Filename: 46c2448c-24e5-4da2-83f2-e37295f166f2.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.9501287937 seconds
Hash: 606a035209cb3a579b0a2a75a51cb89e
Uploaded: 1560949309

Logfiles


packet_stats.log - (20037 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10        842523899     1389114488    1273352537         12.7b    0.18
 IPv4       6          7110          7186894     1418111424     978613475       6957.9b   96.80
 IPv4      17           159         10049257     1410872799    1053767294        167.5b    2.33
 IPv6      17            34         10991142     1409429114    1098609300         37.4b    0.52
 IPv6      58            10        842597411     1389803229    1273438229         12.7b    0.18
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            90000         121557        100543          1.0m    0.06
TMM_FLOWWORKER              IPv4       6          7110            66116       13535578        217905          1.5b   93.29
TMM_FLOWWORKER              IPv4      17           159           118827        9634806        356747         56.7m    3.42
TMM_RECEIVEPCAPFILE         IPv4       2            10             2542           3240          2708         27.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          7051             2535        4694096          3690         26.0m    1.57
TMM_RECEIVEPCAPFILE         IPv4      17           159             2546          10725          2742        436.0k    0.03
TMM_DECODEPCAPFILE          IPv4       2            10             2724           7229          3464         34.6k    0.00
TMM_DECODEPCAPFILE          IPv4       6          7051             2647          93859          2911         20.5m    1.24
TMM_DECODEPCAPFILE          IPv4      17           159             2665          29288          3178        505.3k    0.03
TMM_FLOWWORKER              IPv6      17            34           109066         292423        150123          5.1m    0.31
TMM_FLOWWORKER              IPv6      58            10            66446          91551         74333        743.3k    0.04
TMM_RECEIVEPCAPFILE         IPv6      17            34             2551           3039          2648         90.0k    0.01
TMM_RECEIVEPCAPFILE         IPv6      58            10             2562           3179          2666         26.7k    0.00
TMM_DECODEPCAPFILE          IPv6      17            34             2693          16130          3448        117.2k    0.01
TMM_DECODEPCAPFILE          IPv6      58            10             2807          23616          5924         59.2k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          7051             2802          42971          3273         23.1m  1.56  
flow                    IPv4      17           159             2805          26666          4526        719.8k  0.05  
stream                  IPv4       6          7110             2584         902973          8162         58.0m  3.93  
app-layer               IPv4      17           159             2524          44916          9041          1.4m  0.10  
detect                  IPv4       2            10            84534         115523         94694        946.9k  0.06  
detect                  IPv4       6          7110            44622       13497224        186656          1.3b  89.84 
detect                  IPv4      17           159           102059         605815        247459         39.3m  2.66  
tcp-prune               IPv4       6          7110             2537          64083          2981         21.2m  1.43  
flow                    IPv6      17            34             2837          24638          4985        169.5k  0.01  
flow                    IPv6      58            10             2846           4192          3364         33.6k  0.00  
app-layer               IPv6      17            34             2524          13891          5173        175.9k  0.01  
detect                  IPv6      17            34            92347         272223        128978          4.4m  0.30  
detect                  IPv6      58            10            55262          78894         61185        611.9k  0.04  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             8             4083          27369         14626        117.0k  14.18 
http                    IPv4      17             5             4566          22683          8972         44.9k  5.44  
tls                     IPv4       6            75             2601           5264          2964        222.3k  26.94 
tls                     IPv4      17             7             2744           2868          2823         19.8k  2.39  
dns                     IPv4      17            59             3684          34326          6557        386.9k  46.88 
http                    IPv6      17             3             4566           4566          4566         13.7k  1.66  
tls                     IPv6      17             6             2806           2868          2837         17.0k  2.06  
dns                     IPv6      17             1             3741           3741          3741          3.7k  0.45  
Proto detect            IPv4       6             2             5316          13280          9298         18.6k
Proto detect            IPv4      17            68             2717          28243          6682        454.4k
Proto detect            IPv6      17            13             2755           7712          3557         46.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             1           157883         157883        157883        157.9k  0.91  
LOGGER_UNIFIED2             IPv4      17             1           186484         186484        186484        186.5k  1.08  
LOGGER_JSON_ALERT           IPv4      17             1          8680795        8680795       8680795          8.7m  50.22 
LOGGER_JSON_DNS             IPv4      17            58            28075         162064         70999          4.1m  23.82 
LOGGER_JSON_HTTP            IPv4       6             7            55332         196174        104619        732.3k  4.24  
LOGGER_JSON_TLS             IPv4       6            44            26017         108074         55050          2.4m  14.01 
LOGGER_JSON_FILE            IPv4       6             8            79544         218271        123434        987.5k  5.71  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2254             2523        5870490         45790       103.2m  28.49 
payload                           IPv4      17           159             3397         109776         19565         3.1m  0.86  
stream                            IPv4       6          2254             2535        2299839         43808        98.7m  27.26 
http_uri                          IPv4       6             7             6181         102685         43225       302.6k  0.08  
http_request_line                 IPv4       6             7             5332           9963          8190        57.3k  0.02  
http_client_body                  IPv4       6          1238             2560         696344         43120        53.4m  14.73 
http_header (request)             IPv4       6             7            30569         127724         83813       586.7k  0.16  
http_header (request trailer)     IPv4       6             7             2605           2884          2673        18.7k  0.01  
http_header_names (request)       IPv4       6             7            14004          28415         19439       136.1k  0.04  
http_accept (request)             IPv4       6             7             3284           7345          5086        35.6k  0.01  
http_referer (request)            IPv4       6             7             2958           3781          3323        23.3k  0.01  
http_content_len (request)        IPv4       6             7             3043           7216          4039        28.3k  0.01  
http_content_type (request)       IPv4       6             7             3070          14203          4931        34.5k  0.01  
http_protocol (request)           IPv4       6             7             3927           6063          5237        36.7k  0.01  
http_start (request)              IPv4       6             7             9184          19382         14375       100.6k  0.03  
http_raw_header (request)         IPv4       6          1238             4251          60606          5001         6.2m  1.71  
http_method                       IPv4       6             7             4979           7327          6222        43.6k  0.01  
http_cookie (request)             IPv4       6             7             3151           3844          3541        24.8k  0.01  
http_raw_uri                      IPv4       6             7             2949           9659          6931        48.5k  0.01  
http_user_agent                   IPv4       6             7             7016          50784         25649       179.5k  0.05  
http_host                         IPv4       6             7             5835           9359          8228        57.6k  0.02  
dns_query                         IPv4      17            29             4695          22565          9894       286.9k  0.08  
tls_sni                           IPv4       6            61             3036          29220          6210       378.8k  0.10  
http_response_line                IPv4       6             7             4428          32599         11993        84.0k  0.02  
http_header (response)            IPv4       6             7            37715         106338         66178       463.2k  0.13  
http_header (response trailer)    IPv4       6             7             2617           3363          2815        19.7k  0.01  
http_content_type (response)      IPv4       6             7             4406          12015          9166        64.2k  0.02  
http_raw_header (response)        IPv4       6           732             4920          30013          5369         3.9m  1.08  
http_cookie (response)            IPv4       6             7             3144           6947          4060        28.4k  0.01  
http_stat_code                    IPv4       6             7             2984           5076          4254        29.8k  0.01  
tls_cert_issuer                   IPv4       6            44             2562          20651          4044       177.9k  0.05  
tls_cert_subject                  IPv4       6            44             2557          26297          4981       219.2k  0.06  
tls_cert_serial                   IPv4       6            44             2539           5598          3012       132.5k  0.04  
file_data (http response)         IPv4       6           725             2559        1660211        123833        89.8m  24.78 
Total                             IPv4                  8976                                         40324       362.0m
payload                           IPv6      17            34             3462          35542          8948       304.3k  0.08  
payload                           IPv6      58            10             2765           7509          4257        42.6k  0.01  
Total                             IPv6                    44                                          7882       346.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10            36538          61961         44905        449.1k  0.02  
PROF_DETECT_IPONLY          IPv4       6           104             3262          82655         31318          3.3m  0.18  
PROF_DETECT_IPONLY          IPv4      17            76            36986         121454         48927          3.7m  0.21  
PROF_DETECT_RULES           IPv4       2            10             2525           2927          2624         26.2k  0.00  
PROF_DETECT_RULES           IPv4       6          7110             2516       13365082         64308        457.2m  25.44 
PROF_DETECT_RULES           IPv4      17           159            44237         417972        130669         20.8m  1.16  
PROF_DETECT_STATEFUL_START    IPv4       6          1925             5107       13270588         92562        178.2m  9.91  
PROF_DETECT_STATEFUL_START    IPv4      17             1            12770          12770         12770         12.8k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2555           3439          2725         27.3k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          7110             2507          99462          8698         61.8m  3.44  
PROF_DETECT_STATEFUL_CONT    IPv4      17           159             2512          55318          4566        726.1k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          6889             2537          53308          2797         19.3m  1.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            58             2612           3387          2825        163.9k  0.01  
PROF_DETECT_PREFILTER       IPv4       2            10             7900           8510          8194         81.9k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          7110             7844        5932744         71806        510.5m  28.41 
PROF_DETECT_PREFILTER       IPv4      17           159            23992         136462         47348          7.5m  0.42  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2254            12851        5883007         97840        220.5m  12.27 
PROF_DETECT_PF_PAYLOAD      IPv4      17           159             8425         115774         25191          4.0m  0.22  
PROF_DETECT_PF_TX           IPv4       6          6889             2566        1674232         27550        189.8m  10.56 
PROF_DETECT_PF_TX           IPv4      17            29             9974          29082         15565        451.4k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6          1850             2540          39066          3436          6.4m  0.35  
PROF_DETECT_PF_SORT1        IPv4      17           159             2598          16888          3737        594.3k  0.03  
PROF_DETECT_PF_SORT2        IPv4       2            10             2514           2832          2626         26.3k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          7110             2512          64674          2887         20.5m  1.14  
PROF_DETECT_PF_SORT2        IPv4      17           159             2543          16853          3252        517.2k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2542           2808          2744         27.4k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          7110             2533          63221          3002         21.3m  1.19  
PROF_DETECT_NONMPMLIST      IPv4      17           159             2522          15133          3046        484.5k  0.03  
PROF_DETECT_ALERT           IPv4       

This file has been truncated. Go here to download in full.


stats.log - (3003 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 6/19/2019 -- 13:02:13 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 7329
decoder.bytes                              | Total                     | 4526465
decoder.ipv4                               | Total                     | 7220
decoder.ipv6                               | Total                     | 44
decoder.ethernet                           | Total                     | 7329
decoder.tcp                                | Total                     | 7051
decoder.udp                                | Total                     | 193
decoder.icmpv6                             | Total                     | 10
decoder.avg_pkt_size                       | Total                     | 617
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 52
flow.udp                                   | Total                     | 60
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 52
tcp.syn                                    | Total                     | 52
tcp.synack                                 | Total                     | 52
tcp.rst                                    | Total                     | 57
tcp.overlap                                | Total                     | 45
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 7
app_layer.flow.tls                         | Total                     | 44
app_layer.flow.dns_udp                     | Total                     | 29
app_layer.tx.dns_udp                       | Total                     | 29
app_layer.flow.failed_udp                  | Total                     | 31
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077184


unified2.alert.1560949331 - (175 bytes) - download
1
4]Ó)Z+.ß!À¨d/À¨dÆ®5k]Ó]Ó)ZORT6>ÿRTJ¯EA°€ïyÀ¨d/À¨dÆ®5-{ô§ïdelediqvbegettech


eve.json - (51212 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{"timestamp":"2019-06-15T11:14:38.207194+0000","flow_id":466948091423066,"pcap_cnt":28,"event_type":"alert","src_ip":"192.168.100.47","src_port":50862,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2830047,"rev":1,"signature":"ETPRO INFO Observed Free Hosting Domain (*.beget .tech in DNS Lookup)","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2019-06-15T11:14:38.207194+0000","flow_id":466948091423066,"pcap_cnt":28,"event_type":"dns","src_ip":"192.168.100.47","src_port":50862,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42991,"rrname":"delediqv.beget.tech","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:38.263114+0000","flow_id":466948091423066,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"delediqv.beget.tech","rrtype":"A","ttl":599,"rdata":"5.101.152.224"}}
{"timestamp":"2019-06-15T11:14:45.507550+0000","flow_id":82849166137700,"pcap_cnt":2109,"event_type":"http","src_ip":"192.168.100.47","src_port":49244,"dest_ip":"5.101.152.224","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"delediqv.beget.tech","url":"\/api\/gate.get?p1=1&p2=0&p3=0&p4=2&p5=0&p6=0&p7=0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; rv:31.0) Gecko\/20100101 Firefox\/31.0"}}
{"timestamp":"2019-06-15T11:14:45.507550+0000","flow_id":82849166137700,"pcap_cnt":2109,"event_type":"fileinfo","src_ip":"192.168.100.47","src_port":49244,"dest_ip":"5.101.152.224","dest_port":80,"proto":"TCP","http":{"hostname":"delediqv.beget.tech","url":"\/api\/gate.get?p1=1&p2=0&p3=0&p4=2&p5=0&p6=0&p7=0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; rv:31.0) Gecko\/20100101 Firefox\/31.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"2U2T7U6U6V.zip","gaps":false,"state":"CLOSED","stored":false,"size":1167635,"tx_id":0}}
{"timestamp":"2019-06-15T11:14:47.249691+0000","flow_id":1864719428734811,"pcap_cnt":2112,"event_type":"dns","src_ip":"192.168.100.47","src_port":51144,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64832,"rrname":"clientservices.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:47.262469+0000","flow_id":1864719428734811,"pcap_cnt":2113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":51144,"proto":"UDP","dns":{"type":"answer","id":64832,"rcode":"NOERROR","rrname":"clientservices.googleapis.com","rrtype":"A","ttl":95,"rdata":"172.217.18.3"}}
{"timestamp":"2019-06-15T11:14:47.281214+0000","flow_id":767011687189118,"pcap_cnt":2114,"event_type":"dns","src_ip":"192.168.100.47","src_port":62849,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37655,"rrname":"www.google.com.ua","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:47.294919+0000","flow_id":767011687189118,"pcap_cnt":2115,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":62849,"proto":"UDP","dns":{"type":"answer","id":37655,"rcode":"NOERROR","rrname":"www.google.com.ua","rrtype":"A","ttl":299,"rdata":"216.58.205.227"}}
{"timestamp":"2019-06-15T11:14:47.363648+0000","flow_id":820952181476480,"pcap_cnt":2122,"event_type":"dns","src_ip":"192.168.100.47","src_port":50030,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13644,"rrname":"accounts.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:47.377983+0000","flow_id":820952181476480,"pcap_cnt":2125,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":50030,"proto":"UDP","dns":{"type":"answer","id":13644,"rcode":"NOERROR","rrname":"accounts.google.com","rrtype":"A","ttl":299,"rdata":"172.217.23.141"}}
{"timestamp":"2019-06-15T11:14:47.521540+0000","flow_id":1899354045001377,"pcap_cnt":2145,"event_type":"tls","src_ip":"192.168.100.47","src_port":49322,"dest_ip":"216.58.205.227","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:47.522769+0000","flow_id":1978347083512261,"pcap_cnt":2149,"event_type":"tls","src_ip":"192.168.100.47","src_port":49323,"dest_ip":"172.217.18.3","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:47.524404+0000","flow_id":26228612880842,"pcap_cnt":2154,"event_type":"tls","src_ip":"192.168.100.47","src_port":49326,"dest_ip":"172.217.23.141","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:48.360841+0000","flow_id":367953390895497,"pcap_cnt":2503,"event_type":"dns","src_ip":"192.168.100.47","src_port":60288,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11360,"rrname":"clients1.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:48.373537+0000","flow_id":367953390895497,"pcap_cnt":2504,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":60288,"proto":"UDP","dns":{"type":"answer","id":11360,"rcode":"NOERROR","rrname":"clients1.google.com","rrtype":"CNAME","ttl":119,"rdata":"clients.l.google.com"}}
{"timestamp":"2019-06-15T11:14:48.373537+0000","flow_id":367953390895497,"pcap_cnt":2504,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":60288,"proto":"UDP","dns":{"type":"answer","id":11360,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":119,"rdata":"172.217.18.110"}}
{"timestamp":"2019-06-15T11:14:48.443238+0000","flow_id":376487490925923,"pcap_cnt":2516,"event_type":"tls","src_ip":"192.168.100.47","src_port":49341,"dest_ip":"172.217.18.110","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:48.474180+0000","flow_id":213175654431812,"pcap_cnt":2524,"event_type":"dns","src_ip":"192.168.100.47","src_port":58048,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25120,"rrname":"ssl.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:48.487920+0000","flow_id":213175654431812,"pcap_cnt":2537,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":58048,"proto":"UDP","dns":{"type":"answer","id":25120,"rcode":"NOERROR","rrname":"ssl.gstatic.com","rrtype":"A","ttl":299,"rdata":"216.58.205.227"}}
{"timestamp":"2019-06-15T11:14:48.564999+0000","flow_id":2246756769757716,"pcap_cnt":2569,"event_type":"tls","src_ip":"192.168.100.47","src_port":49343,"dest_ip":"216.58.205.227","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:49.015365+0000","flow_id":659972512365573,"pcap_cnt":2795,"event_type":"dns","src_ip":"192.168.100.47","src_port":51116,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7486,"rrname":"www.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:49.030919+0000","flow_id":659972512365573,"pcap_cnt":2796,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":51116,"proto":"UDP","dns":{"type":"answer","id":7486,"rcode":"NOERROR","rrname":"www.gstatic.com","rrtype":"A","ttl":239,"rdata":"172.217.18.3"}}
{"timestamp":"2019-06-15T11:14:49.099736+0000","flow_id":815974314507093,"pcap_cnt":2805,"event_type":"tls","src_ip":"192.168.100.47","src_port":49353,"dest_ip":"172.217.18.3","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:49.189103+0000","flow_id":1724591825871535,"pcap_cnt":2897,"event_type":"dns","src_ip":"192.168.100.47","src_port":59611,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10302,"rrname":"apis.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:49.208877+0000","flow_id":1724591825871535,"pcap_cnt":2898,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":59611,"proto":"UDP","dns":{"type":"answer","id":10302,"rcode":"NOERROR","rrname":"apis.google.com","rrtype":"CNAME","ttl":21464,"rdata":"plus.l.google.com"}}
{"timestamp":"2019-06-15T11:14:49.208877+0000","flow_id":1724591825871535,"pcap_cnt":2898,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":59611,"proto":"UDP","dns":{"type":"answer","id":10302,"rcode":"NOERROR","rrname":"plus.l.google.com","rrtype":"A","ttl":164,"rdata":"172.217.23.174"}}
{"timestamp":"2019-06-15T11:14:49.280505+0000","flow_id":1323201362211562,"pcap_cnt":2909,"event_type":"tls","src_ip":"192.168.100.47","src_port":49356,"dest_ip":"172.217.23.174","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:51.782034+0000","flow_id":1218129282461394,"pcap_cnt":3117,"event_type":"dns","src_ip":"192.168.100.47","src_port":53028,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51669,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:51.796215+0000","flow_id":1218129282461394,"pcap_cnt":3118,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":53028,"proto":"UDP","dns":{"type":"answer","id":51669,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":299,"rdata":"172.217.16.196"}}
{"timestamp":"2019-06-15T11:14:51.865670+0000","flow_id":790067071888287,"pcap_cnt":3127,"event_type":"tls","src_ip":"192.168.100.47","src_port":49395,"dest_ip":"172.217.16.196","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:52.386923+0000","flow_id":759181962176363,"pcap_cnt":3145,"event_type":"dns","src_ip":"192.168.100.47","src_port":63044,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56237,"rrname":"www.google.co.uk","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:52.400945+0000","flow_id":759181962176363,"pcap_cnt":3146,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":63044,"proto":"UDP","dns":{"type":"answer","id":56237,"rcode":"NOERROR","rrname":"www.google.co.uk","rrtype":"A","ttl":299,"rdata":"172.217.21.227"}}
{"timestamp":"2019-06-15T11:14:52.471886+0000","flow_id":230858035044587,"pcap_cnt":3155,"event_type":"tls","src_ip":"192.168.100.47","src_port":49406,"dest_ip":"172.217.21.227","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:52.672433+0000","flow_id":561652121223857,"pcap_cnt":3234,"event_type":"dns","src_ip":"192.168.100.47","src_port":50270,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23437,"rrname":"clients2.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:52.687013+0000","flow_id":561652121223857,"pcap_cnt":3235,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":50270,"proto":"UDP","dns":{"type":"answer","id":23437,"rcode":"NOERROR","rrname":"clients2.google.com","rrtype":"CNAME","ttl":299,"rdata":"clients.l.google.com"}}
{"timestamp":"2019-06-15T11:14:52.687013+0000","flow_id":561652121223857,"pcap_cnt":3235,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":50270,"proto":"UDP","dns":{"type":"answer","id":23437,"rcode":"NOERROR","rrname":"clients.l.google.com","rrtype":"A","ttl":299,"rdata":"172.217.23.174"}}
{"timestamp":"2019-06-15T11:14:52.758859+0000","flow_id":1011846298238777,"pcap_cnt":3244,"event_type":"tls","src_ip":"192.168.100.47","src_port":49411,"dest_ip":"172.217.23.174","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:52.969034+0000","flow_id":528576578111818,"pcap_cnt":3265,"event_type":"dns","src_ip":"192.168.100.47","src_port":55788,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38435,"rrname":"fonts.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:52.981433+0000","flow_id":528576578111818,"pcap_cnt":3266,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":55788,"proto":"UDP","dns":{"type":"answer","id":38435,"rcode":"NOERROR","rrname":"fonts.googleapis.com","rrtype":"CNAME","ttl":3466,"rdata":"googleadapis.l.google.com"}}
{"timestamp":"2019-06-15T11:14:52.981433+0000","flow_id":528576578111818,"pcap_cnt":3266,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":55788,"proto":"UDP","dns":{"type":"answer","id":38435,"rcode":"NOERROR","rrname":"googleadapis.l.google.com","rrtype":"A","ttl":166,"rdata":"172.217.18.170"}}
{"timestamp":"2019-06-15T11:14:53.053806+0000","flow_id":895186396512285,"pcap_cnt":3286,"event_type":"tls","src_ip":"192.168.100.47","src_port":49417,"dest_ip":"172.217.18.170","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:53.195264+0000","flow_id":570693027494592,"pcap_cnt":3370,"event_type":"dns","src_ip":"192.168.100.47","src_port":52245,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39690,"rrname":"fonts.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:53.208152+0000","flow_id":570693027494592,"pcap_cnt":3371,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":52245,"proto":"UDP","dns":{"type":"answer","id":39690,"rcode":"NOERROR","rrname":"fonts.gstatic.com","rrtype":"CNAME","ttl":146,"rdata":"gstaticadssl.l.google.com"}}
{"timestamp":"2019-06-15T11:14:53.208152+0000","flow_id":570693027494592,"pcap_cnt":3371,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":52245,"proto":"UDP","dns":{"type":"answer","id":39690,"rcode":"NOERROR","rrname":"gstaticadssl.l.google.com","rrtype":"A","ttl":146,"rdata":"172.217.22.35"}}
{"timestamp":"2019-06-15T11:14:53.217484+0000","flow_id":722305373000076,"pcap_cnt":3373,"event_type":"dns","src_ip":"192.168.100.47","src_port":53194,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35404,"rrname":"clients2.googleusercontent.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:53.231571+0000","flow_id":722305373000076,"pcap_cnt":3377,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":53194,"proto":"UDP","dns":{"type":"answer","id":35404,"rcode":"NOERROR","rrname":"clients2.googleusercontent.com","rrtype":"CNAME","ttl":21599,"rdata":"googlehosted.l.googleusercontent.com"}}
{"timestamp":"2019-06-15T11:14:53.231571+0000","flow_id":722305373000076,"pcap_cnt":3377,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":53194,"proto":"UDP","dns":{"type":"answer","id":35404,"rcode":"NOERROR","rrname":"googlehosted.l.googleusercontent.com","rrtype":"A","ttl":299,"rdata":"172.217.22.1"}}
{"timestamp":"2019-06-15T11:14:53.282952+0000","flow_id":1024142789652675,"pcap_cnt":3388,"event_type":"tls","src_ip":"192.168.100.47","src_port":49422,"dest_ip":"172.217.22.35","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:53.300431+0000","flow_id":706353864477540,"pcap_cnt":3396,"event_type":"tls","src_ip":"192.168.100.47","src_port":49423,"dest_ip":"172.217.22.1","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2019-06-15T11:14:53.375996+0000","flow_id":1385869230324924,"pcap_cnt":3480,"event_type":"dns","src_ip":"192.168.100.47","src_port":53489,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2623,"rrname":"redirector.gvt1.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-15T11:14:53.390763+0000","flow_id":1385869230324924,"pcap_cnt":3482,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.47","dest_port":53489,"proto":"UDP","dns":{"type":"answer","id":2623,"rcode":"NOERROR","rrname":"redirector.gvt1.com","rrtype":"A","ttl":179,"rdata":"172.217.16.174"}}
{"timestamp":"2019-06-15T11:14:53.460988+0000","flow_id":896023915202748,"pcap_cnt":3489,"event_type":"dns","src_ip":"192.168.100.47","src_port":58751,"dest_ip":"192.168.100

This file has been truncated. Go here to download in full.


suricata-report-2019-06-19-T-13-02-13-06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap.txt - (17819 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/606a035209cb3a579b0a2a75a51cb89e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap -vvv -k none
elapsedtime:23.005609
stderr:
stdout:
19/6/2019 -- 13:01:50 - <Info> - Configuration node 'rule-files' redefined.
19/6/2019 -- 13:01:50 - <Notice> - This is Suricata version 4.0.0 RELEASE
19/6/2019 -- 13:01:50 - <Info> - CPUs/cores online: 1
19/6/2019 -- 13:01:50 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31878 and 'request-body-inspect-window' set to 17049 after randomization.
19/6/2019 -- 13:01:50 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33044 and 'response-body-inspect-window' set to 15653 after randomization.
19/6/2019 -- 13:01:50 - <Config> - DNS request flood protection level: 500
19/6/2019 -- 13:01:50 - <Config> - DNS per flow memcap (state-memcap): 524288
19/6/2019 -- 13:01:50 - <Config> - DNS global memcap: 16777216
19/6/2019 -- 13:01:50 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/6/2019 -- 13:01:50 - <Config> - preallocated 1000 hosts of size 136
19/6/2019 -- 13:01:50 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
19/6/2019 -- 13:01:50 - <Config> - using magic-file /usr/share/file/magic
19/6/2019 -- 13:01:50 - <Config> - Core dump size is unlimited.
19/6/2019 -- 13:01:50 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
19/6/2019 -- 13:01:50 - <Config> - preallocated 1000 defrag trackers of size 168
19/6/2019 -- 13:01:50 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
19/6/2019 -- 13:01:50 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/6/2019 -- 13:01:50 - <Config> - stream "memcap": 33554432
19/6/2019 -- 13:01:50 - <Config> - stream "midstream" session pickups: disabled
19/6/2019 -- 13:01:50 - <Config> - stream "async-oneside": disabled
19/6/2019 -- 13:01:50 - <Config> - stream "checksum-validation": disabled
19/6/2019 -- 13:01:50 - <Config> - stream."inline": disabled
19/6/2019 -- 13:01:50 - <Config> - stream "bypass": disabled
19/6/2019 -- 13:01:50 - <Config> - stream "max-synack-queued": 5
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly "memcap": 134217728
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly "depth": 0
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly "toserver-chunk-size": 2646
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly "toclient-chunk-size": 2449
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly.raw: enabled
19/6/2019 -- 13:01:50 - <Config> - stream.reassembly "segment-prealloc": 2048
19/6/2019 -- 13:01:50 - <Config> - Delayed detect disabled
19/6/2019 -- 13:01:50 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/6/2019 -- 13:01:50 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/6/2019 -- 13:01:50 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/6/2019 -- 13:01:50 - <Config> - prefilter engines: MPM
19/6/2019 -- 13:01:50 - <Config> - IP reputation disabled
19/6/2019 -- 13:01:50 - <Perf> - Registered 148 keyword profiling counters.
19/6/2019 -- 13:01:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
19/6/2019 -- 13:01:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
19/6/2019 -- 13:01:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
19/6/2019 -- 13:01:55 - <Config> - No rules loaded from ET-icmp.rules.
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
19/6/2019 -- 13:01:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
19/6/2019 -- 13:01:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
19/6/2019 -- 13:01:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
19/6/2019 -- 13:01:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
19/6/2019 -- 13:01:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
19/6/2019 -- 13:01:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
19/6/2019 -- 13:01:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
19/6/2019 -- 13:02:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
19/6/2019 -- 13:02:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
19/6/2019 -- 13:02:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
19/6/2019 -- 13:02:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
19/6/2019 -- 13:02:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
19/6/2019 -- 13:02:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
19/6/2019 -- 13:02:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
19/6/2019 -- 13:02:02 - <Config> - No rules loaded from local.rules.
19/6/2019 -- 13:02:02 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
19/6/2019 -- 13:02:02 - <Info> - Threshold config parsed: 0 rule(s) found
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tcp-packet
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tcp-stream
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for udp-packet
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for other-ip
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_uri
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_request_line
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_client_body
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_response_line
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_header
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_header
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_header_names
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_header_names
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_accept
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_accept_enc
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_accept_lang
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_referer
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_connection
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_content_len
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_content_len
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_content_type
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_content_type
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_protocol
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_protocol
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_start
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_start
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_raw_header
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_raw_header
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_method
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_cookie
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_cookie
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_raw_uri
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_user_agent
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_host
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_raw_host
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_stat_msg
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_stat_code
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for dns_query
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tls_sni
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tls_cert_issuer
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tls_cert_subject
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for tls_cert_serial
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for dce_stub_data
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for dce_stub_data
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for ssh_protocol
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for ssh_protocol
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for ssh_software
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for ssh_software
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for file_data
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for file_data
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_request_line
19/6/2019 -- 13:02:03 - <Perf> - using shared mpm ctx' for http_response_line
19/6/2019 -- 13:02:03 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
19/6/2019 -- 13:02:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/6/2019 -- 13:02:03 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
19/6/2019 -- 13:02:03 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
19/6/2019 -- 13:02:03 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
19/6/2019 -- 13:02:03 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/6/2019 -- 13:02:03 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/6/2019 -- 13:02:03 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/6/2019 -- 13:02:09 - <Perf> - Unique rule groups: 104
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toserver TCP packet": 35
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toclient TCP packet": 17
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toserver TCP stream": 33
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toclient TCP stream": 19
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toserver UDP packet": 27
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "toclient UDP packet": 17
19/6/2019 -- 13:02:09 - <Perf> - Builtin MPM "other IP packet": 3
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_uri": 14
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_request_line": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_client_body": 6
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_response_line": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_header": 10
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_header": 6
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_header_names": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_accept": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_referer": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_content_len": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_content_type": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_content_type": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_protocol": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_start": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_method": 5
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_cookie": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_cookie": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver http_host": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver dns_query": 4
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver tls_sni": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toserver file_data": 1
19/6/2019 -- 13:02:09 - <Perf> - AppLayer MPM "toclient file_data": 7
19/6/2019 -- 13:02:11 - <Perf> - Registered 39590 rule profiling counters.
19/6/2019 -- 13:02:11 - <Info> - fast output device (regular) initialized: alert
19/6/2019 -- 13:02:11 - <Info> - eve-log output device (regular) initialized: eve.json
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'alert'
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'http'
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'dns'
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'tls'
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'files'
19/6/2019 -- 13:02:11 - <Config> - enabling 'eve-log' module 'ssh'
19/6/2019 -- 13:02:11 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
19/6/2019 -- 13:02:11 - <Info> - stats output device (regular) initialized: stats.log
19/6/2019 -- 13:02:11 - <Config> - AutoFP mode using "Hash" flow load balancer
19/6/2019 -- 13:02:11 - <Info> - reading pcap file /var/pcap/06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap
19/6/2019 -- 13:02:11 - <Config> - us

This file has been truncated. Go here to download in full.


keyword_perf.log - (14777 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/19/2019 -- 13:02:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            8416            1               1               8416            8416.00         8416.00         0.00           
  flow             19985117        6807            6807            66665           2935.00         2935.00         0.00           
  content          122506038       14613           6578            13217750        8383.00         10146.00        6939.00        
  pcre             2080634         399             10              62687           5214.00         7433.00         5157.00        
  byte_test        1578966         464             248             32036           3402.00         3630.00         3141.00        
  byte_jump        5207878         1717            18              31643           3033.00         4840.00         3013.00        
  isdataat         92157           32              0               3680            2879.00         0.00            2879.00        
  flowbits         69684           14              7               12655           4977.00         7013.00         2941.00        
  urilen           181962          56              25              3983            3249.00         3209.00         3281.00        
  byte_extract     386451          114             114             18247           3389.00         3389.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            8416            1               1               8416            8416.00         8416.00         0.00           
  flow             19985117        6807            6807            66665           2935.00         2935.00         0.00           
  flowbits         26115           8               1               5526            3264.00         5526.00         2941.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25084452        4350            2320            87446           5766.00         7586.00         3687.00        
  pcre             679876          122             9               26125           5572.00         7631.00         5408.00        
  byte_test        1578966         464             248             32036           3402.00         3630.00         3141.00        
  byte_jump        5207878         1717            18              31643           3033.00         4840.00         3013.00        
  isdataat         83417           29              0               3680            2876.00         0.00            2876.00        
  byte_extract     386451          114             114             18247           3389.00         3389.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         43569           6               6               12655           7261.00         7261.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3703386         1281            23              22370           2891.00         3731.00         2875.00        
  pcre             229393          21              0               40127           10923.00        0.00            10923.00       
  urilen           181962          56              25              3983            3249.00         3209.00         3281.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11229622        1454            39              176792          7723.00         55350.00        6410.00        
  pcre             79113           2               0               62687           39556.00        0.00            39556.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15470           5               0               3347            3094.00         0.00            3094.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          50607493        2309            323             265387          21917.00        59080.00        15873.00       
  pcre             775965          216             0               17977           3592.00         0.00            3592.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31528015        5121            3834            13217750        6156.00         7214.00         3004.00        
  pcre             265261          30              1               49643           8842.00         5655.00         8951.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86607           24              5               4485            3608.00         3956.00         3517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21995           6               6               4026            3665.00         3665.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6521            2               2               3463            3260.00         3260.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          152831          40              21              5756            3820.00         4153.00         3452.00        
  pcre             51026           8               0               10763           6378.00         0.00            6378.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11629           3               3               4236            3876.00         3876.00         0.00           
  isdataat         8740            3               0               3354            2913.00         0.00            2913.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23380           7               1               4023            3340.00         3225.00         3359.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4644            1               1               4644            4644.00         4644.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          29993           10              0               3901            2999.00         0.00            2999.00        


suricata-4.0.0-etpro-all-perf.txt-2019-06-19-T-13-02-13-06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap.txt - (72534 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 6/19/2019 -- 13:02:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2016537      1        2        75508468     19.28  1584     0        13267489    47669.49    0.00        47669.49   
  2        2809072      1        2        9696952      2.48   1        0        9696952     9696952.00  0.00        9696952.00 
  3        2020606      1        4        7867980      2.01   78       0        5948684     100871.54   0.00        100871.54  
  4        2806921      1        3        6363701      1.62   36       0        5648179     176769.47   0.00        176769.47  
  5        2812203      1        5        1832353      0.47   7        0        1773599     261764.71   0.00        261764.71  
  6        2815780      1        4        1718655      0.44   2        0        1619428     859327.50   0.00        859327.50  
  7        2828876      1        1        5210868      1.33   1290     0        1456792     4039.43     0.00        4039.43    
  8        2819664      1        2        10815709     2.76   74       0        305081      146158.23   0.00        146158.23  
  9        2820158      1        2        17997383     4.60   119      0        297104      151238.51   0.00        151238.51  
  10       2819930      1        2        10957931     2.80   74       0        296514      148080.15   0.00        148080.15  
  11       2820157      1        2        18151820     4.64   119      0        284802      152536.30   0.00        152536.30  
  12       2018784      1        9        5967003      1.52   28       0        228575      213107.25   0.00        213107.25  
  13       2822213      1        2        2135497      0.55   23       0        224069      92847.70    0.00        92847.70   
  14       2021749      1        6        3062236      0.78   23       0        223259      133140.70   0.00        133140.70  
  15       2814979      1        2        2315826      0.59   23       0        220535      100688.09   0.00        100688.09  
  16       2020865      1        3        8910487      2.28   74       0        212355      120411.99   0.00        120411.99  
  17       2814978      1        2        2444856      0.62   23       0        209651      106298.09   0.00        106298.09  
  18       2024555      1        7        288631       0.07   2        0        189490      144315.50   0.00        144315.50  
  19       2024565      1        3        291735       0.07   2        0        186731      145867.50   0.00        145867.50  
  20       2823263      1        3        274627       0.07   2        0        167400      137313.50   0.00        137313.50  
  21       2024554      1        7        244762       0.06   2        0        161499      122381.00   0.00        122381.00  
  22       2815778      1        6        252256       0.06   2        0        156697      126128.00   0.00        126128.00  
  23       2821909      1        2        132373       0.03   1        0        132373      132373.00   0.00        132373.00  
  24       2018005      1        6        1242334      0.32   23       0        109611      54014.52    0.00        54014.52   
  25       2023611      1        3        164680       0.04   3        0        107730      54893.33    0.00        54893.33   
  26       2816515      1        3        1340308      0.34   33       0        105747      40615.39    0.00        40615.39   
  27       2805348      1        4        636203       0.16   12       0        102356      53016.92    0.00        53016.92   
  28       2815887      1        2        596973       0.15   6        0        101461      99495.50    0.00        99495.50   
  29       2816910      1        2        266925       0.07   4        0        98464       66731.25    0.00        66731.25   
  30       2017876      1        3        467015       0.12   18       0        97281       25945.28    0.00        25945.28   
  31       2024769      1        2        263311       0.07   3        0        95957       87770.33    0.00        87770.33   
  32       2020764      1        2        223938       0.06   6        0        89170       37323.00    0.00        37323.00   
  33       2828823      1        2        281559       0.07   10       0        88415       28155.90    0.00        28155.90   
  34       2017552      1        6        29532602     7.54   1591     0        88066       18562.29    0.00        18562.29   
  35       2809513      1        5        87238        0.02   1        0        87238       87238.00    0.00        87238.00   
  36       2025064      1        5        180193       0.05   4        0        79525       45048.25    0.00        45048.25   
  37       2022480      1        2        921464       0.24   22       0        77271       41884.73    0.00        41884.73   
  38       2816327      1        4        171845       0.04   4        0        75022       42961.25    0.00        42961.25   
  39       2828675      1        2        218606       0.06   8        4        74122       27325.75    51865.50    2786.00    
  40       2020694      1        1        479559       0.12   18       0        71890       26642.17    0.00        26642.17   
  41       2816895      1        2        92493        0.02   2        0        71766       46246.50    0.00        46246.50   
  42       2816924      1        4        155167       0.04   4        0        71735       38791.75    0.00        38791.75   
  43       2020614      1        2        455226       0.12   17       0        71401       26778.00    0.00        26778.00   
  44       2018166      1        3        1344541      0.34   53       0        69756       25368.70    0.00        25368.70   
  45       2811447      1        2        740674       0.19   49       0        67945       15115.80    0.00        15115.80   
  46       2018486      1        5        329114       0.08   29       0        67769       11348.76    0.00        11348.76   
  47       2012707      1        5        158015       0.04   5        0        65776       31603.00    0.00        31603.00   
  48       2024909      1        2        1992848      0.51   97       0        65538       20544.82    0.00        20544.82   
  49       2810481      1        4        3497161      0.89   175      0        65411       19983.78    0.00        19983.78   
  50       2020613      1        3        618201       0.16   22       0        64011       28100.05    0.00        28100.05   
  51       2020772      1        2        435147       0.11   16       0        63964       27196.69    0.00        27196.69   
  52       2809850      1        2        274847       0.07   9        0        63184       30538.56    0.00        30538.56   
  53       2816909      1        2        239461       0.06   4        0        62552       59865.25    0.00        59865.25   
  54       2816940      1        2        153288       0.04   4        0        61731       38322.00    0.00        38322.00   
  55       2022055      1        2        2901309      0.74   140      0        61062       20723.64    0.00        20723.64   
  56       2816492      1        3        992766       0.25   49       0        60014       20260.53    0.00        20260.53   
  57       2828212      1        2        2171052      0.55   103      0        59351       21078.17    0.00        21078.17   
  58       2102190      1        5        3197021      0.82   1150     0        58014       2780.02     0.00        2780.02    
  59       2020784      1        2        698732       0.18   26       0        57931       26874.31    0.00        26874.31   
  60       2801224      1        6        1422507      0.36   66       0        57798       21553.14    0.00        21553.14   
  61       2020692      1        1        586253       0.15   23       0        56745       25489.26    0.00        25489.26   
  62       2825092      1        2        932481       0.24   45       0        56602       20721.80    0.00        20721.80   
  63       2020661      1        3        605537       0.15   118      0        56546       5131.67     0.00        5131.67    
  64       2816927      1        3        161020       0.04   4        0        55777       40255.00    0.00        40255.00   
  65       2021266      1        2        721984       0.18   37       0        54946       19513.08    0.00        19513.08   
  66       2812785      1        3        1094552      0.28   50       0        54935       21891.04    0.00        21891.04   
  67       2816928      1        3        191873       0.05   4        0        54822       47968.25    0.00        47968.25   
  68       2827505      1        2        54761        0.01   1        0        54761       54761.00    0.00        54761.00   
  69       2020782      1        2        604361       0.15   23       0        54673       26276.57    0.00        26276.57   
  70       2815254      1        7        98570        0.03   2        0        54562       49285.00    0.00        49285.00   
  71       2020775      1        2        174800       0.04   6        0        54494       29133.33    0.00        29133.33   
  72       2816921      1        3        90311        0.02   2        0        54157       45155.50    0.00        45155.50   
  73       2815174      1        3        2155984      0.55   106      0        53960       20339.47    0.00        20339.47   
  74       2022080      1        1        53934        0.01   1        1        53934       53934.00    53934.00    0.00       
  75       2024771      1        1        4482728      1.14   732      0        52752       6123.95     0.00        6123.95    
  76       2014519      1        7        1287270      0.33   64       0        52669       20113.59    0.00        20113.59   
  77       2018153      1        4        469947       0.12   18       0        52603       26108.17    0.00        26108.17   
  78       2024455      1        2        52457        0.01   1        0        52457       52457.00    0.00        52457.00   
  79       2813018      1        2        52413        0.01   1        0        52413       52413.00    0.00        52413.00   
  80       2811213      1        2        2714191      0.69   140      0        52194       19387.08    0.00        19387.08   
  81       2815754      1        2        94178        0.02   2        0        51973       47089.00    0.00        47089.00   
  82       2001804      1        5        361215       0.09   88       0        51926       4104.72     0.00        4104.72    
  83       2820367      1        2        1038899      0.27   50       0        51836       20777.98    0.00        20777.98   
  84       2018575      1        3        2832795      0.72   140      0        51755       20234.25    0.00        20234.25   
  85       2816930      1        4        131091       0.03   4        0        51094       32772.75    0.00        32772.75   
  86       2103158      1        6        351680       0.09   95       0        50873       3701.89     0.00        3701.89    
  87       2018057      1        4        487191       0.12   18       0        50806       27066.17    0.00        27066.17   
  88       2819647      1        3        50520        0.01   1        0        50520       50520.00    0.00        50520.00   
  89       2808478      1        3        1148855      0.29   52       0        50505       22093.37    0.00        22093.37   
  90       2017877      1        3        623920       0.16   18       0        49810       34662.22    0.00        34662.22   
  91       2020800      1        2        214598       0.05   8        0        49267       26824.75    0.00        26824.75   
  92       2020787      1        2        466660       0.12   18       0        49170       25925.56    0.00        25925.56   
  93       2018789      1        3        122121       0.03   23       0        48677       5309.61     0.00        5309.61    
  94       2807856      1        2        85220        0.02   4        0        48456       21305.00    0.00        21305.00   
  95       2018054      1        1        527417       0.13   20       0        48231       26370.85    0.00        26370.85   
  96       2810731      1        7        48162        0.01   1        0        48162       48162.00    0.00        48162.00   
  97       2018316      1        4        48014        0.01   1        0        48014       48014.00    0.00        48014.00   
  98       2020786      1        4        1893026      0.48   79       0        47924       23962.35    0.00        23962.35   
  99       2020767      1        2        470268       0.12   18       0        47716       26126.00    0.00        26126.00   
  100      2020777      1        2        601592       0.15   24       0        47589       25066.33    0.00        25066.33   
  101      2816929      1        4        129313       0.03   4        0        47333       32328.25    0.00        32328.25   
  102      2021716      1        1        451264       0.12   18       0        47324       25070.22    0.00        25070.22   
  103      2020695      1        1        498548       0.13   18       0        47131       27697.11    0.00        27697.11   
  104      2019602      1        1        206867       0.05   7        0        47009       29552.43    0.00        29552.43   
  105      2815886      1        2        69142        0.02   2        0        46905       34571.00    0.00        34571.00   
  106      2018386      1        2        5336754      1.36   1189     0        46800       4488.44     0.00        4488.44    
  107      2016922      1        12       487203       0.12   18       0        46370       27066.83    0.00        27066.83   
  108      2021248      1        7        763997       0.20   37       0        46165       20648.57    0.00        20648.57   
  109      2020769      1        2        520696       0.13   20       0        46005       26034.80    0.00        26034.80   
  110      2017934      1        4        397577       0.10   15       0        45822       26505.13    0.00        26505.13   
  111      2019809      1        2        312181       0.08   88       0        45813       3547.51     0.00        3547.51    
  112      2820991      1        3        1220376      0.31   61       0        45268       20006.16    0.00        20006.16   
  113      2018457      1        1        290205       0.07   10       0        45032       29020.50    0.00        29020.50   
  114      2017548      1        6        391166       0.10   28       0        44883       13970.21    0.00        13970.21   
  115      2009702      1        5        753509       0.19   58       0        44774       12991.53    0.00        12991.53   
  116      2023083      1        2        116099       0.03   3        0        44678       38699.67    0.00        38699.67   
  117      2020791      1        3        224749       0.06   9        0        44426       24972.11    0.00        24972.11   
  118      2811544      1        1        459055       0.12   48       0        43854       9563.65     0.00        9563.65    
  119      2020789      1        2        561050       0.14   22       0        43802       25502.27    0.00        25502.27   
  120      2018181      1        3        185669       0.05   15       0        43791       12377.93    0.00        12377.93   
  121      2819673      1        4        140445       0.04   4        0        43666       35111.25    0.00        35111.25   
  122      2024848      1        2        935993       0.24   36       0        43634       25999.81    0.00        25999.81   
  123      2828123      1        2        43426        0.01   1        0        43426       43426.00    0.00        43426.00   
  124      2812976      1        3        43117        0.01   1        0        43117       43117.00    0.00        43117.00   
  125      2020792      1        2        1

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-06-19 13:01:49,544 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-19 13:01:50,283 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-19 13:01:50,283 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-06-19 13:01:50,284 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-19 13:01:50,284 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-19 13:01:50,284 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/606a035209cb3a579b0a2a75a51cb89e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap -vvv -k none
2019-06-19 13:02:13,292 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-19 13:02:13,292 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.7612698078


suricata-4.0.0-etpro-all-alert-2019-06-19-T-13-02-13-06192019.1301-46c2448c-24e5-4da2-83f2-e37295f166f2.pcap.txt - (239 bytes) - download
1
06/15/2019-11:14:38.207194  [**] [1:2830047:1] ETPRO INFO Observed Free Hosting Domain (*.beget .tech in DNS Lookup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.100.47:50862 -> 192.168.100.2:53