Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            39          2421398       81084676      65073140          2.5b   49.45
 IPv4      17            59          7600746       75875290      36487520          2.2b   41.94
 IPv6      17            14          9216526       72487998      31558210        441.8m    8.61
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            39           116902        3360520        406875         15.9m   24.10
TMM_FLOWWORKER              IPv4      17            59           205000       23947898        764881         45.1m   68.53
TMM_RECEIVEPCAPFILE         IPv4       6            35             4442           5616          4790        167.7k    0.25
TMM_RECEIVEPCAPFILE         IPv4      17            59             4436          12720          4843        285.8k    0.43
TMM_DECODEPCAPFILE          IPv4       6            35             4562          18758          5175        181.1k    0.28
TMM_DECODEPCAPFILE          IPv4      17            59             4570          34710          5277        311.4k    0.47
TMM_FLOWWORKER              IPv6      17            14           187010         426360        267554          3.7m    5.69
TMM_RECEIVEPCAPFILE         IPv6      17            14             4426          21670          5858         82.0k    0.12
TMM_DECODEPCAPFILE          IPv6      17            14             4622          18242          5695         79.7k    0.12

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            35             4780          13586          5353        187.4k  0.31  
flow                    IPv4      17            59             4568          50112          5991        353.5k  0.58  
stream                  IPv4       6            39             5636        1069370         43896          1.7m  2.79  
app-layer               IPv4      17            59             4444          61190          7898        466.0k  0.76  
detect                  IPv4       6            39            77862        3034616        318127         12.4m  20.21 
detect                  IPv4      17            59           176978       23912432        722019         42.6m  69.38 
tcp-prune               IPv4       6            39             4458          17772          5292        206.4k  0.34  
flow                    IPv6      17            14             4776          26174          8422        117.9k  0.19  
app-layer               IPv6      17            14             4480          17898          9376        131.3k  0.21  
detect                  IPv6      17            14           158418         381406        229935          3.2m  5.24  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             4             4676           5530          4941         19.8k  27.92 
dns                     IPv4      17             2            22770          28250         25510         51.0k  72.08 
Proto detect            IPv4      17             9             4600          41394         13099        117.9k
Proto detect            IPv6      17             6             5020           8248          6205         37.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            64254          64254         64254         64.3k  6.64  
LOGGER_UNIFIED2             IPv4       6             1           118434         118434        118434        118.4k  12.24 
LOGGER_JSON_ALERT           IPv4       6             1            78400          78400         78400         78.4k  8.10  
LOGGER_JSON_DNS             IPv4      17             2            51152         515066        283109        566.2k  58.52 
LOGGER_JSON_TLS             IPv4       6             2            56944          83248         70096        140.2k  14.49 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            17             4580         249900         86148         1.5m  41.97 
payload                           IPv4      17            59             5132          91494         15389       908.0k  26.02 
stream                            IPv4       6            17             4432         456812         42308       719.2k  20.61 
dns_query                         IPv4      17             1            33172          33172         33172        33.2k  0.95  
tls_sni                           IPv4       6             5             5044          12808          8170        40.9k  1.17  
tls_cert_issuer                   IPv4       6             2             4502          17896         11199        22.4k  0.64  
tls_cert_subject                  IPv4       6             2             4620           8362          6491        13.0k  0.37  
tls_cert_serial                   IPv4       6             2             4762           8892          6827        13.7k  0.39  
Total                             IPv4                   105                                         30617         3.2m
payload                           IPv6      17            14             5362          77416         19630       274.8k  7.88  
Total                             IPv6                    14                                         19630       274.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            14658          70162         52809        211.2k  0.26  
PROF_DETECT_IPONLY          IPv4      17             9            43084         220624         78379        705.4k  0.85  
PROF_DETECT_RULES           IPv4       6            39             4442        2364364        111896          4.4m  5.27  
PROF_DETECT_RULES           IPv4      17            59            76822         536902        172820         10.2m  12.32 
PROF_DETECT_STATEFUL_START    IPv4       6             1           231160         231160        231160        231.2k  0.28  
PROF_DETECT_STATEFUL_CONT    IPv4       6            39             4408         174850         33374          1.3m  1.57  
PROF_DETECT_STATEFUL_CONT    IPv4      17            59             4384          57738          5937        350.3k  0.42  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            31             4446           5120          4560        141.4k  0.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             4710          20416         12563         25.1k  0.03  
PROF_DETECT_PREFILTER       IPv4       6            39            13722         571586         96688          3.8m  4.55  
PROF_DETECT_PREFILTER       IPv4      17            59            40738       23733414        456884         27.0m  32.56 
PROF_DETECT_PF_PAYLOAD      IPv4       6            17            35326         474744        142936          2.4m  2.93  
PROF_DETECT_PF_PAYLOAD      IPv4      17            59            13994         100640         24750          1.5m  1.76  
PROF_DETECT_PF_TX           IPv4       6            31             4570          53960          9361        290.2k  0.35  
PROF_DETECT_PF_TX           IPv4      17             1            43166          43166         43166         43.2k  0.05  
PROF_DETECT_PF_SORT1        IPv4       6            17             4504           7398          5161         87.7k  0.11  
PROF_DETECT_PF_SORT1        IPv4      17            59             4472          18300          5440        321.0k  0.39  
PROF_DETECT_PF_SORT2        IPv4       6            39             4408          18946          5270        205.5k  0.25  
PROF_DETECT_PF_SORT2        IPv4      17            59             4430       23691950        406396         24.0m  28.96 
PROF_DETECT_NONMPMLIST      IPv4       6            39             4442          20364          5155        201.1k  0.24  
PROF_DETECT_NONMPMLIST      IPv4      17            59             4414           6180          4757        280.7k  0.34  
PROF_DETECT_ALERT           IPv4       6            39             4426          14404          4803        187.3k  0.23  
PROF_DETECT_ALERT           IPv4      17            59             4416          22208          4835        285.3k  0.34  
PROF_DETECT_CLEANUP         IPv4       6            39             4496          26860          5705        222.5k  0.27  
PROF_DETECT_CLEANUP         IPv4      17            59             4404         222220          8675        511.9k  0.62  
PROF_DETECT_GETSGH          IPv4       6            39             4434          60714          7017        273.7k  0.33  
PROF_DETECT_GETSGH          IPv4      17            59             4404         142938          9240        545.2k  0.66  
PROF_DETECT_IPONLY          IPv6      17             6             4836          23950          9779         58.7k  0.07  
PROF_DETECT_RULES           IPv6      17            14            58490         186990        100915          1.4m  1.71  
PROF_DETECT_STATEFUL_CONT    IPv6      17            14             4392           4716          4588         64.2k  0.08  
PROF_DETECT_PREFILTER       IPv6      17            14            41380         116094         57558        805.8k  0.97  
PROF_DETECT_PF_PAYLOAD      IPv6      17            14            14306          86476         28640        401.0k  0.48  
PROF_DETECT_PF_SORT1        IPv6      17            14             4526           6356          5142         72.0k  0.09  
PROF_DETECT_PF_SORT2        IPv6      17            14             4442          20518          5724         80.1k  0.10  
PROF_DETECT_NONMPMLIST      IPv6      17            14             4412           5108          4632         64.9k  0.08  
PROF_DETECT_ALERT           IPv6      17            14             4418           4856          4496         62.9k  0.08  
PROF_DETECT_CLEANUP         IPv6      17            14             4420           6114          4828         67.6k  0.08  
PROF_DETECT_GETSGH          IPv6      17            14             4664          24494          8998        126.0k  0.15  

4
]‡p˜
wæê

¬iC¥À¨d}
»Áê
]‡p˜]‡p˜
w
ìEÞ æ¬iC¥À¨d}
»ÁêPå
]Y
â»û¤£þnmœá=.H*ÈAÇø0jùÁ&q÷´ 1`Y-1äc¯ AH©BÕîÄs®/’dh"’؉Àÿ




:
6
3—0‚“0‚{ 
¾4QÁ}çyh+Áœ†˜ûFy0
	*†H†÷


0J10	UUS10U

Let's Encrypt1#0!ULet's Encrypt Authority X30
190820093348Z
191118093348Z010Utop.extrafeature.xyz0‚
"0
	*†H†÷



‚
0‚

‚

êÀuÉN¶î³MŠ½¢d¬¬w½0Ü
–_À‰îå—åÛ&”ƒ¢‰…ù»çw'®!Ïëˆ

\OÊÏbkê|bùZ·IC6¼ïþ¤â	¯Br;¥°Qé>ãK>HȦ±È-‡Ù%·¢Aû²ô†øÏښI!âbju3}åõȚ› \›¤Üqå¾78Qnî —%rü\ބô#­-¡Š,°:FZeUV¦Ò‹žØcC	άßi®çêÈM¡î]ÞÆô[E©S¡;HÊ}çã˜"“ôLØtTÔ×4‹¢¤^µ™²º×ÊA¸ªÃlE‚
Nbãû
1l7Àµ‚µ

£‚œ0‚˜0U

ÿ 0U%0+

+
0U

ÿ00UìLþé¶3½Ýˁ1ßʇA–¤}ð0U#0€¨Jjc}ݺæÑ9·¦Eeïó¨ì¡0o+


c0a0.+
0
†"http://ocsp.int-x3.letsencrypt.org0/+
0†#http://cert.int-x3.letsencrypt.org/0RUK0I‚live.supportoffline.pro‚support.worldupdate.live‚top.extrafeature.xyz0LU E0C0g

07+

‚ß


0(0&+

http://cps.letsencrypt.org0‚

+

ÖyõòðucòÛÍè;Ì,Ïr„'Wk3¤aw½u¦8±ÇhTK؍
l®—1F0D $½%‰µ±ˆÐv‘+
ÉJ%­¸Uï¹í¢eú˜b xÛHYA½H&.Ó5V¦{ªq+-Vš1´g^‘Üú¤¬woSv¬1ð1ؙ¤QÿwÙÁ)²š7Ù
l®—ÙH0F!’ZFL«
]‡p˜]‡p˜
w
ìEÞ æ¬iC¥À¨d}
»ÁêP9e)Òj™L–~“Xèè}
‚C·ÕÉ0+MšØ’!²ÐüŠKr“;Æ´3‚@ñâd«IÅUFÂ
~†¸;0
	*†H†÷


‚

5M,ð!ò^z°
H)G¸B!Ñ"àÉ䔹—¢C<Z˜qßÓPQ8Ž”c æ
¿{ú-°?0îµÐec¡Ó ÕaKVUSˆ¼¡KŽª‡!íÝ»1Z{ÅdÐcϱ{t‚ÅnöÈ(šL=[¯UžQþ|ìm.J”¹aúܳøÀ„ù¼ˆýI¿0LÝO¶j>)Ä&ô¹»€[Èé@L³E¨`Ì1	þ¸ðùCjðjTLñàG`ÂK–‡2
šµÓÓ±«ÙFåIíEƒXP˛Խ¿Ÿ0q{eäLuod»âÜyØõÓn«¿3ò#¿¤jp?x½óè2ÙMb¤0Ž¢²–0‚’0‚z 


AB
S…sj…ì§0
	*†H†÷


0?1$0"U
Digital Signature Trust Co.10UDST Root CA X30
160317164046Z
210317164046Z0J10	UUS10U

Let's Encrypt1#0!ULet's Encrypt Authority X30‚
"0
	*†H†÷



‚
0‚

‚

œÓðZå.G·r]7ƒ³hc0ê×5&%á½¾5ñp’/·¸KA«©ž5Xì±*Äh‡£ãuäæó§bqºy`בšŸóÐxgqÈi•‘Ïþæ™é`<HÌ~ÊMw$GZë¹ì7œ¬{§êÎJë½Aå6˜¹Ëým<–hß#*B†tgÈ¥š¸Ra?e邇ËÛúVö†‰ó…?—†¯°Üïk
•}Ä+ e²™6u€k¬JóIx/¢–O* %)ÆtÀÐ1͏18•º¨3¸Cñ±Ã0¢y1=-6øãüò3j¹91ůč
d3ªú„)¶ÔÀØ}Ó

£‚
}0‚
y0U

ÿ0

ÿ
0U

ÿ
†0+


s0q02+
0
†&http://isrg.trustid.ocsp.identrust.com0;+
0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g

0?+

‚ß


000.+

"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.cà
]‡p˜]‡p˜
w
ÄE¶£¬iC¥À¨d}
»ÁêP«Œrl0U¨Jjc}ݺæÑ9·¦Eeïó¨ì¡0
	*†H†÷


‚

Ý3×ócX8Ýû	U¾vV¹pH¥iG'{Â$’ñZJ)7$tQbh¸Í•pgå÷¤¼N(Q͛讇êغZ¡
šÜðÝjjØ>W#ž¦bšÿ×Ê·?À
H¼”°¶ebàÁTå£*­ Äéæ»ÜÈöµÃ2£˜Ìw¨æye+Ë(þ:RÎR._ƒèÕ3ûwlÎ@ê2ž’\AÁtl[]
_3ÌMŸ¬8ð/{,bÙ£‘o%/±F=ö~¦z‡¹£zmú%¥‘‡àò/X°/,h&ÆK˜ÍڟùíCJDNosz(ꤪn{L}‡ÝàÉD§‡¯Ã4[´B

K
GA1ŽngU1è3t5Ù8´BÞ´âs¨œÎ1LäI¯Å“âD,v°8Жʟ²QÚXàk
|4˜E^o–Ÿ7,\
1ôÔw~Ò AÞ2Ú8a©Oñ†föÍ̽Î^Q6¾g™@œ-TM‚T© gêF‡«¢{E‚·/Œ^Æ·’WæÚa\MŸ­*“<.¿õ"¨—(zÓŒÓ5«xXÎìØޅÓÕ=4Þô…H•o¢`¯TkÉîxh)A`[EÇ=òlÖvòOA‡²
ûµu%âow âzÊ@šJ«(!A­ÑŸ [ÁæƄ×?®y7ÓÏV/#¹wÚIóˆ°Å&»hÝ0¤v„
"6çmÎ5³ ­æMî\“û	˜'‰„*î„,-
ú՚xϒó–m±;¥¿%Ã4 ”mÙÂ


lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5c7a6dbaecdb4e3a24e86454aaefd1d656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.0907-588ce0b1-38a8-409c-939c-9a91c7aca775.pcap -vvv -k none
elapsedtime:21.420413
stderr:
stdout:
23/9/2019 -- 09:07:31 - <Info> - Configuration node 'rule-files' redefined.
23/9/2019 -- 09:07:31 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/9/2019 -- 09:07:31 - <Info> - CPUs/cores online: 1
23/9/2019 -- 09:07:31 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31297 and 'request-body-inspect-window' set to 16472 after randomization.
23/9/2019 -- 09:07:31 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32999 and 'response-body-inspect-window' set to 16609 after randomization.
23/9/2019 -- 09:07:31 - <Config> - DNS request flood protection level: 500
23/9/2019 -- 09:07:31 - <Config> - DNS per flow memcap (state-memcap): 524288
23/9/2019 -- 09:07:31 - <Config> - DNS global memcap: 16777216
23/9/2019 -- 09:07:31 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/9/2019 -- 09:07:31 - <Config> - preallocated 1000 hosts of size 136
23/9/2019 -- 09:07:31 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/9/2019 -- 09:07:31 - <Config> - using magic-file /usr/share/file/magic
23/9/2019 -- 09:07:31 - <Config> - Core dump size is unlimited.
23/9/2019 -- 09:07:31 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/9/2019 -- 09:07:31 - <Config> - preallocated 1000 defrag trackers of size 168
23/9/2019 -- 09:07:31 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/9/2019 -- 09:07:31 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/9/2019 -- 09:07:31 - <Config> - stream "memcap": 33554432
23/9/2019 -- 09:07:31 - <Config> - stream "midstream" session pickups: disabled
23/9/2019 -- 09:07:31 - <Config> - stream "async-oneside": disabled
23/9/2019 -- 09:07:31 - <Config> - stream "checksum-validation": disabled
23/9/2019 -- 09:07:31 - <Config> - stream."inline": disabled
23/9/2019 -- 09:07:31 - <Config> - stream "bypass": disabled
23/9/2019 -- 09:07:31 - <Config> - stream "max-synack-queued": 5
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly "memcap": 134217728
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly "depth": 0
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly "toserver-chunk-size": 2615
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly "toclient-chunk-size": 2657
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly.raw: enabled
23/9/2019 -- 09:07:31 - <Config> - stream.reassembly "segment-prealloc": 2048
23/9/2019 -- 09:07:31 - <Config> - Delayed detect disabled
23/9/2019 -- 09:07:31 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/9/2019 -- 09:07:31 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/9/2019 -- 09:07:31 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/9/2019 -- 09:07:31 - <Config> - prefilter engines: MPM
23/9/2019 -- 09:07:31 - <Config> - IP reputation disabled
23/9/2019 -- 09:07:31 - <Perf> - Registered 148 keyword profiling counters.
23/9/2019 -- 09:07:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/9/2019 -- 09:07:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/9/2019 -- 09:07:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/9/2019 -- 09:07:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/9/2019 -- 09:07:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/9/2019 -- 09:07:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/9/2019 -- 09:07:37 - <Config> - No rules loaded from ET-icmp.rules.
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/9/2019 -- 09:07:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/9/2019 -- 09:07:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/9/2019 -- 09:07:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/9/2019 -- 09:07:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/9/2019 -- 09:07:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/9/2019 -- 09:07:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/9/2019 -- 09:07:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/9/2019 -- 09:07:44 - <Config> - No rules loaded from local.rules.
23/9/2019 -- 09:07:44 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/9/2019 -- 09:07:44 - <Info> - Threshold config parsed: 0 rule(s) found
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tcp-packet
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tcp-stream
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for udp-packet
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for other-ip
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_uri
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_client_body
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_accept
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_accept_enc
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_accept_lang
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_referer
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_connection
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_method
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_raw_uri
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_user_agent
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_host
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_raw_host
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_stat_msg
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_stat_code
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for dns_query
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tls_sni
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 09:07:45 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 09:07:45 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/9/2019 -- 09:07:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/9/2019 -- 09:07:45 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/9/2019 -- 09:07:45 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/9/2019 -- 09:07:45 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/9/2019 -- 09:07:45 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/9/2019 -- 09:07:45 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/9/2019 -- 09:07:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/9/2019 -- 09:07:50 - <Perf> - Unique rule groups: 104
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/9/2019 -- 09:07:50 - <Perf> - Builtin MPM "other IP packet": 3
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_header": 10
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_header": 6
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_start": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_method": 5
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver http_host": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toserver file_data": 1
23/9/2019 -- 09:07:50 - <Perf> - AppLayer MPM "toclient file_data": 7
23/9/2019 -- 09:07:52 - <Perf> - Registered 39590 rule profiling counters.
23/9/2019 -- 09:07:52 - <Info> - fast output device (regular) initialized: alert
23/9/2019 -- 09:07:52 - <Info> - eve-log output device (regular) initialized: eve.json
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'alert'
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'http'
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'dns'
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'tls'
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'files'
23/9/2019 -- 09:07:52 - <Config> - enabling 'eve-log' module 'ssh'
23/9/2019 -- 09:07:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/9/2019 -- 09:07:52 - <Info> - stats output device (regular) initialized: stats.log
23/9/2019 -- 09:07:52 - <Config> - AutoFP mode using "Hash" flow load balancer
23/9/2019 -- 09:07:52 - <Info> - reading pcap file /var/pcap/09232019.0907-588ce0b1-38a8-409c-939c-9a91c7aca775.pcap
23/9/2019 -- 09:07:52 - <Config> - us

------------------------------------------------------------------------------------
Date: 9/23/2019 -- 09:07:53 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 260
decoder.bytes                              | Total                     | 25652
decoder.ipv4                               | Total                     | 94
decoder.ipv6                               | Total                     | 14
decoder.ethernet                           | Total                     | 260
decoder.tcp                                | Total                     | 35
decoder.udp                                | Total                     | 73
decoder.avg_pkt_size                       | Total                     | 98
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 14
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 10
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 13
flow.spare                                 | Total                     | 9991
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456

{"timestamp":"2019-09-22T13:01:12.727907+0000","flow_id":387330629704547,"pcap_cnt":95,"event_type":"dns","src_ip":"192.168.100.125","src_port":64141,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28751,"rrname":"support.worldupdate.live","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-22T13:01:12.728112+0000","flow_id":387330629704547,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.125","dest_port":64141,"proto":"UDP","dns":{"type":"answer","id":28751,"rcode":"NOERROR","rrname":"support.worldupdate.live","rrtype":"A","ttl":21326,"rdata":"172.105.67.165"}}
{"timestamp":"2019-09-22T13:01:12.800296+0000","flow_id":912248647721807,"pcap_cnt":105,"event_type":"tls","src_ip":"192.168.100.125","src_port":49642,"dest_ip":"172.105.67.165","dest_port":443,"proto":"TCP","tls":{"subject":"CN=top.extrafeature.xyz","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-09-22T13:01:12.858487+0000","flow_id":912248647721807,"pcap_cnt":107,"event_type":"alert","src_ip":"172.105.67.165","src_port":443,"dest_ip":"192.168.100.125","dest_port":49642,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2025194,"rev":1,"signature":"ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","category":"Potentially Bad Traffic","severity":2},"app_proto":"tls"}
{"timestamp":"2019-09-22T13:04:13.502989+0000","flow_id":85924869127366,"pcap_cnt":233,"event_type":"tls","src_ip":"192.168.100.125","src_port":52327,"dest_ip":"172.105.67.165","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}

09/22/2019-13:01:12.858487  [**] [1:2025194:1] ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.105.67.165:443 -> 192.168.100.125:49642

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/23/2019 -- 09:07:53
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             55910           8               8               19958           6988.00         6988.00         0.00           
  content          1520214         266             103             25932           5715.00         6255.00         5373.00        
  pcre             133228          8               0               58228           16653.00        0.00            16653.00       
  byte_test        316130          61              49              31218           5182.00         4698.00         7157.00        
  byte_jump        108384          21              15              11888           5161.00         5206.00         5047.00        
  isdataat         4760            1               0               4760            4760.00         0.00            4760.00        
  byte_extract     50804           9               9               13726           5644.00         5644.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             55910           8               8               19958           6988.00         6988.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1141506         201             94              25162           5679.00         6118.00         5292.00        
  pcre             133228          8               0               58228           16653.00        0.00            16653.00       
  byte_test        316130          61              49              31218           5182.00         4698.00         7157.00        
  byte_jump        108384          21              15              11888           5161.00         5206.00         5047.00        
  isdataat         4760            1               0               4760            4760.00         0.00            4760.00        
  byte_extract     50804           9               9               13726           5644.00         5644.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          63482           8               8               21780           7935.00         7935.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          315226          57              1               25932           5530.00         5688.00         5527.00        

  --------------------------------------------------------------------------
  Date: 9/23/2019 -- 09:07:53. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021749      1        6        325452       3.22   1        0        325452      325452.00   0.00        325452.00  
  2        2814979      1        2        158952       1.57   1        0        158952      158952.00   0.00        158952.00  
  3        2814978      1        2        154652       1.53   1        0        154652      154652.00   0.00        154652.00  
  4        2805348      1        4        1228018      12.13  15       0        147820      81867.87    0.00        81867.87   
  5        2025330      1        1        144790       1.43   1        0        144790      144790.00   0.00        144790.00  
  6        2825567      1        3        134564       1.33   1        0        134564      134564.00   0.00        134564.00  
  7        2018005      1        6        118240       1.17   1        0        118240      118240.00   0.00        118240.00  
  8        2827202      1        3        117192       1.16   1        0        117192      117192.00   0.00        117192.00  
  9        2024720      1        3        102664       1.01   1        0        102664      102664.00   0.00        102664.00  
  10       2829214      1        2        100538       0.99   1        0        100538      100538.00   0.00        100538.00  
  11       2825453      1        2        99680        0.98   1        0        99680       99680.00    0.00        99680.00   
  12       2822213      1        2        92296        0.91   1        0        92296       92296.00    0.00        92296.00   
  13       2824799      1        3        82084        0.81   1        0        82084       82084.00    0.00        82084.00   
  14       2024227      1        3        175762       1.74   8        0        73074       21970.25    0.00        21970.25   
  15       2829561      1        1        161530       1.60   8        0        62814       20191.25    0.00        20191.25   
  16       2022914      1        1        106480       1.05   4        0        61608       26620.00    0.00        26620.00   
  17       2824801      1        3        55582        0.55   1        0        55582       55582.00    0.00        55582.00   
  18       2025194      1        1        45788        0.45   1        1        45788       45788.00    45788.00    0.00       
  19       2025189      1        1        156836       1.55   8        0        44824       19604.50    0.00        19604.50   
  20       2025193      1        1        141374       1.40   8        0        44306       17671.75    0.00        17671.75   
  21       2025191      1        1        178394       1.76   8        0        43656       22299.25    0.00        22299.25   
  22       2025190      1        1        140396       1.39   8        0        43234       17549.50    0.00        17549.50   
  23       2025192      1        1        140516       1.39   8        0        43064       17564.50    0.00        17564.50   
  24       2014701      1        12       41026        0.41   2        0        36140       20513.00    0.00        20513.00   
  25       2017944      1        5        36106        0.36   1        0        36106       36106.00    0.00        36106.00   
  26       2010140      1        7        540122       5.34   72       0        35718       7501.69     0.00        7501.69    
  27       2023624      1        3        262520       2.59   52       0        34640       5048.46     0.00        5048.46    
  28       2020769      1        2        34010        0.34   1        0        34010       34010.00    0.00        34010.00   
  29       2009702      1        5        38958        0.38   2        0        33870       19479.00    0.00        19479.00   
  30       2017914      1        2        31828        0.31   1        0        31828       31828.00    0.00        31828.00   
  31       2020788      1        2        31760        0.31   1        0        31760       31760.00    0.00        31760.00   
  32       2020610      1        3        31442        0.31   1        0        31442       31442.00    0.00        31442.00   
  33       2018638      1        2        29114        0.29   1        0        29114       29114.00    0.00        29114.00   
  34       2020778      1        2        28026        0.28   1        0        28026       28026.00    0.00        28026.00   
  35       2803152      1        1        32046        0.32   2        0        27030       16023.00    0.00        16023.00   
  36       2022543      1        1        26832        0.27   1        0        26832       26832.00    0.00        26832.00   
  37       2826281      1        2        26556        0.26   1        0        26556       26556.00    0.00        26556.00   
  38       2803760      1        3        25978        0.26   1        0        25978       25978.00    0.00        25978.00   
  39       2014703      1        9        30310        0.30   2        0        25062       15155.00    0.00        15155.00   
  40       2815451      1        2        79190        0.78   4        0        24816       19797.50    0.00        19797.50   
  41       2014702      1        9        29212        0.29   2        0        24522       14606.00    0.00        14606.00   
  42       2103158      1        6        47952        0.47   6        0        23326       7992.00     0.00        7992.00    
  43       2809487      1        2        31646        0.31   3        0        21672       10548.67    0.00        10548.67   
  44       2102190      1        5        51086        0.50   7        0        21526       7298.00     0.00        7298.00    
  45       2010142      1        4        342870       3.39   72       0        21476       4762.08     0.00        4762.08    
  46       2023627      1        3        261298       2.58   51       0        21196       5123.49     0.00        5123.49    
  47       2008116      1        4        105406       1.04   19       0        21016       5547.68     0.00        5547.68    
  48       2021978      1        6        27042        0.27   2        0        21006       13521.00    0.00        13521.00   
  49       2008118      1        3        108720       1.07   20       0        20862       5436.00     0.00        5436.00    
  50       2019017      1        3        85186        0.84   15       0        20476       5679.07     0.00        5679.07    
  51       2801347      1        5        84842        0.84   15       0        20434       5656.13     0.00        5656.13    
  52       2013739      1        15       337708       3.34   71       0        19074       4756.45     0.00        4756.45    
  53       2018383      1        8        16514        0.16   1        0        16514       16514.00    0.00        16514.00   
  54       2020371      1        2        16438        0.16   1        0        16438       16438.00    0.00        16438.00   
  55       2805211      1        1        57992        0.57   4        0        15448       14498.00    0.00        14498.00   
  56       2008120      1        4        331124       3.27   73       0        6504        4535.95     0.00        4535.95    
  57       2823788      1        4        6460         0.06   1        0        6460        6460.00     0.00        6460.00    
  58       2828876      1        1        54118        0.53   11       0        6320        4919.82     0.00        4919.82    
  59       2823966      1        1        20928        0.21   4        0        6224        5232.00     0.00        5232.00    
  60       2018789      1        3        6214         0.06   1        0        6214        6214.00     0.00        6214.00    
  61       2806561      1        5        11424        0.11   2        0        6152        5712.00     0.00        5712.00    
  62       2025200      1        1        10644        0.11   2        0        6120        5322.00     0.00        5322.00    
  63       2100518      1        8        90418        0.89   19       0        6042        4758.84     0.00        4758.84    
  64       2019011      1        3        90004        0.89   19       0        5936        4737.05     0.00        4737.05    
  65       2016181      1        2        5920         0.06   1        0        5920        5920.00     0.00        5920.00    
  66       2009984      1        2        21546        0.21   4        0        5816        5386.50     0.00        5386.50    
  67       2100327      1        10       5766         0.06   1        0        5766        5766.00     0.00        5766.00    
  68       2018372      1        2        5730         0.06   1        0        5730        5730.00     0.00        5730.00    
  69       2001330      1        8        38484        0.38   8        0        5718        4810.50     0.00        4810.50    
  70       2802205      1        3        88090        0.87   19       0        5712        4636.32     0.00        4636.32    
  71       2018374      1        2        5650         0.06   1        0        5650        5650.00     0.00        5650.00    
  72       2018389      1        3        5618         0.06   1        0        5618        5618.00     0.00        5618.00    
  73       2821129      1        2        19098        0.19   4        0        5616        4774.50     0.00        4774.50    
  74       2018376      1        4        5586         0.06   1        0        5586        5586.00     0.00        5586.00    
  75       2021976      1        2        10072        0.10   2        0        5578        5036.00     0.00        5036.00    
  76       2802822      1        1        89024        0.88   19       0        5542        4685.47     0.00        4685.47    
  77       2811034      1        1        11038        0.11   2        0        5536        5519.00     0.00        5519.00    
  78       2009243      1        2        93336        0.92   20       0        5506        4666.80     0.00        4666.80    
  79       2825610      1        3        5486         0.05   1        0        5486        5486.00     0.00        5486.00    
  80       2009387      1        4        10684        0.11   2        0        5472        5342.00     0.00        5342.00    
  81       2019010      1        3        69804        0.69   15       0        5456        4653.60     0.00        4653.60    
  82       2022547      1        1        38330        0.38   8        0        5454        4791.25     0.00        4791.25    
  83       2019016      1        3        87536        0.86   19       0        5402        4607.16     0.00        4607.16    
  84       2824993      1        1        10264        0.10   2        0        5384        5132.00     0.00        5132.00    
  85       2102523      1        8        10062        0.10   2        0        5288        5031.00     0.00        5031.00    
  86       2808577      1        5        37380        0.37   8        0        5284        4672.50     0.00        4672.50    
  87       2103159      1        4        15720        0.16   3        0        5282        5240.00     0.00        5240.00    
  88       2010143      1        3        329896       3.26   72       0        5260        4581.89     0.00        4581.89    
  89       2809132      1        1        10118        0.10   2        0        5260        5059.00     0.00        5059.00    
  90       2824995      1        1        18698        0.18   4        0        5244        4674.50     0.00        4674.50    
  91       2807546      1        6        10452        0.10   2        0        5234        5226.00     0.00        5226.00    
  92       2018378      1        5        5230         0.05   1        0        5230        5230.00     0.00        5230.00    
  93       2824992      1        1        19216        0.19   4        0        5222        4804.00     0.00        4804.00    
  94       2017935      1        3        15202        0.15   3        0        5210        5067.33     0.00        5067.33    
  95       2018281      1        4        10070        0.10   2        0        5210        5035.00     0.00        5035.00    
  96       2809256      1        3        15004        0.15   3        0        5204        5001.33     0.00        5001.33    
  97       2102257      1        10       5202         0.05   1        0        5202        5202.00     0.00        5202.00    
  98       2023626      1        3        236608       2.34   53       0        5200        4464.30     0.00        4464.30    
  99       2015986      1        5        14284        0.14   3        0        5192        4761.33     0.00        4761.33    
  100      2016178      1        2        5158         0.05   1        0        5158        5158.00     0.00        5158.00    
  101      2008117      1        3        86960        0.86   19       0        5058        4576.84     0.00        4576.84    
  102      2023622      1        3        311360       3.08   69       0        5050        4512.46     0.00        4512.46    
  103      2008306      1        3        19034        0.19   4        0        5046        4758.50     0.00        4758.50    
  104      2023625      1        3        220050       2.17   49       0        5026        4490.82     0.00        4490.82    
  105      2024777      1        2        18670        0.18   4        0        5008        4667.50     0.00        4667.50    
  106      2102523      1        8        9712         0.10   2        0        4968        4856.00     0.00        4856.00    
  107      2016179      1        2        4886         0.05   1        0        4886        4886.00     0.00        4886.00    
  108      2023619      1        3        18154        0.18   4        0        4864        4538.50     0.00        4538.50    
  109      2023612      1        4        18628        0.18   4        0        4802        4657.00     0.00        4657.00    
  110      2023620      1        3        14080        0.14   3        0        4772        4693.33     0.00        4693.33    
  111      2023623      1        3        214630       2.12   48       0        4772        4471.46     0.00        4471.46    
  112      2014130      1        2        4756         0.05   1        0        4756        4756.00     0.00        4756.00    
  113      2013075      1        8        4742         0.05   1        0        4742        4742.00     0.00        4742.00    
  114      2023617      1        3        18422        0.18   4        0        4732        4605.50     0.00        4605.50    
  115      2103441      1        2        9392         0.09   2        0        4728        4696.00     0.00        4696.00    
  116      2024776      1        1        9152         0.09   2        0        4696        4576.00     0.00        4576.00    
  117      2802987      1        5        9164         0.09   2        0        4688        4582.00     0.00        4582.00    
  118      2023621      1        4        13484        0.13   3        0        4552        4494.67     0.00        4494.67    
  119      2103238      1        4        8854         0.09   2        0        4428        4427.00     0.00        4427.00    
  120      2023614      1        3        8840         0.09   2        0        4420        4420.00     0.00        4420.00    

2019-09-23 09:07:31,059 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-23 09:07:31,876 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-23 09:07:31,876 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-23 09:07:31,876 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-23 09:07:31,876 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-23 09:07:31,877 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5c7a6dbaecdb4e3a24e86454aaefd1d656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.0907-588ce0b1-38a8-409c-939c-9a91c7aca775.pcap -vvv -k none
2019-09-23 09:07:53,299 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-23 09:07:53,300 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2502849102