Filename: 1234567.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.99779295921 seconds
Hash: 59b13420275980705c373edd7925b3f6
Uploaded: 1553523456

Logfiles


suricata-4.0.0-etopen-all-alert-2019-03-25-T-14-17-45-03252019.1412-1234567.pcap.txt - (211 bytes) - download
1
03/24/2019-14:33:41.488274  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.158:49266 -> 185.194.141.58:80


suricata-4.0.0-etopen-all-perf.txt-2019-03-25-T-14-17-45-03252019.1412-1234567.pcap.txt - (47830 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/25/2019 -- 14:17:45. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021946      1        2        12005666     7.55   58       0        3384901     206994.24   0.00        206994.24  
  2        2018342      1        2        15820247     9.94   128      0        514743      123595.68   0.00        123595.68  
  3        2019833      1        7        8885106      5.58   58       0        236493      153191.48   0.00        153191.48  
  4        2023476      1        5        8739686      5.49   58       0        217174      150684.24   0.00        150684.24  
  5        2017500      1        2        2127852      1.34   14       0        194816      151989.43   0.00        151989.43  
  6        2017502      1        2        2133811      1.34   14       0        193809      152415.07   0.00        152415.07  
  7        2017501      1        2        2172298      1.37   14       0        191715      155164.14   0.00        155164.14  
  8        2016174      1        3        889996       0.56   6        0        172751      148332.67   0.00        148332.67  
  9        2019832      1        4        4884486      3.07   58       0        170778      84215.28    0.00        84215.28   
  10       2017499      1        2        1781959      1.12   14       0        153777      127282.79   0.00        127282.79  
  11       2024031      1        2        579652       0.36   5        0        146478      115930.40   0.00        115930.40  
  12       2017748      1        6        876418       0.55   52       0        136280      16854.19    0.00        16854.19   
  13       2018005      1        6        3665497      2.30   58       0        124389      63198.22    0.00        63198.22   
  14       2016537      1        2        10640460     6.69   492      74       115124      21626.95    62711.47    14353.61   
  15       2024829      1        2        1351325      0.85   59       0        102028      22903.81    0.00        22903.81   
  16       2012707      1        5        1591499      1.00   67       0        94399       23753.72    0.00        23753.72   
  17       2021418      1        9        561786       0.35   14       0        92293       40127.57    0.00        40127.57   
  18       2017731      1        3        1296251      0.81   55       0        91934       23568.20    0.00        23568.20   
  19       2022627      1        12       2994481      1.88   58       0        91439       51628.98    0.00        51628.98   
  20       2022535      1        11       2968060      1.87   58       0        78046       51173.45    0.00        51173.45   
  21       2020691      1        1        76882        0.05   1        0        76882       76882.00    0.00        76882.00   
  22       2020765      1        2        100916       0.06   2        0        75917       50458.00    0.00        50458.00   
  23       2016948      1        2        3428383      2.15   231      0        75234       14841.48    0.00        14841.48   
  24       2018457      1        1        2443419      1.54   58       0        74535       42127.91    0.00        42127.91   
  25       2013664      1        4        418411       0.26   12       0        73060       34867.58    0.00        34867.58   
  26       2015872      1        6        70458        0.04   1        0        70458       70458.00    0.00        70458.00   
  27       2022197      1        3        433969       0.27   14       0        69699       30997.79    0.00        30997.79   
  28       2024771      1        1        4585653      2.88   532      0        67719       8619.65     0.00        8619.65    
  29       2014442      1        6        507721       0.32   12       0        66107       42310.08    0.00        42310.08   
  30       2018421      1        2        92916        0.06   2        0        65529       46458.00    0.00        46458.00   
  31       2021718      1        4        450569       0.28   12       0        64193       37547.42    0.00        37547.42   
  32       2017552      1        6        7542809      4.74   493      0        63595       15299.82    0.00        15299.82   
  33       2022552      1        2        2937178      1.85   143      0        62232       20539.71    0.00        20539.71   
  34       2015877      1        6        436147       0.27   14       0        61286       31153.36    0.00        31153.36   
  35       2014967      1        3        360846       0.23   14       0        61110       25774.71    0.00        25774.71   
  36       2017190      1        6        81924        0.05   2        0        60718       40962.00    0.00        40962.00   
  37       2014701      1        12       319827       0.20   22       0        60688       14537.59    0.00        14537.59   
  38       2020800      1        2        183325       0.12   6        0        59635       30554.17    0.00        30554.17   
  39       2017295      1        6        183936       0.12   4        0        57863       45984.00    0.00        45984.00   
  40       2024139      1        2        433749       0.27   13       0        57391       33365.31    0.00        33365.31   
  41       2010142      1        4        116085       0.07   22       0        57346       5276.59     0.00        5276.59    
  42       2022239      1        4        78108        0.05   2        0        56949       39054.00    0.00        39054.00   
  43       2023349      1        2        132336       0.08   7        0        56407       18905.14    0.00        18905.14   
  44       2024135      1        2        434621       0.27   13       0        55666       33432.38    0.00        33432.38   
  45       2024138      1        2        429901       0.27   13       0        54622       33069.31    0.00        33069.31   
  46       2018055      1        3        2286288      1.44   263      0        54407       8693.11     0.00        8693.11    
  47       2014519      1        7        1457963      0.92   67       0        54105       21760.64    0.00        21760.64   
  48       2017703      1        3        1198285      0.75   55       0        53422       21787.00    0.00        21787.00   
  49       2019094      1        5        453663       0.29   14       0        53085       32404.50    0.00        32404.50   
  50       2016706      1        20       515443       0.32   14       0        52757       36817.36    0.00        36817.36   
  51       2021067      1        2        548735       0.34   14       14       52652       39195.36    39195.36    0.00       
  52       2024134      1        2        411048       0.26   13       0        52506       31619.08    0.00        31619.08   
  53       2019607      1        2        402158       0.25   12       0        52306       33513.17    0.00        33513.17   
  54       2014703      1        9        258764       0.16   22       0        51466       11762.00    0.00        11762.00   
  55       2017454      1        12       457226       0.29   12       0        50925       38102.17    0.00        38102.17   
  56       2018403      1        10       98516        0.06   2        0        50596       49258.00    0.00        49258.00   
  57       2024133      1        2        423500       0.27   13       0        50541       32576.92    0.00        32576.92   
  58       2017036      1        3        283979       0.18   12       0        50178       23664.92    0.00        23664.92   
  59       2023083      1        2        2230035      1.40   74       0        49554       30135.61    0.00        30135.61   
  60       2014363      1        7        140509       0.09   8        0        49149       17563.62    0.00        17563.62   
  61       2017456      1        3        399474       0.25   12       0        48440       33289.50    0.00        33289.50   
  62       2016143      1        3        819775       0.52   47       0        48145       17442.02    0.00        17442.02   
  63       2016141      1        5        94561        0.06   2        0        47904       47280.50    0.00        47280.50   
  64       2024136      1        2        412449       0.26   13       0        47887       31726.85    0.00        31726.85   
  65       2024137      1        2        433908       0.27   13       0        47467       33377.54    0.00        33377.54   
  66       2017114      1        5        173014       0.11   4        0        47357       43253.50    0.00        43253.50   
  67       2022283      1        1        373481       0.23   12       0        46938       31123.42    0.00        31123.42   
  68       2022896      1        5        90049        0.06   2        0        46335       45024.50    0.00        45024.50   
  69       2024142      1        2        425593       0.27   13       0        46204       32737.92    0.00        32737.92   
  70       2022942      1        2        81651        0.05   2        0        45600       40825.50    0.00        40825.50   
  71       2017076      1        9        442777       0.28   12       0        45058       36898.08    0.00        36898.08   
  72       2020297      1        2        434744       0.27   30       0        44559       14491.47    0.00        14491.47   
  73       2014473      1        5        774258       0.49   52       0        44268       14889.58    0.00        14889.58   
  74       2021413      1        2        435088       0.27   14       0        44212       31077.71    0.00        31077.71   
  75       2017876      1        3        81752        0.05   2        0        41805       40876.00    0.00        40876.00   
  76       2014405      1        10       162736       0.10   5        0        41792       32547.20    0.00        32547.20   
  77       2022830      1        2        77530        0.05   2        0        41585       38765.00    0.00        38765.00   
  78       2025064      1        5        41220        0.03   1        0        41220       41220.00    0.00        41220.00   
  79       2019083      1        2        66736        0.04   2        0        40977       33368.00    0.00        33368.00   
  80       2017693      1        2        162690       0.10   4        0        40907       40672.50    0.00        40672.50   
  81       2018125      1        5        137677       0.09   6        0        40905       22946.17    0.00        22946.17   
  82       2020661      1        3        51509        0.03   2        0        40800       25754.50    0.00        25754.50   
  83       2020962      1        3        344361       0.22   12       0        40691       28696.75    0.00        28696.75   
  84       2016809      1        5        327399       0.21   14       0        40665       23385.64    0.00        23385.64   
  85       2021607      1        6        79319        0.05   2        0        40651       39659.50    0.00        39659.50   
  86       2021399      1        3        337777       0.21   12       0        40220       28148.08    0.00        28148.08   
  87       2023583      1        4        40203        0.03   1        0        40203       40203.00    0.00        40203.00   
  88       2020181      1        8        417705       0.26   14       0        40066       29836.07    0.00        29836.07   
  89       2020964      1        2        350916       0.22   12       0        39924       29243.00    0.00        29243.00   
  90       2009702      1        5        315176       0.20   22       0        39865       14326.18    0.00        14326.18   
  91       2024777      1        2        510502       0.32   171      0        39551       2985.39     0.00        2985.39    
  92       2020963      1        2        349067       0.22   12       0        39516       29088.92    0.00        29088.92   
  93       2018637      1        2        63252        0.04   2        0        39400       31626.00    0.00        31626.00   
  94       2022658      1        4        75092        0.05   2        0        39128       37546.00    0.00        37546.00   
  95       2020767      1        2        75535        0.05   3        0        39002       25178.33    0.00        25178.33   
  96       2102523      1        8        307716       0.19   74       0        37990       4158.32     0.00        4158.32    
  97       2020573      1        2        71895        0.05   2        2        37928       35947.50    35947.50    0.00       
  98       2024140      1        2        413249       0.26   13       0        37733       31788.38    0.00        31788.38   
  99       2020778      1        2        117583       0.07   4        0        37678       29395.75    0.00        29395.75   
  100      2022550      1        16       71964        0.05   2        0        37528       35982.00    0.00        35982.00   
  101      2019714      1        10       66358        0.04   2        0        37221       33179.00    0.00        33179.00   
  102      2020693      1        1        56355        0.04   2        0        36742       28177.50    0.00        28177.50   
  103      2018485      1        3        47163        0.03   2        0        36633       23581.50    0.00        23581.50   
  104      2016029      1        3        72347        0.05   2        0        36521       36173.50    0.00        36173.50   
  105      2018581      1        3        65078        0.04   2        0        36350       32539.00    0.00        32539.00   
  106      2020826      1        7        71676        0.05   2        0        36339       35838.00    0.00        35838.00   
  107      2022940      1        2        65233        0.04   2        0        36175       32616.50    0.00        32616.50   
  108      2020780      1        2        36139        0.02   1        0        36139       36139.00    0.00        36139.00   
  109      2020612      1        3        113833       0.07   4        0        35657       28458.25    0.00        28458.25   
  110      2022901      1        2        418888       0.26   14       0        35521       29920.57    0.00        29920.57   
  111      2022482      1        3        65174        0.04   2        0        35419       32587.00    0.00        32587.00   
  112      2018069      1        1        35347        0.02   1        0        35347       35347.00    0.00        35347.00   
  113      2023316      1        2        201285       0.13   9        0        35057       22365.00    0.00        22365.00   
  114      2012649      1        5        173219       0.11   5        0        35051       34643.80    0.00        34643.80   
  115      2018085      1        2        51726        0.03   2        0        34957       25863.00    0.00        25863.00   
  116      2024650      1        1        3070010      1.93   219      0        34917       14018.31    0.00        14018.31   
  117      2015547      1        4        55681        0.03   2        0        34910       27840.50    0.00        27840.50   
  118      2015835      1        7        56158        0.04   2        0        34853       28079.00    0.00        28079.00   
  119      2022941      1        2        34644        0.02   1        0        34644       34644.00    0.00        34644.00   
  120      2017556      1        3        403292       0.25   12       0        34609       33607.67    0.00        33607.67   
  121      2020941      1        2        68811        0.04   2        0        34576       34405.50    0.00        34405.50   
  122      2020776      1        2        112324       0.07   4        0        34432       28081.00    0.00        28081.00   
  123      2024141      1        2        389531       0.24   13       0        33598       29963.92    0.00        29963.92   
  124      2019378      1        12       263881       0.17   12       0        33591       21990.08    0.00        21990.08   
  125      2017707      1        4        3

This file has been truncated. Go here to download in full.


packet_stats.log - (15435 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3454          4525131      644924838     384005011       1326.4b   99.57
 IPv4      17            28          5723081      528263406     201134691          5.6b    0.42
 IPv6      17             3          5837143       21541247      11160718         33.5m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3454            66273       13527543        217993        753.0m   92.66
TMM_FLOWWORKER              IPv4      17            28           115374        8326573        651759         18.2m    2.25
TMM_RECEIVEPCAPFILE         IPv4       6          3354             2534       12003985          6499         21.8m    2.68
TMM_RECEIVEPCAPFILE         IPv4      17            28             2545           9538          3075         86.1k    0.01
TMM_DECODEPCAPFILE          IPv4       6          3354             2645        4535925          5605         18.8m    2.31
TMM_DECODEPCAPFILE          IPv4      17            28             2713          28771          4074        114.1k    0.01
TMM_FLOWWORKER              IPv6      17             3           110316         279566        175201        525.6k    0.06
TMM_RECEIVEPCAPFILE         IPv6      17             3             2605           3004          2802          8.4k    0.00
TMM_DECODEPCAPFILE          IPv6      17             3             2833          15498          7202         21.6k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3354             2816          82396          3355         11.3m  1.61  
flow                    IPv4      17            28             2858          30399          5362        150.1k  0.02  
stream                  IPv4       6          3454             2713       13421442         16477         56.9m  8.15  
app-layer               IPv4      17            28             2592          36195         15986        447.6k  0.06  
detect                  IPv4       6          3454            44660        8755482        176638        610.1m  87.41 
detect                  IPv4      17            28            98530         484876        286559          8.0m  1.15  
tcp-prune               IPv4       6          3454             2540         109187          3068         10.6m  1.52  
flow                    IPv6      17             3             3866           9504          6059         18.2k  0.00  
app-layer               IPv6      17             3             2599          11276          7783         23.4k  0.00  
detect                  IPv6      17             3            87403         252286        150304        450.9k  0.06  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             3012          42575          9340        177.5k  32.51 
tls                     IPv4       6            76             2630           3913          2886        219.4k  40.19 
dns                     IPv4      17            22             3621          22176          6772        149.0k  27.30 
Proto detect            IPv4       6             2             4599          18267         11433         22.9k
Proto detect            IPv4      17            22             2888          27089          7872        173.2k
Proto detect            IPv6      17             2             3210           5282          4246          8.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           117367         117367        117367        117.4k  0.53  
LOGGER_UNIFIED2             IPv4       6             1           180698         180698        180698        180.7k  0.82  
LOGGER_JSON_ALERT           IPv4       6             1            87670          87670         87670         87.7k  0.40  
LOGGER_JSON_DNS             IPv4      17            22            30006        7778424        415551          9.1m  41.38 
LOGGER_JSON_HTTP            IPv4       6            73            30660         153621         62039          4.5m  20.50 
LOGGER_JSON_TLS             IPv4       6            59             4019          86266         48730          2.9m  13.01 
LOGGER_JSON_FILE            IPv4       6            58            54361         207942         88967          5.2m  23.36 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1666             2553        8644130         25351        42.2m  28.24 
payload                           IPv4      17            28             3269          43334         17307       484.6k  0.32  
stream                            IPv4       6          1666             2521        5699061         25098        41.8m  27.96 
http_uri                          IPv4       6            75             3431          65719         12075       905.6k  0.61  
http_request_line                 IPv4       6            75             2971          17875          5306       398.0k  0.27  
http_client_body                  IPv4       6            75             2735           4201          3167       237.6k  0.16  
http_header (request)             IPv4       6            75             3306          44301          8632       647.4k  0.43  
http_header (request trailer)     IPv4       6            75             2557          30923          3017       226.3k  0.15  
http_header_names (request)       IPv4       6            75             3347          22670          5745       430.9k  0.29  
http_accept (request)             IPv4       6            75             2723          35491          4099       307.5k  0.21  
http_referer (request)            IPv4       6            75             2647          20296          3240       243.0k  0.16  
http_content_len (request)        IPv4       6            75             2669           3984          3070       230.3k  0.15  
http_content_type (request)       IPv4       6            75             2662          22259          3267       245.0k  0.16  
http_start (request)              IPv4       6            75             3311          35159          6287       471.6k  0.32  
http_raw_header (request)         IPv4       6            75             5534          21490          7024       526.8k  0.35  
http_method                       IPv4       6            75             2655           5004          3460       259.5k  0.17  
http_cookie (request)             IPv4       6            75             2671          17217          3221       241.6k  0.16  
http_raw_uri                      IPv4       6            75             2727           7133          4253       319.0k  0.21  
http_user_agent                   IPv4       6            75             2660          20752          3149       236.2k  0.16  
http_host                         IPv4       6            75             2826          20257          5158       386.9k  0.26  
dns_query                         IPv4      17            11             3159          25823          9350       102.9k  0.07  
tls_sni                           IPv4       6            59             2931          51450          5792       341.8k  0.23  
http_response_line                IPv4       6            71             3218           9753          5398       383.3k  0.26  
http_header (response)            IPv4       6            71            11284          47997         21384         1.5m  1.02  
http_header (response trailer)    IPv4       6            71             2601          43266          3397       241.2k  0.16  
http_content_type (response)      IPv4       6            71             2880          21250          4090       290.4k  0.19  
http_raw_header (response)        IPv4       6           696             3812          30277          4888         3.4m  2.27  
http_cookie (response)            IPv4       6            71             2904          15707          3376       239.8k  0.16  
http_stat_code                    IPv4       6            71             2908          16492          3758       266.8k  0.18  
tls_cert_issuer                   IPv4       6            59             2621          73375          6750       398.3k  0.27  
tls_cert_subject                  IPv4       6            59             2916          16873          4134       243.9k  0.16  
tls_cert_serial                   IPv4       6            59             2816          17494          4230       249.6k  0.17  
file_data (http response)         IPv4       6           696             2564         854091         73277        51.0m  34.10 
Total                             IPv4                  6700                                         22317       149.5m
payload                           IPv6      17             3             3402          28525         13168        39.5k  0.03  
Total                             IPv6                     3                                         13168        39.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           144             3396          58964         21455          3.1m  0.41  
PROF_DETECT_IPONLY          IPv4      17            24            19327          53208         30400        729.6k  0.10  
PROF_DETECT_RULES           IPv4       6          3454             2520        3919673         53761        185.7m  24.43 
PROF_DETECT_RULES           IPv4      17            28            39928         304444        157088          4.4m  0.58  
PROF_DETECT_STATEFUL_START    IPv4       6           781             5104         947918         63581         49.7m  6.53  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3454             2509        6876105          7870         27.2m  3.58  
PROF_DETECT_STATEFUL_CONT    IPv4      17            28             2757          35379          5378        150.6k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3143             2545          56004          2850          9.0m  1.18  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            22             2608           3260          2822         62.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          3454             7769        8698528         69122        238.7m  31.41 
PROF_DETECT_PREFILTER       IPv4      17            28            23955          81620         49339          1.4m  0.18  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1666            13551        8658102         58758         97.9m  12.88 
PROF_DETECT_PF_PAYLOAD      IPv4      17            28             8391          48414         22589        632.5k  0.08  
PROF_DETECT_PF_TX           IPv4       6          3143             2546         867054         26897         84.5m  11.12 
PROF_DETECT_PF_TX           IPv4      17            11             8427          31581         15064        165.7k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          1010             2516          41781          3214          3.2m  0.43  
PROF_DETECT_PF_SORT1        IPv4      17            28             2612           4425          3742        104.8k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6          3454             2508         396076          3026         10.5m  1.38  
PROF_DETECT_PF_SORT2        IPv4      17            28             2533           4142          3181         89.1k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          3454             2519          59283          2978         10.3m  1.35  
PROF_DETECT_NONMPMLIST      IPv4      17            28             2586           4531          3202         89.7k  0.01  
PROF_DETECT_ALERT           IPv4       6          3454             2513          63828          2832          9.8m  1.29  
PROF_DETECT_ALERT           IPv4      17            28             2529          19984          3660        102.5k  0.01  
PROF_DETECT_CLEANUP         IPv4       6          3454             2553          52291          2957         10.2m  1.34  
PROF_DETECT_CLEANUP         IPv4      17            28             2555          18885          4078        114.2k  0.02  
PROF_DETECT_GETSGH          IPv4       6          3454             2516         385350          3359         11.6m  1.53  
PROF_DETECT_GETSGH          IPv4      17            28             2798          21061          6246        174.9k  0.02  
PROF_DETECT_IPONLY          IPv6      17             2             7121           8524          7822         15.6k  0.00  
PROF_DETECT_RULES           IPv6      17             3            28960         132610         64219        192.7k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv6      17             3             2580           2779          2712          8.1k  0.00  
PROF_DETECT_PREFILTER       IPv6      17             3            24294          51112         34846        104.5k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv6      17             3             8456          33576         18320         55.0k  0.01  
PROF_DETECT_PF_SORT1        IPv6      17             3             2651           3770          3142          9.4k  0.00  
PROF_DETECT_PF_SORT2        IPv6      17             3             2559           3298          2823          8.5k  0.00  
PROF_DETECT_NONMPMLIST      IPv6      17             3             2712           2974          2826          8.5k  0.00  
PROF_DETECT_ALERT           IPv6      17             3             2536           2579          2555          7.7k  0.00  
PROF_DETECT_CLEANUP         IPv6      17             3             2570           4161          3188          9.6k  0.00  
PROF_DETECT_GETSGH          IPv6      17             3             2822          20522         10025         30.1k  0.00  


stats.log - (3153 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 3/25/2019 -- 14:17:45 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3400
decoder.bytes                              | Total                     | 2160704
decoder.ipv4                               | Total                     | 3382
decoder.ipv6                               | Total                     | 3
decoder.ethernet                           | Total                     | 3400
decoder.tcp                                | Total                     | 3354
decoder.udp                                | Total                     | 31
decoder.avg_pkt_size                       | Total                     | 635
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 72
flow.udp                                   | Total                     | 15
tcp.sessions                               | Total                     | 72
tcp.syn                                    | Total                     | 72
tcp.synack                                 | Total                     | 72
tcp.rst                                    | Total                     | 43
tcp.overlap                                | Total                     | 22
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 10
app_layer.tx.http                          | Total                     | 75
app_layer.flow.tls                         | Total                     | 58
app_layer.flow.failed_tcp                  | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 11
app_layer.tx.dns_udp                       | Total                     | 11
app_layer.flow.failed_udp                  | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 34
flow_mgr.flows_notimeout                   | Total                     | 34
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65502
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7090432


eve.json - (80398 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2019-03-24T14:33:34.999564+0000","flow_id":852660886323340,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.100.158","src_port":55520,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10326,"rrname":"domekan.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:35.013051+0000","flow_id":852660886323340,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55520,"proto":"UDP","dns":{"type":"answer","id":10326,"rcode":"NOERROR","rrname":"domekan.ru","rrtype":"A","ttl":10048,"rdata":"81.177.141.23"}}
{"timestamp":"2019-03-24T14:33:35.488265+0000","flow_id":866778443891234,"pcap_cnt":23,"event_type":"http","src_ip":"192.168.100.158","src_port":49174,"dest_ip":"81.177.141.23","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:35.510108+0000","flow_id":866778443891234,"pcap_cnt":24,"event_type":"fileinfo","src_ip":"81.177.141.23","src_port":80,"dest_ip":"192.168.100.158","dest_port":49174,"proto":"TCP","http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/domekan.ru\/dataCenter","length":154},"app_proto":"http","fileinfo":{"filename":"\/dataCenter","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:35.795990+0000","flow_id":665065304838200,"pcap_cnt":30,"event_type":"tls","src_ip":"192.168.100.158","src_port":49175,"dest_ip":"81.177.141.23","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.141.23","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:38.552772+0000","flow_id":2138337871791037,"pcap_cnt":56,"event_type":"tls","src_ip":"192.168.100.158","src_port":49225,"dest_ip":"81.177.141.23","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.141.23","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:38.738254+0000","flow_id":556071919987697,"pcap_cnt":60,"event_type":"http","src_ip":"192.168.100.158","src_port":49220,"dest_ip":"81.177.141.23","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:40.197714+0000","flow_id":230393139954770,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.100.158","src_port":55002,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42542,"rrname":"kifge43.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:40.211014+0000","flow_id":230393139954770,"pcap_cnt":75,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55002,"proto":"UDP","dns":{"type":"answer","id":42542,"rcode":"NOERROR","rrname":"kifge43.ru","rrtype":"A","ttl":8965,"rdata":"81.177.6.123"}}
{"timestamp":"2019-03-24T14:33:40.403280+0000","flow_id":1417625179787998,"pcap_cnt":90,"event_type":"tls","src_ip":"192.168.100.158","src_port":49254,"dest_ip":"81.177.6.123","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.6.123","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:40.600391+0000","flow_id":1135939749689999,"pcap_cnt":97,"event_type":"http","src_ip":"192.168.100.158","src_port":49251,"dest_ip":"81.177.6.123","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"kifge43.ru","url":"\/MatherFuckerAv.dll","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:41.137488+0000","flow_id":618782737635600,"pcap_cnt":222,"event_type":"dns","src_ip":"192.168.100.158","src_port":63133,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53095,"rrname":"ip-api.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:41.157789+0000","flow_id":618782737635600,"pcap_cnt":223,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":63133,"proto":"UDP","dns":{"type":"answer","id":53095,"rcode":"NOERROR","rrname":"ip-api.com","rrtype":"A","ttl":99,"rdata":"185.194.141.58"}}
{"timestamp":"2019-03-24T14:33:41.488274+0000","flow_id":1698765149137682,"pcap_cnt":231,"event_type":"alert","src_ip":"192.168.100.158","src_port":49266,"dest_ip":"185.194.141.58","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022082,"rev":3,"signature":"ET POLICY External IP Lookup ip-api.com","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-03-24T14:33:41.488274+0000","flow_id":1698765149137682,"pcap_cnt":231,"event_type":"http","src_ip":"192.168.100.158","src_port":49266,"dest_ip":"185.194.141.58","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.3; rv:48.0) Gecko\/20100101 Firefox\/48.0","http_content_type":"application\/json"}}
{"timestamp":"2019-03-24T14:33:41.518189+0000","flow_id":1698765149137682,"pcap_cnt":232,"event_type":"fileinfo","src_ip":"185.194.141.58","src_port":80,"dest_ip":"192.168.100.158","dest_port":49266,"proto":"TCP","http":{"hostname":"ip-api.com","url":"\/json\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.3; rv:48.0) Gecko\/20100101 Firefox\/48.0","http_content_type":"application\/json","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":253},"app_proto":"http","fileinfo":{"filename":"\/json\/","gaps":false,"state":"CLOSED","stored":false,"size":253,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:42.663589+0000","flow_id":1828468866555941,"pcap_cnt":243,"event_type":"dns","src_ip":"192.168.100.158","src_port":50669,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59711,"rrname":"ii.doshimotai.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:42.678247+0000","flow_id":1828468866555941,"pcap_cnt":244,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":50669,"proto":"UDP","dns":{"type":"answer","id":59711,"rcode":"NOERROR","rrname":"ii.doshimotai.ru","rrtype":"A","ttl":2180,"rdata":"81.177.140.55"}}
{"timestamp":"2019-03-24T14:33:42.909643+0000","flow_id":1932471499666011,"pcap_cnt":260,"event_type":"tls","src_ip":"192.168.100.158","src_port":49294,"dest_ip":"81.177.140.55","dest_port":443,"proto":"TCP","tls":{"subject":"CN=81.177.140.55","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:43.022177+0000","flow_id":303648102309042,"pcap_cnt":268,"event_type":"http","src_ip":"192.168.100.158","src_port":49290,"dest_ip":"81.177.140.55","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ii.doshimotai.ru","url":"\/OneDrive.exe","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:46.735510+0000","flow_id":249333946136854,"pcap_cnt":599,"event_type":"dns","src_ip":"192.168.100.158","src_port":62884,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42906,"rrname":"h13.doshimotai.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:46.806254+0000","flow_id":249333946136854,"pcap_cnt":601,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":62884,"proto":"UDP","dns":{"type":"answer","id":42906,"rcode":"NOERROR","rrname":"h13.doshimotai.ru","rrtype":"A","ttl":10799,"rdata":"81.177.140.55"}}
{"timestamp":"2019-03-24T14:33:48.525833+0000","flow_id":556071919987697,"pcap_cnt":615,"event_type":"fileinfo","src_ip":"81.177.141.23","src_port":80,"dest_ip":"192.168.100.158","dest_port":49220,"proto":"TCP","http":{"hostname":"domekan.ru","url":"\/dataCenter","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/domekan.ru\/dataCenter","length":154},"app_proto":"http","fileinfo":{"filename":"\/dataCenter","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:48.894615+0000","flow_id":1330720811980730,"pcap_cnt":619,"event_type":"http","src_ip":"192.168.100.158","src_port":49370,"dest_ip":"185.62.189.136","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"185.62.189.136","url":"\/start\/stat.php","http_content_type":"text\/html"}}
{"timestamp":"2019-03-24T14:33:50.412330+0000","flow_id":1135939749689999,"pcap_cnt":762,"event_type":"fileinfo","src_ip":"81.177.6.123","src_port":80,"dest_ip":"192.168.100.158","dest_port":49251,"proto":"TCP","http":{"hostname":"kifge43.ru","url":"\/MatherFuckerAv.dll","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/kifge43.ru\/MatherFuckerAv.dll","length":154},"app_proto":"http","fileinfo":{"filename":"\/MatherFuckerAv.dll","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:50.973521+0000","flow_id":2217232126751644,"pcap_cnt":1280,"event_type":"http","src_ip":"192.168.100.158","src_port":49385,"dest_ip":"185.180.197.55","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"185.180.197.55","url":"\/loadbase1.php","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.617380+0000","flow_id":1649609249090468,"pcap_cnt":1281,"event_type":"dns","src_ip":"192.168.100.158","src_port":55045,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59112,"rrname":"davidich.life","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.629687+0000","flow_id":322618973461431,"pcap_cnt":1282,"event_type":"dns","src_ip":"192.168.100.158","src_port":61925,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21813,"rrname":"davidich.life","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.630907+0000","flow_id":1649609249090468,"pcap_cnt":1283,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55045,"proto":"UDP","dns":{"type":"answer","id":59112,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"185.231.155.109"}}
{"timestamp":"2019-03-24T14:33:51.630907+0000","flow_id":1649609249090468,"pcap_cnt":1283,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55045,"proto":"UDP","dns":{"type":"answer","id":59112,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"95.142.46.246"}}
{"timestamp":"2019-03-24T14:33:51.656743+0000","flow_id":322618973461431,"pcap_cnt":1285,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":61925,"proto":"UDP","dns":{"type":"answer","id":21813,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"95.142.46.246"}}
{"timestamp":"2019-03-24T14:33:51.656743+0000","flow_id":322618973461431,"pcap_cnt":1285,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":61925,"proto":"UDP","dns":{"type":"answer","id":21813,"rcode":"NOERROR","rrname":"davidich.life","rrtype":"A","ttl":0,"rdata":"185.231.155.109"}}
{"timestamp":"2019-03-24T14:33:51.752605+0000","flow_id":690577411649025,"pcap_cnt":1304,"event_type":"http","src_ip":"192.168.100.158","src_port":49425,"dest_ip":"185.231.155.109","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.784697+0000","flow_id":690577411649025,"pcap_cnt":1317,"event_type":"fileinfo","src_ip":"185.231.155.109","src_port":80,"dest_ip":"192.168.100.158","dest_port":49425,"proto":"TCP","http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":7108},"app_proto":"http","fileinfo":{"filename":"\/1\/good.txt","gaps":false,"state":"CLOSED","stored":false,"size":7108,"tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.809784+0000","flow_id":2151527717231416,"pcap_cnt":1318,"event_type":"dns","src_ip":"192.168.100.158","src_port":55582,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12167,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.810010+0000","flow_id":487103335980058,"pcap_cnt":1319,"event_type":"dns","src_ip":"192.168.100.158","src_port":56574,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16936,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.813695+0000","flow_id":690577411649025,"pcap_cnt":1331,"event_type":"http","src_ip":"192.168.100.158","src_port":49425,"dest_ip":"185.231.155.109","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-24T14:33:51.814811+0000","flow_id":1866973248974555,"pcap_cnt":1332,"event_type":"dns","src_ip":"192.168.100.158","src_port":55941,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18890,"rrname":"mfasa.chase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-24T14:33:51.823262+0000","flow_id":487103335980058,"pcap_cnt":1333,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":56574,"proto":"UDP","dns":{"type":"answer","id":16936,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":619,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.823262+0000","flow_id":487103335980058,"pcap_cnt":1333,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":56574,"proto":"UDP","dns":{"type":"answer","id":16936,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":5,"rdata":"159.53.84.131"}}
{"timestamp":"2019-03-24T14:33:51.828342+0000","flow_id":1866973248974555,"pcap_cnt":1337,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55941,"proto":"UDP","dns":{"type":"answer","id":18890,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":159,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.828342+0000","flow_id":1866973248974555,"pcap_cnt":1337,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55941,"proto":"UDP","dns":{"type":"answer","id":18890,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":6,"rdata":"159.53.62.96"}}
{"timestamp":"2019-03-24T14:33:51.897965+0000","flow_id":104391685151281,"pcap_cnt":1349,"event_type":"tls","src_ip":"192.168.100.158","src_port":49430,"dest_ip":"159.53.84.131","dest_port":443,"proto":"TCP","tls":{"subject":"CN=159.53.84.131","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-24T14:33:51.907564+0000","flow_id":2151527717231416,"pcap_cnt":1350,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55582,"proto":"UDP","dns":{"type":"answer","id":12167,"rcode":"NOERROR","rrname":"mfasa.chase.com","rrtype":"CNAME","ttl":2780,"rdata":"mfasa-chase.gslb.bankone.com"}}
{"timestamp":"2019-03-24T14:33:51.907564+0000","flow_id":2151527717231416,"pcap_cnt":1350,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.158","dest_port":55582,"proto":"UDP","dns":{"type":"answer","id":12167,"rcode":"NOERROR","rrname":"mfasa-chase.gslb.bankone.com","rrtype":"A","ttl":19,"rdata":"159.53.116.245"}}
{"timestamp":"2019-03-24T14:33:51.910171+0000","flow_id":690577411649025,"pcap_cnt":1356,"event_type":"fileinfo","src_ip":"185.231.155.109","src_port":80,"dest_ip":"192.168.100.158","dest_port":49425,"proto":"TCP","http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":7057},"app_proto":"http","fileinfo":{"filename":"\/1\/good.txt","gaps":false,"state":"CLOSED","stored":false,"size":7057,"tx_id":1}}
{"timestamp":"2019-03-24T14:33:51.912023+0000","flow_id":690577411649025,"pcap_cnt":1365,"event_type":"http","src_ip":"192.168.100.158","src_port":49425,"dest_ip":"185.231.155.109","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"davidich.life","url":"\/1\/good.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-03-

This file has been truncated. Go here to download in full.


keyword_perf.log - (12887 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/25/2019 -- 14:17:45
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9971446         3190            3190            125186          3125.00         3125.00         0.00           
  content          41972718        7516            3179            3285898         5584.00         5949.00         5316.00        
  pcre             4473635         1109            269             47842           4033.00         3761.00         4121.00        
  byte_test        779966          235             58              17929           3319.00         3791.00         3164.00        
  byte_jump        570252          173             1               28337           3296.00         3244.00         3296.00        
  isdataat         30866           11              0               3004            2806.00         0.00            2806.00        
  flowbits         2458602         794             99              33946           3096.00         3931.00         2977.00        
  urilen           891228          271             94              21138           3288.00         3484.00         3184.00        
  byte_extract     11756           3               3               4146            3918.00         3918.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9971446         3190            3190            125186          3125.00         3125.00         0.00           
  flowbits         2097557         704             9               33946           2979.00         3131.00         2977.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19513916        4657            1705            3285898         4190.00         4268.00         4144.00        
  pcre             2980222         841             232             30005           3543.00         3233.00         3661.00        
  byte_test        750057          225             53              17929           3333.00         3839.00         3177.00        
  byte_jump        570252          173             1               28337           3296.00         3244.00         3296.00        
  isdataat         30866           11              0               3004            2806.00         0.00            2806.00        
  byte_extract     11756           3               3               4146            3918.00         3918.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         361045          90              90              24276           4011.00         4011.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2157753         537             377             27374           4018.00         4188.00         3615.00        
  pcre             1313224         241             23              47842           5449.00         7098.00         5275.00        
  urilen           891228          271             94              21138           3288.00         3484.00         3184.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13273           4               4               4394            3318.00         3318.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          211483          69              0               16713           3064.00         0.00            3064.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15910901        1079            231             453088          14745.00        30142.00        10551.00       
  byte_test        29909           10              5               4725            2990.00         3276.00         2705.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3499586         979             752             32061           3574.00         3615.00         3439.00        
  pcre             167757          25              14              18371           6710.00         7025.00         6309.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77885           21              19              4399            3708.00         3765.00         3169.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6756            2               0               3450            3378.00         0.00            3378.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          537363          155             80              60186           3466.00         3161.00         3792.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8854            2               2               5058            4427.00         4427.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16800           5               3               3997            3360.00         3378.00         3332.00        
  pcre             12432           2               0               6330            6216.00         0.00            6216.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18148           6               6               3050            3024.00         3024.00         0.00           


suricata-report-2019-03-25-T-14-17-45-03252019.1412-1234567.pcap.txt - (18069 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/59b13420275980705c373edd7925b3f6d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03252019.1412-1234567.pcap -vvv -k none
elapsedtime:8.084742
stderr:
stdout:
25/3/2019 -- 14:17:37 - <Info> - Configuration node 'rule-files' redefined.
25/3/2019 -- 14:17:37 - <Notice> - This is Suricata version 4.0.0 RELEASE
25/3/2019 -- 14:17:37 - <Info> - CPUs/cores online: 1
25/3/2019 -- 14:17:37 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32899 and 'request-body-inspect-window' set to 15690 after randomization.
25/3/2019 -- 14:17:37 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33220 and 'response-body-inspect-window' set to 16725 after randomization.
25/3/2019 -- 14:17:37 - <Config> - DNS request flood protection level: 500
25/3/2019 -- 14:17:37 - <Config> - DNS per flow memcap (state-memcap): 524288
25/3/2019 -- 14:17:37 - <Config> - DNS global memcap: 16777216
25/3/2019 -- 14:17:37 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
25/3/2019 -- 14:17:37 - <Config> - preallocated 1000 hosts of size 136
25/3/2019 -- 14:17:37 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
25/3/2019 -- 14:17:37 - <Config> - using magic-file /usr/share/file/magic
25/3/2019 -- 14:17:37 - <Config> - Core dump size is unlimited.
25/3/2019 -- 14:17:37 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
25/3/2019 -- 14:17:37 - <Config> - preallocated 1000 defrag trackers of size 168
25/3/2019 -- 14:17:37 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
25/3/2019 -- 14:17:37 - <Config> - stream "prealloc-sessions": 2048 (per thread)
25/3/2019 -- 14:17:37 - <Config> - stream "memcap": 33554432
25/3/2019 -- 14:17:37 - <Config> - stream "midstream" session pickups: disabled
25/3/2019 -- 14:17:37 - <Config> - stream "async-oneside": disabled
25/3/2019 -- 14:17:37 - <Config> - stream "checksum-validation": disabled
25/3/2019 -- 14:17:37 - <Config> - stream."inline": disabled
25/3/2019 -- 14:17:37 - <Config> - stream "bypass": disabled
25/3/2019 -- 14:17:37 - <Config> - stream "max-synack-queued": 5
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly "memcap": 134217728
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly "depth": 0
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly "toserver-chunk-size": 2466
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly "toclient-chunk-size": 2474
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly.raw: enabled
25/3/2019 -- 14:17:37 - <Config> - stream.reassembly "segment-prealloc": 2048
25/3/2019 -- 14:17:37 - <Config> - Delayed detect disabled
25/3/2019 -- 14:17:37 - <Config> - pattern matchers: MPM: ac, SPM: bm
25/3/2019 -- 14:17:37 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
25/3/2019 -- 14:17:37 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
25/3/2019 -- 14:17:37 - <Config> - prefilter engines: MPM
25/3/2019 -- 14:17:37 - <Config> - IP reputation disabled
25/3/2019 -- 14:17:37 - <Perf> - Registered 148 keyword profiling counters.
25/3/2019 -- 14:17:37 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
25/3/2019 -- 14:17:37 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
25/3/2019 -- 14:17:37 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
25/3/2019 -- 14:17:38 - <Config> - No rules loaded from ET-emerging-icmp.rules.
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
25/3/2019 -- 14:17:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
25/3/2019 -- 14:17:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
25/3/2019 -- 14:17:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
25/3/2019 -- 14:17:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
25/3/2019 -- 14:17:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
25/3/2019 -- 14:17:41 - <Config> - No rules loaded from local.rules.
25/3/2019 -- 14:17:41 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
25/3/2019 -- 14:17:41 - <Info> - Threshold config parsed: 0 rule(s) found
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tcp-packet
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tcp-stream
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for udp-packet
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for other-ip
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_uri
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_request_line
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_client_body
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_response_line
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_header
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_header
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_header_names
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_header_names
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_accept
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_accept_enc
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_accept_lang
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_referer
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_connection
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_content_len
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_content_len
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_content_type
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_content_type
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_protocol
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_protocol
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_start
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_start
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_raw_header
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_raw_header
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_method
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_cookie
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_cookie
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_raw_uri
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_user_agent
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_host
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_raw_host
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_stat_msg
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_stat_code
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for dns_query
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tls_sni
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tls_cert_issuer
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tls_cert_subject
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for tls_cert_serial
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for dce_stub_data
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for dce_stub_data
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for ssh_protocol
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for ssh_protocol
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for ssh_software
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for ssh_software
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for file_data
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for file_data
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_request_line
25/3/2019 -- 14:17:41 - <Perf> - using shared mpm ctx' for http_response_line
25/3/2019 -- 14:17:41 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
25/3/2019 -- 14:17:41 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
25/3/2019 -- 14:17:41 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
25/3/2019 -- 14:17:41 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
25/3/2019 -- 14:17:41 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
25/3/2019 -- 14:17:42 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
25/3/2019 -- 14:17:42 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
25/3/2019 -- 14:17:42 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
25/3/2019 -- 14:17:43 - <Perf> - Unique rule groups: 111
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toserver TCP packet": 31
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toclient TCP packet": 20
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toserver TCP stream": 31
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toclient TCP stream": 21
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toserver UDP packet": 33
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "toclient UDP packet": 15
25/3/2019 -- 14:17:43 - <Perf> - Builtin MPM "other IP packet": 2
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_uri": 8
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_request_line": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_client_body": 6
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_response_line": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_header": 6
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_header": 3
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_header_names": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_accept": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_referer": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_content_len": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_content_type": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_content_type": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_start": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_method": 3
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_cookie": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_cookie": 2
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver http_host": 2
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver dns_query": 4
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver tls_sni": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toserver file_data": 1
25/3/2019 -- 14:17:43 - <Perf> - AppLayer MPM "toclient file_data": 5
25/3/2019 -- 14:17:43 - <Perf> - Registered 18241 rule profiling counters.
25/3/2019 -- 14:17:43 - <Info> - fast output device (regular) initialized: alert
25/3/2019 -- 14:17:43 - <Info> - eve-log output device (regular) initialized: eve.json
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'alert'
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'http'
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'dns'
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'tls'
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'files'
25/3/2019 -- 14:17:43 - <Config> - enabling 'eve-log' module 'ssh'
25/3/2019 -- 14:17:43 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
25/3/2019 -- 14:17:43 - <Info> - stats 

This file has been truncated. Go here to download in full.


unified2.alert.1553523463 - (294 bytes) - download
1
2
3
4
4\—•EsRÚÂ!À¨dž¹Â:ÀrPâ\—•E\—•EsRÆE¸MýÀ¨dž¹Â:ÀrPP‰MGET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive


IDSDeathBlossom.py.log - (1150 bytes) - download
1
2
3
4
5
6
7
8
2019-03-25 14:17:36,313 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-25 14:17:37,038 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-25 14:17:37,038 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-03-25 14:17:37,039 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-25 14:17:37,039 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-25 14:17:37,039 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/59b13420275980705c373edd7925b3f6d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03252019.1412-1234567.pcap -vvv -k none
2019-03-25 14:17:45,126 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-25 14:17:45,127 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.82617402077