Filename: 90383ac9-2429-4f1d-9a98-5d3e74e0f9fc.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.4132239819 seconds
Hash: 5cf60de5a76058b0c8d83e52e206a851
Uploaded: 1544459284

Logfiles


packet_stats.log - (14439 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            10          1928678       30116546      15689410        156.9m   14.06
 IPv4      17            56           671658       34396131      14870168        832.7m   74.62
 IPv6      17             9          1940819       34109214      14039893        126.4m   11.32
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            10            79212        8315417       1766163         17.7m   49.18
TMM_FLOWWORKER              IPv4      17            56           123753        2497249        282061         15.8m   43.98
TMM_RECEIVEPCAPFILE         IPv4       6             9             2560           3358          2921         26.3k    0.07
TMM_RECEIVEPCAPFILE         IPv4      17            56             2537          11324          3234        181.1k    0.50
TMM_DECODEPCAPFILE          IPv4       6             9             2719           3959          3137         28.2k    0.08
TMM_DECODEPCAPFILE          IPv4      17            56             2684          18653          3373        188.9k    0.53
TMM_FLOWWORKER              IPv6      17             9           134089         539217        218501          2.0m    5.48
TMM_RECEIVEPCAPFILE         IPv6      17             9             2812           3286          2919         26.3k    0.07
TMM_DECODEPCAPFILE          IPv6      17             9             2695          12029          4220         38.0k    0.11

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             9             2842          13020          4649         41.8k  0.13  
flow                    IPv4      17            56             2650          14593          3693        206.8k  0.64  
stream                  IPv4       6            10             4662        8208915        857544          8.6m  26.63 
app-layer               IPv4      17            56             2523         676237         16531        925.8k  2.88  
detect                  IPv4       6            10            45858        4990296        864990          8.6m  26.87 
detect                  IPv4      17            56           106732         800398        212991         11.9m  37.04 
tcp-prune               IPv4       6            10             2569          20389          4926         49.3k  0.15  
flow                    IPv6      17             9             2822          10034          4801         43.2k  0.13  
app-layer               IPv6      17             9             2560          12630          5933         53.4k  0.17  
detect                  IPv6      17             9            92654         519691        191587          1.7m  5.36  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            22226          22226         22226         22.2k  31.69 
http                    IPv4      17             1            16503          16503         16503         16.5k  23.53 
dns                     IPv4      17             2             6878           8023          7450         14.9k  21.25 
http                    IPv6      17             1            16503          16503         16503         16.5k  23.53 
Proto detect            IPv4      17             8             2721           7594          4471         35.8k
Proto detect            IPv6      17             4             2943           6666          4082         16.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2           102442        1907712       1005077          2.0m  91.86 
LOGGER_JSON_HTTP            IPv4       6             1           102842         102842        102842        102.8k  4.70  
LOGGER_JSON_FILE            IPv4       6             1            75274          75274         75274         75.3k  3.44  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             5             4579         612470        215271         1.1m  35.30 
payload                           IPv4      17            56             3188          54453         11612       650.3k  21.33 
stream                            IPv4       6             5             2599         263049         70937       354.7k  11.63 
http_uri                          IPv4       6             1            12407          12407         12407        12.4k  0.41  
http_request_line                 IPv4       6             1             9787           9787          9787         9.8k  0.32  
http_client_body                  IPv4       6             1           529838         529838        529838       529.8k  17.37 
http_header (request)             IPv4       6             1            74519          74519         74519        74.5k  2.44  
http_header (request trailer)     IPv4       6             1             2703           2703          2703         2.7k  0.09  
http_header_names (request)       IPv4       6             1            14888          14888         14888        14.9k  0.49  
http_accept (request)             IPv4       6             1             4653           4653          4653         4.7k  0.15  
http_referer (request)            IPv4       6             1             3297           3297          3297         3.3k  0.11  
http_content_len (request)        IPv4       6             1             4863           4863          4863         4.9k  0.16  
http_content_type (request)       IPv4       6             1            14691          14691         14691        14.7k  0.48  
http_protocol (request)           IPv4       6             1             5012           5012          5012         5.0k  0.16  
http_start (request)              IPv4       6             1            13833          13833         13833        13.8k  0.45  
http_raw_header (request)         IPv4       6             1            17607          17607         17607        17.6k  0.58  
http_method                       IPv4       6             1             7030           7030          7030         7.0k  0.23  
http_cookie (request)             IPv4       6             1             3499           3499          3499         3.5k  0.11  
http_raw_uri                      IPv4       6             1             5839           5839          5839         5.8k  0.19  
http_user_agent                   IPv4       6             1            10083          10083         10083        10.1k  0.33  
http_host                         IPv4       6             1             9081           9081          9081         9.1k  0.30  
dns_query                         IPv4      17             1             9994           9994          9994        10.0k  0.33  
http_response_line                IPv4       6             1            10423          10423         10423        10.4k  0.34  
http_header (response)            IPv4       6             1            45419          45419         45419        45.4k  1.49  
http_header (response trailer)    IPv4       6             1             2685           2685          2685         2.7k  0.09  
http_content_type (response)      IPv4       6             1            10611          10611         10611        10.6k  0.35  
http_raw_header (response)        IPv4       6             1            10079          10079         10079        10.1k  0.33  
http_cookie (response)            IPv4       6             1             3322           3322          3322         3.3k  0.11  
http_stat_code                    IPv4       6             1             4197           4197          4197         4.2k  0.14  
Total                             IPv4                    92                                         31757         2.9m
payload                           IPv6      17             9             3746          26573         14193       127.7k  4.19  
Total                             IPv6                     9                                         14193       127.7k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            51079          57559         54319        108.6k  0.41  
PROF_DETECT_IPONLY          IPv4      17             8            40294          97823         60634        485.1k  1.83  
PROF_DETECT_RULES           IPv4       6            10             2767        3067269        511339          5.1m  19.24 
PROF_DETECT_RULES           IPv4      17            56            45098         676848        128897          7.2m  27.16 
PROF_DETECT_STATEFUL_START    IPv4       6             2           363997        1165715        764856          1.5m  5.76  
PROF_DETECT_STATEFUL_CONT    IPv4       6            10             2726          14846          6285         62.9k  0.24  
PROF_DETECT_STATEFUL_CONT    IPv4      17            56             2503          60011          3922        219.7k  0.83  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             5             2752           3306          3043         15.2k  0.06  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             3736           3752          3744          7.5k  0.03  
PROF_DETECT_PREFILTER       IPv4       6            10             7959        1875339        296764          3.0m  11.17 
PROF_DETECT_PREFILTER       IPv4      17            56            23679          81209         36021          2.0m  7.59  
PROF_DETECT_PF_PAYLOAD      IPv4       6             5            31678         662726        294229          1.5m  5.54  
PROF_DETECT_PF_PAYLOAD      IPv4      17            56             8270          60705         17515        980.9k  3.69  
PROF_DETECT_PF_TX           IPv4       6             5             2729         797129        184449        922.2k  3.47  
PROF_DETECT_PF_TX           IPv4      17             1            16279          16279         16279         16.3k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6             5             2831          11517          5656         28.3k  0.11  
PROF_DETECT_PF_SORT1        IPv4      17            56             2632           5191          3477        194.7k  0.73  
PROF_DETECT_PF_SORT2        IPv4       6            10             2560         390055         44820        448.2k  1.69  
PROF_DETECT_PF_SORT2        IPv4      17            56             2537           4228          2863        160.3k  0.60  
PROF_DETECT_NONMPMLIST      IPv4       6            10             2579           3663          3131         31.3k  0.12  
PROF_DETECT_NONMPMLIST      IPv4      17            56             2526          18984          3131        175.4k  0.66  
PROF_DETECT_ALERT           IPv4       6            10             2567           3359          2921         29.2k  0.11  
PROF_DETECT_ALERT           IPv4      17            56             2521           5006          2720        152.3k  0.57  
PROF_DETECT_CLEANUP         IPv4       6            10             2651           9686          3886         38.9k  0.15  
PROF_DETECT_CLEANUP         IPv4      17            56             2516           6189          2807        157.2k  0.59  
PROF_DETECT_GETSGH          IPv4       6            10             2656           6771          3510         35.1k  0.13  
PROF_DETECT_GETSGH          IPv4      17            56             2527          23974          4090        229.1k  0.86  
PROF_DETECT_IPONLY          IPv6      17             4             3319           8327          6411         25.6k  0.10  
PROF_DETECT_RULES           IPv6      17             9            34454         118347         65427        588.8k  2.22  
PROF_DETECT_STATEFUL_CONT    IPv6      17             9             2501          14125          4011         36.1k  0.14  
PROF_DETECT_PREFILTER       IPv6      17             9            24658         409938         80918        728.3k  2.74  
PROF_DETECT_PF_PAYLOAD      IPv6      17             9             9037          33042         21374        192.4k  0.72  
PROF_DETECT_PF_SORT1        IPv6      17             9             2623           4186          3376         30.4k  0.11  
PROF_DETECT_PF_SORT2        IPv6      17             9             2547           4308          3093         27.8k  0.10  
PROF_DETECT_NONMPMLIST      IPv6      17             9             2531           3477          2889         26.0k  0.10  
PROF_DETECT_ALERT           IPv6      17             9             2529           3046          2664         24.0k  0.09  
PROF_DETECT_CLEANUP         IPv6      17             9             2519           3706          2862         25.8k  0.10  
PROF_DETECT_GETSGH          IPv6      17             9             2546          19445          6000         54.0k  0.20  


suricata-report-2018-12-10-T-16-28-28-12102018.1628-90383ac9-2429-4f1d-9a98-5d3e74e0f9fc.pcap.txt - (17921 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5cf60de5a76058b0c8d83e52e206a85156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12102018.1628-90383ac9-2429-4f1d-9a98-5d3e74e0f9fc.pcap -vvv -k none
elapsedtime:22.461436
stderr:
stdout:
10/12/2018 -- 16:28:05 - <Info> - Configuration node 'rule-files' redefined.
10/12/2018 -- 16:28:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
10/12/2018 -- 16:28:05 - <Info> - CPUs/cores online: 1
10/12/2018 -- 16:28:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32672 and 'request-body-inspect-window' set to 15696 after randomization.
10/12/2018 -- 16:28:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32199 and 'response-body-inspect-window' set to 16846 after randomization.
10/12/2018 -- 16:28:05 - <Config> - DNS request flood protection level: 500
10/12/2018 -- 16:28:05 - <Config> - DNS per flow memcap (state-memcap): 524288
10/12/2018 -- 16:28:05 - <Config> - DNS global memcap: 16777216
10/12/2018 -- 16:28:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
10/12/2018 -- 16:28:05 - <Config> - preallocated 1000 hosts of size 136
10/12/2018 -- 16:28:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
10/12/2018 -- 16:28:05 - <Config> - using magic-file /usr/share/file/magic
10/12/2018 -- 16:28:05 - <Config> - Core dump size is unlimited.
10/12/2018 -- 16:28:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
10/12/2018 -- 16:28:05 - <Config> - preallocated 1000 defrag trackers of size 168
10/12/2018 -- 16:28:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
10/12/2018 -- 16:28:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
10/12/2018 -- 16:28:05 - <Config> - stream "memcap": 33554432
10/12/2018 -- 16:28:05 - <Config> - stream "midstream" session pickups: disabled
10/12/2018 -- 16:28:05 - <Config> - stream "async-oneside": disabled
10/12/2018 -- 16:28:05 - <Config> - stream "checksum-validation": disabled
10/12/2018 -- 16:28:05 - <Config> - stream."inline": disabled
10/12/2018 -- 16:28:05 - <Config> - stream "bypass": disabled
10/12/2018 -- 16:28:05 - <Config> - stream "max-synack-queued": 5
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly "memcap": 134217728
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly "depth": 0
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly "toserver-chunk-size": 2674
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly "toclient-chunk-size": 2435
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly.raw: enabled
10/12/2018 -- 16:28:05 - <Config> - stream.reassembly "segment-prealloc": 2048
10/12/2018 -- 16:28:05 - <Config> - Delayed detect disabled
10/12/2018 -- 16:28:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
10/12/2018 -- 16:28:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
10/12/2018 -- 16:28:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
10/12/2018 -- 16:28:05 - <Config> - prefilter engines: MPM
10/12/2018 -- 16:28:05 - <Config> - IP reputation disabled
10/12/2018 -- 16:28:05 - <Perf> - Registered 148 keyword profiling counters.
10/12/2018 -- 16:28:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
10/12/2018 -- 16:28:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
10/12/2018 -- 16:28:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
10/12/2018 -- 16:28:10 - <Config> - No rules loaded from ET-icmp.rules.
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
10/12/2018 -- 16:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
10/12/2018 -- 16:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
10/12/2018 -- 16:28:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
10/12/2018 -- 16:28:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
10/12/2018 -- 16:28:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
10/12/2018 -- 16:28:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
10/12/2018 -- 16:28:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
10/12/2018 -- 16:28:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
10/12/2018 -- 16:28:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
10/12/2018 -- 16:28:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
10/12/2018 -- 16:28:18 - <Config> - No rules loaded from local.rules.
10/12/2018 -- 16:28:18 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
10/12/2018 -- 16:28:18 - <Info> - Threshold config parsed: 0 rule(s) found
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tcp-packet
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tcp-stream
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for udp-packet
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for other-ip
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_uri
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_request_line
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_client_body
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_response_line
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_header
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_header
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_header_names
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_header_names
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_accept
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_accept_enc
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_accept_lang
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_referer
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_connection
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_content_len
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_content_len
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_content_type
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_content_type
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_protocol
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_protocol
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_start
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_start
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_raw_header
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_raw_header
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_method
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_cookie
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_cookie
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_raw_uri
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_user_agent
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_host
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_raw_host
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_stat_msg
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_stat_code
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for dns_query
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tls_sni
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tls_cert_issuer
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tls_cert_subject
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for tls_cert_serial
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for dce_stub_data
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for dce_stub_data
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for ssh_protocol
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for ssh_protocol
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for ssh_software
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for ssh_software
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for file_data
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for file_data
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_request_line
10/12/2018 -- 16:28:19 - <Perf> - using shared mpm ctx' for http_response_line
10/12/2018 -- 16:28:19 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
10/12/2018 -- 16:28:19 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
10/12/2018 -- 16:28:19 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
10/12/2018 -- 16:28:19 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
10/12/2018 -- 16:28:19 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
10/12/2018 -- 16:28:19 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
10/12/2018 -- 16:28:19 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
10/12/2018 -- 16:28:19 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
10/12/2018 -- 16:28:24 - <Perf> - Unique rule groups: 104
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toserver TCP packet": 35
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toclient TCP packet": 17
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toserver TCP stream": 33
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toclient TCP stream": 19
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toserver UDP packet": 27
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "toclient UDP packet": 17
10/12/2018 -- 16:28:24 - <Perf> - Builtin MPM "other IP packet": 3
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_uri": 14
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_request_line": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_client_body": 6
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_response_line": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_header": 10
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_header": 6
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_header_names": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_accept": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_referer": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_content_len": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_content_type": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_content_type": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_protocol": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_start": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_method": 5
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_cookie": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_cookie": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver http_host": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver dns_query": 4
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver tls_sni": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toserver file_data": 1
10/12/2018 -- 16:28:24 - <Perf> - AppLayer MPM "toclient file_data": 7
10/12/2018 -- 16:28:27 - <Perf> - Registered 39590 rule profiling counters.
10/12/2018 -- 16:28:27 - <Info> - fast output device (regular) initialized: alert
10/12/2018 -- 16:28:27 - <Info> - eve-log output device (regular) initialized: eve.json
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'alert'
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'http'
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'dns'
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'tls'
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'files'
10/12/2018 -- 16:28:27 - <Config> - enabling 'eve-log' module 'ssh'
10/12/2018 -- 16:28:27 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
10/12/2018 -- 16:28:27 - <Info> - stats output device (regular) initialized: stats.log
10/12/2018 -- 16:28:27 - <Config> - Aut

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2018-12-10-T-16-28-28-12102018.1628-90383ac9-2429-4f1d-9a98-5d3e74e0f9fc.pcap.txt - (23383 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/10/2018 -- 16:28:28. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010140      1        7        1295645      15.23  55       0        643086      23557.18    0.00        23557.18   
  2        2811543      1        1        401377       4.72   2        0        397883      200688.50   0.00        200688.50  
  3        2018558      1        5        387659       4.56   2        0        384377      193829.50   0.00        193829.50  
  4        2017261      1        3        304757       3.58   1        0        304757      304757.00   0.00        304757.00  
  5        2809513      1        5        146697       1.72   1        0        146697      146697.00   0.00        146697.00  
  6        2812976      1        3        76879        0.90   1        0        76879       76879.00    0.00        76879.00   
  7        2024137      1        2        76368        0.90   1        0        76368       76368.00    0.00        76368.00   
  8        2805348      1        4        650673       7.65   13       0        68618       50051.77    0.00        50051.77   
  9        2021418      1        9        68581        0.81   1        0        68581       68581.00    0.00        68581.00   
  10       2019094      1        5        54597        0.64   1        0        54597       54597.00    0.00        54597.00   
  11       2024133      1        2        49740        0.58   1        0        49740       49740.00    0.00        49740.00   
  12       2809363      1        3        49503        0.58   1        0        49503       49503.00    0.00        49503.00   
  13       2024142      1        2        46941        0.55   1        0        46941       46941.00    0.00        46941.00   
  14       2807970      1        8        42513        0.50   1        0        42513       42513.00    0.00        42513.00   
  15       2821471      1        2        42423        0.50   1        0        42423       42423.00    0.00        42423.00   
  16       2022901      1        2        41809        0.49   1        0        41809       41809.00    0.00        41809.00   
  17       2018386      1        2        41734        0.49   1        0        41734       41734.00    0.00        41734.00   
  18       2014405      1        10       41710        0.49   1        0        41710       41710.00    0.00        41710.00   
  19       2022080      1        1        40762        0.48   1        1        40762       40762.00    40762.00    0.00       
  20       2812433      1        2        38554        0.45   1        0        38554       38554.00    0.00        38554.00   
  21       2020181      1        8        38035        0.45   1        0        38035       38035.00    0.00        38035.00   
  22       2024138      1        2        36897        0.43   1        0        36897       36897.00    0.00        36897.00   
  23       2021413      1        2        36845        0.43   1        0        36845       36845.00    0.00        36845.00   
  24       2822458      1        2        36467        0.43   1        0        36467       36467.00    0.00        36467.00   
  25       2012649      1        5        36296        0.43   1        0        36296       36296.00    0.00        36296.00   
  26       2015877      1        6        34797        0.41   1        0        34797       34797.00    0.00        34797.00   
  27       2017948      1        2        34372        0.40   1        0        34372       34372.00    0.00        34372.00   
  28       2024134      1        2        34353        0.40   1        0        34353       34353.00    0.00        34353.00   
  29       2024140      1        2        34226        0.40   1        0        34226       34226.00    0.00        34226.00   
  30       2013672      1        3        34198        0.40   1        0        34198       34198.00    0.00        34198.00   
  31       2821569      1        7        34050        0.40   1        0        34050       34050.00    0.00        34050.00   
  32       2809511      1        4        34049        0.40   1        0        34049       34049.00    0.00        34049.00   
  33       2023625      1        3        151087       1.78   46       0        33909       3284.50     0.00        3284.50    
  34       2024135      1        2        33738        0.40   1        0        33738       33738.00    0.00        33738.00   
  35       2024141      1        2        33413        0.39   1        0        33413       33413.00    0.00        33413.00   
  36       2024136      1        2        33276        0.39   1        0        33276       33276.00    0.00        33276.00   
  37       2823263      1        3        33266        0.39   1        0        33266       33266.00    0.00        33266.00   
  38       2828057      1        2        33218        0.39   1        0        33218       33218.00    0.00        33218.00   
  39       2024565      1        3        33112        0.39   1        0        33112       33112.00    0.00        33112.00   
  40       2821909      1        2        32636        0.38   1        0        32636       32636.00    0.00        32636.00   
  41       2827900      1        1        32168        0.38   1        0        32168       32168.00    0.00        32168.00   
  42       2024455      1        2        32078        0.38   1        0        32078       32078.00    0.00        32078.00   
  43       2828986      1        2        32060        0.38   1        0        32060       32060.00    0.00        32060.00   
  44       2816365      1        3        32030        0.38   1        0        32030       32030.00    0.00        32030.00   
  45       2024139      1        2        31892        0.37   1        0        31892       31892.00    0.00        31892.00   
  46       2828060      1        4        31753        0.37   1        0        31753       31753.00    0.00        31753.00   
  47       2023083      1        2        29815        0.35   1        0        29815       29815.00    0.00        29815.00   
  48       2829848      1        2        28872        0.34   1        0        28872       28872.00    0.00        28872.00   
  49       2024771      1        1        28428        0.33   1        0        28428       28428.00    0.00        28428.00   
  50       2823858      1        3        28422        0.33   1        0        28422       28422.00    0.00        28422.00   
  51       2807793      1        4        28302        0.33   1        0        28302       28302.00    0.00        28302.00   
  52       2014363      1        7        33016        0.39   2        0        28290       16508.00    0.00        16508.00   
  53       2815568      1        2        28225        0.33   1        0        28225       28225.00    0.00        28225.00   
  54       2815886      1        2        27811        0.33   1        0        27811       27811.00    0.00        27811.00   
  55       2008118      1        3        59444        0.70   13       0        27357       4572.62     0.00        4572.62    
  56       2014380      1        4        45513        0.53   2        0        26453       22756.50    0.00        22756.50   
  57       2828008      1        2        24574        0.29   1        0        24574       24574.00    0.00        24574.00   
  58       2816165      1        5        23670        0.28   1        0        23670       23670.00    0.00        23670.00   
  59       2012707      1        5        23556        0.28   1        0        23556       23556.00    0.00        23556.00   
  60       2014376      1        3        27204        0.32   2        0        23508       13602.00    0.00        13602.00   
  61       2024560      1        5        23341        0.27   1        0        23341       23341.00    0.00        23341.00   
  62       2012328      1        6        26323        0.31   2        0        23330       13161.50    0.00        13161.50   
  63       2022914      1        1        31427        0.37   2        0        23258       15713.50    0.00        15713.50   
  64       2826256      1        2        23250        0.27   1        0        23250       23250.00    0.00        23250.00   
  65       2827580      1        7        23112        0.27   1        0        23112       23112.00    0.00        23112.00   
  66       2017552      1        6        22812        0.27   1        0        22812       22812.00    0.00        22812.00   
  67       2016757      1        10       22532        0.26   1        0        22532       22532.00    0.00        22532.00   
  68       2827279      1        5        22502        0.26   1        0        22502       22502.00    0.00        22502.00   
  69       2016706      1        20       22305        0.26   1        0        22305       22305.00    0.00        22305.00   
  70       2825222      1        2        22106        0.26   1        0        22106       22106.00    0.00        22106.00   
  71       2014701      1        12       25802        0.30   2        0        21777       12901.00    0.00        12901.00   
  72       2805564      1        4        21592        0.25   1        0        21592       21592.00    0.00        21592.00   
  73       2827641      1        2        21550        0.25   1        0        21550       21550.00    0.00        21550.00   
  74       2815033      1        2        21515        0.25   1        0        21515       21515.00    0.00        21515.00   
  75       2024606      1        2        21386        0.25   1        0        21386       21386.00    0.00        21386.00   
  76       2816899      1        2        21351        0.25   1        0        21351       21351.00    0.00        21351.00   
  77       2816884      1        3        21303        0.25   1        0        21303       21303.00    0.00        21303.00   
  78       2822109      1        2        21104        0.25   1        0        21104       21104.00    0.00        21104.00   
  79       2820809      1        2        21071        0.25   1        0        21071       21071.00    0.00        21071.00   
  80       2016809      1        5        20999        0.25   1        0        20999       20999.00    0.00        20999.00   
  81       2019609      1        1        23945        0.28   2        0        20915       11972.50    0.00        11972.50   
  82       2821765      1        5        20757        0.24   1        0        20757       20757.00    0.00        20757.00   
  83       2014967      1        3        20699        0.24   1        0        20699       20699.00    0.00        20699.00   
  84       2009702      1        5        23701        0.28   2        0        20218       11850.50    0.00        11850.50   
  85       2024513      1        5        19298        0.23   1        0        19298       19298.00    0.00        19298.00   
  86       2022543      1        1        18515        0.22   1        0        18515       18515.00    0.00        18515.00   
  87       2019017      1        3        50413        0.59   13       0        17963       3877.92     0.00        3877.92    
  88       2008120      1        4        169780       2.00   56       0        17905       3031.79     0.00        3031.79    
  89       2022132      1        1        28669        0.34   2        0        17877       14334.50    0.00        14334.50   
  90       2102190      1        5        23318        0.27   3        0        17297       7772.67     0.00        7772.67    
  91       2826281      1        2        16763        0.20   1        0        16763       16763.00    0.00        16763.00   
  92       2023624      1        3        151362       1.78   53       0        16555       2855.89     0.00        2855.89    
  93       2823937      1        13       16081        0.19   1        0        16081       16081.00    0.00        16081.00   
  94       2803760      1        3        15868        0.19   1        0        15868       15868.00    0.00        15868.00   
  95       2816395      1        3        15819        0.19   1        0        15819       15819.00    0.00        15819.00   
  96       2807856      1        2        24869        0.29   2        0        15369       12434.50    0.00        12434.50   
  97       2819882      1        2        15365        0.18   1        0        15365       15365.00    0.00        15365.00   
  98       2815660      1        4        15094        0.18   1        0        15094       15094.00    0.00        15094.00   
  99       2014702      1        9        18262        0.21   2        0        14940       9131.00     0.00        9131.00    
  100      2014703      1        9        17899        0.21   2        0        14794       8949.50     0.00        8949.50    
  101      2815823      1        2        14371        0.17   1        0        14371       14371.00    0.00        14371.00   
  102      2815824      1        2        14081        0.17   1        0        14081       14081.00    0.00        14081.00   
  103      2009243      1        2        48110        0.57   13       0        13560       3700.77     0.00        3700.77    
  104      2008116      1        4        58122        0.68   17       0        10794       3418.94     0.00        3418.94    
  105      2805211      1        1        17562        0.21   2        0        9447        8781.00     0.00        8781.00    
  106      2010142      1        4        151048       1.78   55       0        9152        2746.33     0.00        2746.33    
  107      2021584      1        4        5200         0.06   1        0        5200        5200.00     0.00        5200.00    
  108      2008304      1        3        12065        0.14   3        0        4638        4021.67     0.00        4021.67    
  109      2016323      1        1        28712        0.34   9        0        4326        3190.22     0.00        3190.22    
  110      2823788      1        4        4235         0.05   1        0        4235        4235.00     0.00        4235.00    
  111      2802205      1        3        48222        0.57   17       0        4172        2836.59     0.00        2836.59    
  112      2810288      1        2        11149        0.13   3        0        4146        3716.33     0.00        3716.33    
  113      2823338      1        1        7496         0.09   2        0        4145        3748.00     0.00        3748.00    
  114      2024096      1        3        4102         0.05   1        0        4102        4102.00     0.00        4102.00    
  115      2014343      1        2        4098         0.05   1        0        4098        4098.00     0.00        4098.00    
  116      2023626      1        3        142187       1.67   53       0        4056        2682.77     0.00        2682.77    
  117      2103159      1        4        3958         0.05   1        0        3958        3958.00     0.00        3958.00    
  118      2024044      1        4        3958         0.05   1        0        3958        3958.00     0.00        3958.00    
  119      2801347      1        5        50551        0.59   18       0        3940        2808.39     0.00        2808.39    
  120      2100540      1        12       13112        0.15   4        0        3926        3278.00     0.00        3278.00    
  121      2010143      1        3        152300       1.79   55       0        3880        2769.09     0.00        2769.09    
  122      2802822      1        1        46093        0.54   16       0        3864        2880.81     0.00        2880.81    
  123      2023627      1        3        115012       1.35   42       0        3833        2738.38     0.00        2738.38    
  124      2008117      1        3        46724        0.55   16       0        3813        2920.25     0.00        2920.25    
  125      2008301      1        3        

This file has been truncated. Go here to download in full.


stats.log - (2834 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 12/10/2018 -- 16:28:28 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 101
decoder.bytes                              | Total                     | 12192
decoder.ipv4                               | Total                     | 65
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 101
decoder.tcp                                | Total                     | 9
decoder.udp                                | Total                     | 65
decoder.avg_pkt_size                       | Total                     | 120
decoder.max_pkt_size                       | Total                     | 1294
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 11
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 13
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 14
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 10
flow.spare                                 | Total                     | 9993
flow_mgr.flows_checked                     | Total                     | 6
flow_mgr.flows_notimeout                   | Total                     | 6
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65530
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075744


eve.json - (1471 bytes) - download
1
2
3
4
{"timestamp":"2018-11-22T15:21:06.496590+0000","flow_id":1286706861085646,"pcap_cnt":46,"event_type":"dns","src_ip":"192.168.100.13","src_port":56067,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31419,"rrname":"ch29896.tmweb.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T15:21:06.555221+0000","flow_id":1286706861085646,"pcap_cnt":47,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.13","dest_port":56067,"proto":"UDP","dns":{"type":"answer","id":31419,"rcode":"NOERROR","rrname":"ch29896.tmweb.ru","rrtype":"A","ttl":599,"rdata":"92.53.96.206"}}
{"timestamp":"2018-11-22T15:21:07.394297+0000","flow_id":1669195173634588,"pcap_cnt":63,"event_type":"http","src_ip":"192.168.100.13","src_port":49183,"dest_ip":"92.53.96.206","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ch29896.tmweb.ru","url":"\/landing.php","http_user_agent":"GRequests\/0.10"}}
{"timestamp":"2018-11-22T15:21:07.394297+0000","flow_id":1669195173634588,"pcap_cnt":63,"event_type":"fileinfo","src_ip":"192.168.100.13","src_port":49183,"dest_ip":"92.53.96.206","dest_port":80,"proto":"TCP","http":{"hostname":"ch29896.tmweb.ru","url":"\/landing.php","http_user_agent":"GRequests\/0.10","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"C:\\\\Users\\\\admin\\\\AppData\\\\Local\\\\arrxu6eixwdx.zip","gaps":false,"state":"CLOSED","stored":false,"size":942,"tx_id":0}}


keyword_perf.log - (11400 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/10/2018 -- 16:28:28
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            3809            1               1               3809            3809.00         3809.00         0.00           
  flow             275386          76              76              9011            3623.00         3623.00         0.00           
  content          1514663         206             122             627298          7352.00         4506.00         11486.00       
  pcre             148151          21              8               14680           7054.00         6295.00         7521.00        
  byte_test        168963          56              46              5382            3017.00         2990.00         3141.00        
  byte_jump        54390           13              13              17560           4183.00         4183.00         0.00           
  isdataat         2934            1               0               2934            2934.00         0.00            2934.00        
  flowbits         27477           8               1               6325            3434.00         6325.00         3021.00        
  urilen           20269           6               0               4050            3378.00         0.00            3378.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            3809            1               1               3809            3809.00         3809.00         0.00           
  flow             275386          76              76              9011            3623.00         3623.00         0.00           
  flowbits         21152           7               0               4515            3021.00         0.00            3021.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          923631          80              50              627298          11545.00        4087.00         23974.00       
  pcre             43980           6               0               13978           7330.00         0.00            7330.00        
  byte_test        168963          56              46              5382            3017.00         2990.00         3141.00        
  byte_jump        54390           13              13              17560           4183.00         4183.00         0.00           
  isdataat         2934            1               0               2934            2934.00         0.00            2934.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         6325            1               1               6325            6325.00         6325.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          102582          22              18              19509           4662.00         4818.00         3962.00        
  pcre             54490           9               8               11254           6054.00         6295.00         4123.00        
  urilen           20269           6               0               4050            3378.00         0.00            3378.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          131001          25              8               17305           5240.00         4985.00         5359.00        
  pcre             18175           2               0               13733           9087.00         0.00            9087.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3430            1               0               3430            3430.00         0.00            3430.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          267390          54              30              41898           4951.00         5354.00         4447.00        
  pcre             31506           4               0               14680           7876.00         0.00            7876.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12181           3               0               4870            4060.00         0.00            4060.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9401            2               2               4970            4700.00         4700.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          55710           16              14              4015            3481.00         3481.00         3486.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3017            1               0               3017            3017.00         0.00            3017.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6320            2               0               3227            3160.00         0.00            3160.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2018-12-10 16:28:05,069 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-10 16:28:05,824 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-10 16:28:05,824 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-12-10 16:28:05,825 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-10 16:28:05,825 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-10 16:28:05,825 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5cf60de5a76058b0c8d83e52e206a85156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12102018.1628-90383ac9-2429-4f1d-9a98-5d3e74e0f9fc.pcap -vvv -k none
2018-12-10 16:28:28,288 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-10 16:28:28,289 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.2277519703