827989      1        2        60596        0.01   1        0        60596       60596.00    0.00        60596.00   
  75       2828008      1        2        60511        0.01   1        0        60511       60511.00    0.00        60511.00   
  76       2019094      1        5        490640       0.12   14       0        60139       35045.71    0.00        35045.71   
  77       2022896      1        5        104709       0.03   2        0        60119       52354.50    0.00        52354.50   
  78       2823676      1        2        60079        0.01   1        1        60079       60079.00    60079.00    0.00       
  79       2020778      1        2        138432       0.03   4        0        59369       34608.00    0.00        34608.00   
  80       2021413      1        2        471628       0.12   14       0        58401       33687.71    0.00        33687.71   
  81       2017076      1        9        455832       0.11   12       0        58309       37986.00    0.00        37986.00   
  82       2017190      1        6        79932        0.02   2        0        58249       39966.00    0.00        39966.00   
  83       2816909      1        2        57942        0.01   1        0        57942       57942.00    0.00        57942.00   
  84       2022552      1        2        2259845      0.55   107      0        57826       21120.05    0.00        21120.05   
  85       2815181      1        3        421135       0.10   12       0        57273       35094.58    0.00        35094.58   
  86       2809363      1        3        439273       0.11   14       0        57100       31376.64    0.00        31376.64   
  87       2012707      1        5        1516225      0.37   67       0        56813       22630.22    0.00        22630.22   
  88       2015877      1        6        430155       0.11   14       0        56806       30725.36    0.00        30725.36   
  89       2816910      1        2        56157        0.01   1        0        56157       56157.00    0.00        56157.00   
  90       2017703      1        3        1151980      0.28   55       0        56113       20945.09    0.00        20945.09   
  91       2816842      1        3        2348218      0.57   160      0        55925       14676.36    0.00        14676.36   
  92       2018403      1        10       104619       0.03   2        0        55581       52309.50    0.00        52309.50   
  93       2828986      1        2        465080       0.11   14       0        55093       33220.00    0.00        33220.00   
  94       2022830      1        2        89964        0.02   2        0        54778       44982.00    0.00        44982.00   
  95       2100540      1        12       479522       0.12   143      0        54465       3353.30     0.00        3353.30    
  96       2022550      1        16       87814        0.02   2        0        54415       43907.00    0.00        43907.00   
  97       2017731      1        3        1152755      0.28   55       0        54392       20959.18    0.00        20959.18   
  98       2815182      1        3        420030       0.10   12       0        54315       35002.50    0.00        35002.50   
  99       2022658      1        4        86655        0.02   2        0        53289       43327.50    0.00        43327.50   
  100      2021065      1        2        52879        0.01   1        0        52879       52879.00    0.00        52879.00   
  101      2830036      1        1        2168729      0.53   65       0        52663       33365.06    0.00        33365.06   
  102      2021418      1        9        473249       0.12   14       0        52477       33803.50    0.00        33803.50   
  103      2815979      1        2        230359       0.06   14       0        52446       16454.21    0.00        16454.21   
  104      2809909      1        5        300579       0.07   6        0        52188       50096.50    0.00        50096.50   
  105      2014363      1        7        140348       0.03   8        0        52133       17543.50    0.00        17543.50   
  106      2018055      1        3        2368807      0.58   263      0        51604       9006.87     0.00        9006.87    
  107      2016578      1        5        77314        0.02   2        0        51341       38657.00    0.00        38657.00   
  108      2821647      1        2        2218888      0.54   160      0        50978       13868.05    0.00        13868.05   
  109      2815180      1        3        458846       0.11   12       0        50974       38237.17    0.00        38237.17   
  110      2802876      1        3        587838       0.14   21       0        50899       27992.29    0.00        27992.29   
  111      2821648      1        2        2239899      0.55   160      0        50646       13999.37    0.00        13999.37   
  112      2016141      1        5        97877        0.02   2        0        50406       48938.50    0.00        48938.50   
  113      2022264      1        4        66097        0.02   2        0        50258       33048.50    0.00        33048.50   
  114      2012649      1        5        196895       0.05   5        0        50129       39379.00    0.00        39379.00   
  115      2806802      1        2        3558734      0.87   178      0        49900       19992.89    0.00        19992.89   
  116      2017454      1        12       427528       0.10   12       0        49042       35627.33    0.00        35627.33   
  117      2025064      1        5        48994        0.01   1        0        48994       48994.00    0.00        48994.00   
  118      2017456      1        3        403956       0.10   12       0        48686       33663.00    0.00        33663.00   
  119      2815614      1        3        48521        0.01   1        0        48521       48521.00    0.00        48521.00   
  120      2816525      1        10       48331        0.01   1        0        48331       48331.00    0.00        48331.00   
  121      2811826      1        7        447048       0.11   12       0        48230       37254.00    0.00        37254.00   
  122      2815748      1        2        1166409      0.29   55       0        47969       21207.44    0.00        21207.44   
  123      2024140      1        2        450683       0.11   13       0        47907       34667.92    0.00        34667.92   
  124      2021607      1        6        68791        0.02   2        0        47593       34395.50    0.00        34395.50   
  125      2815886      1        2        1

This file has been truncated. Go here to download in full.


packet_stats.log - (15563 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3454           272598      966406700     581482908       2008.4b   99.56
 IPv4      17            28          5875814      801665455     314831487          8.8b    0.44
 IPv6      17             3          6139034       42981825      18559247         55.7m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3454            66733       16796785        313117          1.1b   91.76
TMM_FLOWWORKER              IPv4      17            28           119184        7890027        944749         26.5m    2.24
TMM_RECEIVEPCAPFILE         IPv4       6          3354             2531       12014451          6522         21.9m    1.86
TMM_RECEIVEPCAPFILE         IPv4      17            28             2566          11328          3114         87.2k    0.01
TMM_DECODEPCAPFILE          IPv4       6          3354             2643       14262608          8465         28.4m    2.41
TMM_DECODEPCAPFILE          IPv4      17            28             2711          38204          4483        125.5k    0.01
TMM_FLOWWORKER              IPv6      17             3           117100       19859204       6728909         20.2m    1.71
TMM_RECEIVEPCAPFILE         IPv6      17             3             2569           2983          2809          8.4k    0.00
TMM_DECODEPCAPFILE          IPv6      17             3             2849          20442          8775         26.3k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3354             2818          39078          3339         11.2m  1.06  
flow                    IPv4      17            28             2687          27022          5555        155.6k  0.01  
stream                  IPv4       6          3454             2742         673257         13225         45.7m  4.33  
app-layer               IPv4      17            28             2523        6888053        262584          7.4m  0.70  
detect                  IPv4       6          3454            44473       16758995        274923        949.6m  90.03 
detect                  IPv4      17            28           102532         584606        354666          9.9m  0.94  
tcp-prune               IPv4       6          3454             2541          61009          3103         10.7m  1.02  
flow                    IPv6      17             3             9961          20638         13634         40.9k  0.00  
app-layer               IPv6      17             3             2736          11347          7765         23.3k  0.00  
detect                  IPv6      17             3            93360       19818981       6694008         20.1m  1.90  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             2783         412340         34227        650.3k  63.71 
tls                     IPv4       6            76             2602           5161          2961        225.1k  22.05 
dns                     IPv4      17            22             3801          18624          6609        145.4k  14.24 
Proto detect            IPv4       6             2             3251           7356          5303         10.6k
Proto detect            IPv4      17            22             3068          32139          8732        192.1k
Proto detect            IPv6      17             2             3424           5022          4223          8.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            85654          85654         85654         85.7k  0.39  
LOGGER_UNIFIED2             IPv4       6             1           232358         232358        232358        232.4k  1.06  
LOGGER_JSON_ALERT           IPv4       6             1            92288          92288         92288         92.3k  0.42  
LOGGER_JSON_DNS             IPv4      17            22            29763        7238447        388420          8.5m  39.06 
LOGGER_JSON_HTTP            IPv4       6            73            34733         136438         64865          4.7m  21.65 
LOGGER_JSON_TLS             IPv4       6            59             3290          97135         49266          2.9m  13.29 
LOGGER_JSON_FILE            IPv4       6            58            48477         290330         91010          5.3m  24.13 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1666             2578        7318020         32119        53.5m  24.41 
payload                           IPv4      17            28             3297          61427         22607       633.0k  0.29  
stream                            IPv4       6          1666             2532         326303         31425        52.4m  23.88 
http_uri                          IPv4       6            75             3927          53252         12531       939.9k  0.43  
http_request_line                 IPv4       6            75             3002          23685          5593       419.5k  0.19  
http_client_body                  IPv4       6            75             2796           4376          3182       238.7k  0.11  
http_header (request)             IPv4       6            75             3860          61930         12095       907.1k  0.41  
http_header (request trailer)     IPv4       6            75             2572           3361          2674       200.6k  0.09  
http_header_names (request)       IPv4       6            75             3170          23405          7094       532.1k  0.24  
http_accept (request)             IPv4       6            75             2883          10342          3465       259.9k  0.12  
http_referer (request)            IPv4       6            75             2670          18570          3192       239.4k  0.11  
http_content_len (request)        IPv4       6            75             2687          26797          3509       263.2k  0.12  
http_content_type (request)       IPv4       6            75             2679          32080          3643       273.3k  0.12  
http_protocol (request)           IPv4       6            75             2807          53658          4989       374.2k  0.17  
http_start (request)              IPv4       6            75             3623          20360          7276       545.7k  0.25  
http_raw_header (request)         IPv4       6            75             5876          14946          7191       539.4k  0.25  
http_method                       IPv4       6            75             3126          20955          4883       366.2k  0.17  
http_cookie (request)             IPv4       6            75             2755           3958          2985       223.9k  0.10  
http_raw_uri                      IPv4       6            75             2930          17704          4529       339.7k  0.15  
http_user_agent                   IPv4       6            75             2712          29347          3416       256.2k  0.12  
http_host                         IPv4       6            75             3229          10943          5733       430.0k  0.20  
dns_query                         IPv4      17            11             3078          10656          7236        79.6k  0.04  
tls_sni                           IPv4       6            59             3011           7958          4822       284.5k  0.13  
http_response_line                IPv4       6            71             3494          40220          6628       470.6k  0.21  
http_header (response)            IPv4       6            71             9583          73815         27011         1.9m  0.87  
http_header (response trailer)    IPv4       6            71             2599           3426          2820       200.3k  0.09  
http_content_type (response)      IPv4       6            71             3545          19662          5584       396.5k  0.18  
http_raw_header (response)        IPv4       6           696             3827          28773          4989         3.5m  1.58  
http_cookie (response)            IPv4       6            71             2929          32206          3644       258.8k  0.12  
http_stat_code                    IPv4       6            71             2923          39440          3842       272.8k  0.12  
tls_cert_issuer                   IPv4       6            59             2622           7797          4602       271.5k  0.12  
tls_cert_subject                  IPv4       6            59             2859           6260          4230       249.6k  0.11  
tls_cert_serial                   IPv4       6            59             2794           5642          3947       232.9k  0.11  
file_data (http response)         IPv4       6           627             2568       15681627        155017        97.2m  44.33 
Total                             IPv4                  6706                                         32679       219.2m
payload                           IPv6      17             3             3531          43654         28412        85.2k  0.04  
Total                             IPv6                     3                                         28412        85.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           144             3292         102183         35403          5.1m  0.38  
PROF_DETECT_IPONLY          IPv4      17            24            37085         180080         57216          1.4m  0.10  
PROF_DETECT_RULES           IPv4       6          3454             2528        6988060        125750        434.3m  32.10 
PROF_DETECT_RULES           IPv4      17            28            44601         374095        190021          5.3m  0.39  
PROF_DETECT_STATEFUL_START    IPv4       6           742             5111        2357724        261520        194.0m  14.34 
PROF_DETECT_STATEFUL_CONT    IPv4       6          3454             2511        7435280         13643         47.1m  3.48  
PROF_DETECT_STATEFUL_CONT    IPv4      17            28             2588          49939          7486        209.6k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3143             2545          55756          2896          9.1m  0.67  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            22             2634          12288          3369         74.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          3454             7823       15966640         90699        313.3m  23.15 
PROF_DETECT_PREFILTER       IPv4      17            28            23952          87569         54078          1.5m  0.11  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1666            13637        7330565         71919        119.8m  8.85  
PROF_DETECT_PF_PAYLOAD      IPv4      17            28             8388          67078         27917        781.7k  0.06  
PROF_DETECT_PF_TX           IPv4       6          3143             2545       15697903         41945        131.8m  9.74  
PROF_DETECT_PF_TX           IPv4      17            11             8465          16609         13330        146.6k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6          1411             2526          73926          3656          5.2m  0.38  
PROF_DETECT_PF_SORT1        IPv4      17            28             2619           5384          4015        112.4k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6          3454             2516         108200          3037         10.5m  0.78  
PROF_DETECT_PF_SORT2        IPv4      17            28             2545           5936          3532         98.9k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          3454             2538        5750173          4663         16.1m  1.19  
PROF_DETECT_NONMPMLIST      IPv4      17            28             2610          26239          3975        111.3k  0.01  
PROF_DETECT_ALERT           IPv4       6          3454             2512          45080          2789          9.6m  0.71  
PROF_DETECT_ALERT           IPv4      17            28             2529          15330          3245         90.9k  0.01  
PROF_DETECT_CLEANUP         IPv4       6          3454             2553          36085          2941         10.2m  0.75  
PROF_DETECT_CLEANUP         IPv4      17            28             2525          18360          3997        111.9k  0.01  
PROF_DETECT_GETSGH          IPv4       6          3454             2512        5684281          4808         16.6m  1.23  
PROF_DETECT_GETSGH          IPv4      17            28             2754         114350          9418        263.7k  0.02  
PROF_DETECT_IPONLY          IPv6      17             2             7300          16577         11938         23.9k  0.00  
PROF_DETECT_RULES           IPv6      17             3            34126       19684539       6587314         19.8m  1.46  
PROF_DETECT_STATEFUL_CONT    IPv6      17             3             2592           2778          2656          8.0k  0.00  
PROF_DETECT_PREFILTER       IPv6      17             3            24366          66214         50677        152.0k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv6      17             3             8594          48977         33587        100.8k  0.01  
PROF_DETECT_PF_SORT1        IPv6      17             3             2689           4474          3343         10.0k  0.00  
PROF_DETECT_PF_SORT2        IPv6      17             3             2560           3404          2927          8.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv6      17             3             2741           3144          2883          8.7k  0.00  
PROF_DETECT_ALERT           IPv6      17             3             2534           3794          2972          8.9k  0.00  
PROF_DETECT_CLEANUP         IPv6      17             3             2562           8383          4644         13.9k  0.00  
PROF_DETECT_GETSGH          IPv6      17             3             3396          20305          9995         30.0k  0.00  


stats.log - (3153 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 3/25/2019 -- 14:12:53 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3400
decoder.bytes                              | Total                     | 2160704
decoder.ipv4                               | Total                     | 3382
decoder.ipv6                               | Total                     | 3
decoder.ethernet                           | Total                     | 3400
decoder.tcp                                | Total                     | 3354
decoder.udp                                | Total                     | 31
decoder.avg_pkt_size                       | Total                     | 635
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 72
flow.udp                                   | Total                     | 15
tcp.sessions                               | Total                     | 72
tcp.syn                                    | Total                     | 72
tcp.synack                                 | Total                     | 72
tcp.rst                                    | Total                     | 43
tcp.overlap                                | Total                     | 22
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 10
app_layer.tx.http                          | Total                     | 75
app_layer.flow.tls                         | Total                     | 58
app_layer.flow.failed_tcp                  | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 11
app_layer.tx.dns_udp                       | Total                     | 11
app_layer.flow.failed_udp                  | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 65
flow_mgr.flows_notimeout                   | Total                     | 65
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65471
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7099360


eve.json - (80890 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{"timestamp":"2019-03-24T14:33:34.999564+0000","flow_id":1012983425548428,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.100.158","src_port":55520,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10326,"rrname":"domekan.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:35.013051+0000","flow_id":1012983425548428,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55520,"proto":"UDP","dns":{"type":"answer","id":10326,"rcode":"NOERROR","rrname":"domekan.ru","rrtype":"A","ttl":10048,"rdata":"81.177.141.23"}}
{"timestamp":"2019-03-24T14:33:35.488265+0000","flow_id":1201425115726370,"pcap_cnt":23,"event_type":"http","src_ip":"192.168.100.158","src_port":49174,"dest_ip":"81.177.141.23","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:35.510108+0000","flow_id":1201425115726370,"pcap_cnt":24,"event_type":"fileinfo","src_ip":"81.177.141.23","src_port":80,"dest_ip":"192.168.100.158","dest_port":49174,"proto":"TCP","http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/domekan.ru\/dataCenter","length":154},"app_proto":"http","fileinfo":{"filename":"\/dataCenter","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:35.795990+0000","flow_id":1878337731383352,"pcap_cnt":30,"event_type":"tls","src_ip":"192.168.100.158","src_port":49175,"dest_ip":"81.177.141.23","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.141.23","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:38.552772+0000","flow_id":1735839306613693,"pcap_cnt":56,"event_type":"tls","src_ip":"192.168.100.158","src_port":49225,"dest_ip":"81.177.141.23","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.141.23","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:38.738254+0000","flow_id":869097726454769,"pcap_cnt":60,"event_type":"http","src_ip":"192.168.100.158","src_port":49220,"dest_ip":"81.177.141.23","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:40.197714+0000","flow_id":600821184332882,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.100.158","src_port":55002,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42542,"rrname":"kifge43.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:40.211014+0000","flow_id":600821184332882,"pcap_cnt":75,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55002,"proto":"UDP","dns":{"type":"answer","id":42542,"rcode":"NOERROR","rrname":"kifge43.ru","rrtype":"A","ttl":8965,"rdata":"81.177.6.123"}}
{"timestamp":"2019-03-24T14:33:40.403280+0000","flow_id":1091959284568798,"pcap_cnt":90,"event_type":"tls","src_ip":"192.168.100.158","src_port":49254,"dest_ip":"81.177.6.123","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.6.123","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:40.600391+0000","flow_id":1474997352938127,"pcap_cnt":97,"event_type":"http","src_ip":"192.168.100.158","src_port":49251,"dest_ip":"81.177.6.123","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"kifge43.ru","url":"\/MatherFuckerAv.dll","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:41.137488+0000","flow_id":703990593820944,"pcap_cnt":222,"event_type":"dns","src_ip":"192.168.100.158","src_port":63133,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53095,"rrname":"ip-api.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:41.157789+0000","flow_id":703990593820944,"pcap_cnt":223,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":63133,"proto":"UDP","dns":{"type":"answer","id":53095,"rcode":"NOERROR","rrname":"ip-api.com","rrtype":"A","ttl":99,"rdata":"185.194.141.58"}}
{"timestamp":"2019-03-24T14:33:41.488274+0000","flow_id":759846643526418,"pcap_cnt":231,"event_type":"alert","src_ip":"192.168.100.158","src_port":49266,"dest_ip":"185.194.141.58","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022082,"rev":3,"signature":"ET POLICY External IP Lookup ip-api.com","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-24T14:33:41.488274+0000","flow_id":759846643526418,"pcap_cnt":231,"event_type":"alert","src_ip":"192.168.100.158","src_port":49266,"dest_ip":"185.194.141.58","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2823676,"rev":2,"signature":"ETPRO TROJAN W32\/Quasar 1.3 RAT Connectivity Check","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-03-24T14:33:41.488274+0000","flow_id":759846643526418,"pcap_cnt":231,"event_type":"http","src_ip":"192.168.100.158","src_port":49266,"dest_ip":"185.194.141.58","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.3; rv:48.0) Gecko\/20100101 Firefox\/48.0","http_content_type":"application\/json"}}
{"timestamp":"2019-03-24T14:33:41.518189+0000","flow_id":759846643526418,"pcap_cnt":232,"event_type":"fileinfo","src_ip":"185.194.141.58","src_port":80,"dest_ip":"192.168.100.158","dest_port":49266,"proto":"TCP","http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.3; rv:48.0) Gecko\/20100101 Firefox\/48.0","http_content_type":"application\/json","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":253},"app_proto":"http","fileinfo":{"filename":"\/json\/","gaps":false,"state":"CLOSED","stored":false,"size":253,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:42.663589+0000","flow_id":892445168902181,"pcap_cnt":243,"event_type":"dns","src_ip":"192.168.100.158","src_port":50669,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59711,"rrname":"ii.doshimotai.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:42.678247+0000","flow_id":892445168902181,"pcap_cnt":244,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":50669,"proto":"UDP","dns":{"type":"answer","id":59711,"rcode":"NOERROR","rrname":"ii.doshimotai.ru","rrtype":"A","ttl":2180,"rdata":"81.177.140.55"}}
{"timestamp":"2019-03-24T14:33:42.909643+0000","flow_id":1354218577769051,"pcap_cnt":260,"event_type":"tls","src_ip":"192.168.100.158","src_port":49294,"dest_ip":"81.177.140.55","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.140.55","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:43.022177+0000","flow_id":2128841699384498,"pcap_cnt":268,"event_type":"http","src_ip":"192.168.100.158","src_port":49290,"dest_ip":"81.177.140.55","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ii.doshimotai.ru","url":"\/OneDrive.exe","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:46.735510+0000","flow_id":391377104550166,"pcap_cnt":599,"event_type":"dns","src_ip":"192.168.100.158","src_port":62884,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42906,"rrname":"h13.doshimotai.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:46.806254+0000","flow_id":391377104550166,"pcap_cnt":601,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":62884,"proto":"UDP","dns":{"type":"answer","id":42906,"rcode":"NOERROR","rrname":"h13.doshimotai.ru","rrtype":"A","ttl":10799,"rdata":"81.177.140.55"}}
{"timestamp":"2019-03-24T14:33:48.525833+0000","flow_id":869097726454769,"pcap_cnt":615,"event_type":"fileinfo","src_ip":"81.177.141.23","src_port":80,"dest_ip":"192.168.100.158","dest_port":49220,"proto":"TCP","http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/domekan.ru\/dataCenter","length":154},"app_proto":"http","fileinfo":{"filename":"\/dataCenter","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:48.894615+0000","flow_id":314200837265338,"pcap_cnt":619,"event_type":"http","src_ip":"192.168.100.158","src_port":49370,"dest_ip":"185.62.189.136","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"185.62.189.136","url":"\/start\/stat.php","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:50.412330+0000","flow_id":1474997352938127,"pcap_cnt":762,"event_type":"fileinfo","src_ip":"81.177.6.123","src_port":80,"dest_ip":"192.168.100.158","dest_port":49251,"proto":"TCP","http":{"hostname":"kifge43.ru","url":"\/MatherFuckerAv.dll","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/kifge43.ru\/MatherFuckerAv.dll","length":154},"app_proto":"http","fileinfo":{"filename":"\/MatherFuckerAv.dll","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:50.973521+0000","flow_id":624361900651420,"pcap_cnt":1280,"event_type":"http","src_ip":"192.168.100.158","src_port":49385,"dest_ip":"185.180.197.55","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"185.180.197.55","url":"\/loadbase1.php","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.617380+0000","flow_id":113634454760356,"pcap_cnt":1281,"event_type":"dns","src_ip":"192.168.100.158","src_port":55045,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59112,"rrname":"davidich.life","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.629687+0000","flow_id":114635182152631,"pcap_cnt":1282,"event_type":"dns","src_ip":"192.168.100.158","src_port":61925,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21813,"rrname":"davidich.life","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.630907+0000","flow_id":113634454760356,"pcap_cnt":1283,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55045,"proto":"UDP","dns":{"type":"answer","id":59112,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"185.231.155.109"}}
{"timestamp":"2019-03-24T14:33:51.630907+0000","flow_id":113634454760356,"pcap_cnt":1283,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55045,"proto":"UDP","dns":{"type":"answer","id":59112,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"95.142.46.246"}}
{"timestamp":"2019-03-24T14:33:51.656743+0000","flow_id":114635182152631,"pcap_cnt":1285,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":61925,"proto":"UDP","dns":{"type":"answer","id":21813,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"95.142.46.246"}}
{"timestamp":"2019-03-24T14:33:51.656743+0000","flow_id":114635182152631,"pcap_cnt":1285,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":61925,"proto":"UDP","dns":{"type":"answer","id":21813,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"185.231.155.109"}}
{"timestamp":"2019-03-24T14:33:51.752605+0000","flow_id":1450898292190721,"pcap_cnt":1304,"event_type":"http","src_ip":"192.168.100.158","src_port":49425,"dest_ip":"185.231.155.109","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.784697+0000","flow_id":1450898292190721,"pcap_cnt":1317,"event_type":"fileinfo","src_ip":"185.231.155.109","src_port":80,"dest_ip":"192.168.100.158","dest_port":49425,"proto":"TCP","http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":7108},"app_proto":"http","fileinfo":{"filename":"\/1\/good.txt","gaps":false,"state":"CLOSED","stored":false,"size":7108,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.809784+0000","flow_id":434794929281848,"pcap_cnt":1318,"event_type":"dns","src_ip":"192.168.100.158","src_port":55582,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12167,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.810010+0000","flow_id":584461654645786,"pcap_cnt":1319,"event_type":"dns","src_ip":"192.168.100.158","src_port":56574,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16936,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.813695+0000","flow_id":1450898292190721,"pcap_cnt":1331,"event_type":"http","src_ip":"192.168.100.158","src_port":49425,"dest_ip":"185.231.155.109","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.814811+0000","flow_id":1013464463011547,"pcap_cnt":1332,"event_type":"dns","src_ip":"192.168.100.158","src_port":55941,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18890,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.823262+0000","flow_id":584461654645786,"pcap_cnt":1333,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":56574,"proto":"UDP","dns":{"type":"answer","id":16936,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":619,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.823262+0000","flow_id":584461654645786,"pcap_cnt":1333,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":56574,"proto":"UDP","dns":{"type":"answer","id":16936,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":5,"rdata":"159.53.84.131"}}
{"timestamp":"2019-03-24T14:33:51.828342+0000","flow_id":1013464463011547,"pcap_cnt":1337,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55941,"proto":"UDP","dns":{"type":"answer","id":18890,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":159,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.828342+0000","flow_id":1013464463011547,"pcap_cnt":1337,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55941,"proto":"UDP","dns":{"type":"answer","id":18890,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":6,"rdata":"159.53.62.96"}}
{"timestamp":"2019-03-24T14:33:51.897965+0000","flow_id":2166963829709361,"pcap_cnt":1349,"event_type":"tls","src_ip":"192.168.100.158","src_port":49430,"dest_ip":"159.53.84.131","dest_port":443,"proto":"TCP","tls":{"subject":"CN=159.53.84.131","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:51.907564+0000","flow_id":434794929281848,"pcap_cnt":1350,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55582,"proto":"UDP","dns":{"type":"answer","id":12167,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":2780,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.907564+0000","flow_id":434794929281848,"pcap_cnt":1350,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55582,"proto":"UDP","dns":{"type":"answer","id":12167,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":19,"rdata":"159.53.116.245"}}
{"timestamp":"2019-03-24T14:33:51.910171+0000","flow_id":1450898292190721,"pcap_cnt":1356,"event_type":"fileinfo","src_ip":"185.231.155.109","src_port":80,"dest_ip":"192.168.100.158","dest_port":49425,"proto":"TCP","http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":7057},"app_proto":"http","fileinfo":{"fil

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-03-25-T-14-12-53-03252019.1412-1234567.pcap.txt - (425 bytes) - download
1
2
03/24/2019-14:33:41.488274  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.158:49266 -> 185.194.141.58:80
03/24/2019-14:33:41.488274  [**] [1:2823676:2] ETPRO TROJAN W32/Quasar 1.3 RAT Connectivity Check [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.158:49266 -> 185.194.141.58:80


keyword_perf.log - (13836 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/25/2019 -- 14:12:53
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             21808344        7046            7046            77650           3095.00         3095.00         0.00           
  content          101625431       12595           6171            249965          8068.00         8833.00         7333.00        
  pcre             19906999        5762            335             728868          3454.00         3945.00         3424.00        
  byte_test        946050          287             88              20128           3296.00         3586.00         3168.00        
  byte_jump        538852          176             3               12158           3061.00         2797.00         3066.00        
  isdataat         37116           13              0               3321            2855.00         0.00            2855.00        
  flowbits         8188646         2866            101             39623           2857.00         3840.00         2821.00        
  urilen           1918471         584             175             52877           3285.00         3621.00         3141.00        
  byte_extract     373611          119             119             15446           3139.00         3139.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             21808344        7046            7046            77650           3095.00         3095.00         0.00           
  flowbits         7830577         2774            9               39623           2822.00         3317.00         2821.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22893193        6227            2331            82360           3676.00         4077.00         3436.00        
  pcre             3202484         910             232             30103           3519.00         3212.00         3624.00        
  byte_test        855000          256             69              20128           3339.00         3740.00         3192.00        
  byte_jump        538852          176             3               12158           3061.00         2797.00         3066.00        
  isdataat         37116           13              0               3321            2855.00         0.00            2855.00        
  byte_extract     373611          119             119             15446           3139.00         3139.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         358069          92              92              19003           3892.00         3892.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5461899         1445            923             45650           3779.00         3906.00         3555.00        
  pcre             3514256         475             87              728868          7398.00         5324.00         7863.00        
  urilen           1918471         584             175             52877           3285.00         3621.00         3141.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14308           4               4               5074            3577.00         3577.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          220521          69              0               16975           3195.00         0.00            3195.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          64101104        2343            860             249965          27358.00        39512.00        20310.00       
  pcre             12618464        4303            0               54045           2932.00         0.00            2932.00        
  byte_test        91050           31              19              5172            2937.00         3027.00         2793.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6426570         1799            1563            39746           3572.00         3558.00         3664.00        
  pcre             519231          70              16              32163           7417.00         7079.00         7517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1155195         294             288             63851           3929.00         3941.00         3362.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7492            2               0               3787            3746.00         0.00            3746.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          112843          28              28              13845           4030.00         4030.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          867585          276             100             19489           3143.00         3512.00         2933.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          49653           13              9               4568            3819.00         3910.00         3614.00        
  pcre             23269           2               0               12395           11634.00        0.00            11634.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16242           5               3               3474            3248.00         3370.00         3066.00        
  pcre             29295           2               0               22752           14647.00        0.00            14647.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          298826          90              62              17547           3320.00         3264.00         3443.00        


unified2.alert.1553523171 - (588 bytes) - download
1
2
3
4
5
6
7
8
9
4\—•EsRÚÂ!À¨dž¹Â:ÀrPâ\—•E\—•EsRÆE¸MýÀ¨dž¹Â:ÀrPP‰MGET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

4\—•EsR+üÀ¨dž¹Â:ÀrPâ\—•E\—•EsRÆE¸MýÀ¨dž¹Â:ÀrPP‰MGET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-03-25 14:12:29,246 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-25 14:12:29,988 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-25 14:12:29,988 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-25 14:12:29,988 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-25 14:12:29,988 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-25 14:12:29,989 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/59b13420275980705c373edd7925b3f656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03252019.1412-1234567.pcap -vvv -k none
2019-03-25 14:12:53,301 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-25 14:12:53,301 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.0633919239