Filename: 9d289884-d795-4931-8e98-e0c2b2beff54.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.3215210438 seconds
Hash: 67b7e3bc70046b4114bf11ea1bd4f412
Uploaded: 1570018620

Logfiles


packet_stats.log - (15191 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6         12155          2938976     1683334866    1347516131      16379.1b   99.20
 IPv4      17           217         11771448     1674132454     597893535        129.7b    0.79
 IPv6      17            14         12968638     1590132900     142874745          2.0b    0.01
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6         12155           115656       36293262        200528          2.4b   82.89
TMM_FLOWWORKER              IPv4      17           217           207992       22312904        965121        209.4m    7.12
TMM_RECEIVEPCAPFILE         IPv4       6         12141             4442        5135728          5594         67.9m    2.31
TMM_RECEIVEPCAPFILE         IPv4      17           217             4442          19762          5012          1.1m    0.04
TMM_DECODEPCAPFILE          IPv4       6         12141             4560       22019338         18042        219.1m    7.45
TMM_DECODEPCAPFILE          IPv4      17           217             4580          39110          5393          1.2m    0.04
TMM_FLOWWORKER              IPv6      17            14           191840         576436        310512          4.3m    0.15
TMM_RECEIVEPCAPFILE         IPv6      17            14             4452           5926          4718         66.1k    0.00
TMM_DECODEPCAPFILE          IPv6      17            14             4658          20274          6149         86.1k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6         12141             4564         267354          5897         71.6m  3.25  
flow                    IPv4      17           217             4750          45874          7290          1.6m  0.07  
stream                  IPv4       6         12155             4516        1401348         11500        139.8m  6.34  
app-layer               IPv4      17           217             4430         176894         22035          4.8m  0.22  
detect                  IPv4       6         12155            77334       36076070        143907          1.7b  79.32 
detect                  IPv4      17           217           179168       20458376        731996        158.8m  7.20  
tcp-prune               IPv4       6         12155             4442        8782076          6199         75.4m  3.42  
flow                    IPv6      17            14             4796          30728         10081        141.1k  0.01  
app-layer               IPv6      17            14             4444          19498          9659        135.2k  0.01  
detect                  IPv6      17            14           162578         544746        264934          3.7m  0.17  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6            23430         154384         57763        346.6k  17.52 
tls                     IPv4       6            24             4514           7352          5014        120.3k  6.08  
dns                     IPv4      17           156             5470          92142          9689          1.5m  76.40 
Proto detect            IPv4       6             1            19446          19446         19446         19.4k
Proto detect            IPv4      17           139             4672          59100         11455          1.6m
Proto detect            IPv6      17             6             5060           8174          6104         36.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17           148            29050       21321240        259819         38.5m  89.80 
LOGGER_JSON_HTTP            IPv4       6             8           101744         239380        147930          1.2m  2.76  
LOGGER_JSON_TLS             IPv4       6            14            58272         149046        101127          1.4m  3.31  
LOGGER_JSON_FILE            IPv4       6            14            63386         218388        126156          1.8m  4.12  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           218             4510        2264970         89056        19.4m  35.36 
payload                           IPv4      17           217             5424         511516         44253         9.6m  17.49 
stream                            IPv4       6           218             4446        1673514         76859        16.8m  30.51 
http_uri                          IPv4       6             8             6470          65182         33807       270.5k  0.49  
http_request_line                 IPv4       6             8            10136          27240         15261       122.1k  0.22  
http_client_body                  IPv4       6             8             5312          81344         31826       254.6k  0.46  
http_header (request)             IPv4       6             8           106144         654622        251033         2.0m  3.66  
http_header (request trailer)     IPv4       6             8             4498           6154          4919        39.4k  0.07  
http_header_names (request)       IPv4       6             8            29530         144246         50555       404.4k  0.74  
http_accept (request)             IPv4       6             8             5698          14884          7713        61.7k  0.11  
http_referer (request)            IPv4       6             8             5286           8026          6022        48.2k  0.09  
http_content_len (request)        IPv4       6             8             5530          17410          8920        71.4k  0.13  
http_content_type (request)       IPv4       6             8             5610          20554          9829        78.6k  0.14  
http_protocol (request)           IPv4       6             8             7458          19144          9855        78.8k  0.14  
http_start (request)              IPv4       6             8            18382          67248         28973       231.8k  0.42  
http_raw_header (request)         IPv4       6             8            21952          51310         29860       238.9k  0.44  
http_method                       IPv4       6             8             8564          26684         14811       118.5k  0.22  
http_cookie (request)             IPv4       6             8             5734          12452          6982        55.9k  0.10  
http_raw_uri                      IPv4       6             8             4906          15782          8053        64.4k  0.12  
http_user_agent                   IPv4       6             8            35584         286480         79940       639.5k  1.16  
http_host                         IPv4       6             8            10218          51212         19768       158.1k  0.29  
dns_query                         IPv4      17            74             5206          89484         19775         1.5m  2.66  
tls_sni                           IPv4       6            14             9344          35292         17056       238.8k  0.43  
http_response_line                IPv4       6             8            11104          50350         22836       182.7k  0.33  
http_header (response)            IPv4       6             8            49154         316650         96587       772.7k  1.41  
http_header (response trailer)    IPv4       6             8             4510           4642          4552        36.4k  0.07  
http_content_type (response)      IPv4       6             8             9430          29524         15380       123.0k  0.22  
http_raw_header (response)        IPv4       6             8            14446          18098         15900       127.2k  0.23  
http_cookie (response)            IPv4       6             8             5070           6614          5729        45.8k  0.08  
http_stat_code                    IPv4       6             8             5592          13864          7054        56.4k  0.10  
tls_cert_issuer                   IPv4       6            14             4760          28184         10918       152.9k  0.28  
tls_cert_subject                  IPv4       6            14             4492          79126         25488       356.8k  0.65  
tls_cert_serial                   IPv4       6            14             4704          45112         10313       144.4k  0.26  
Total                             IPv4                   983                                         55359        54.4m
payload                           IPv6      17            14             5278         223192         35214       493.0k  0.90  
Total                             IPv6                    14                                         35214       493.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            42            11146         171274         76176          3.2m  0.22  
PROF_DETECT_IPONLY          IPv4      17           156            41862         349064         61840          9.6m  0.67  
PROF_DETECT_RULES           IPv4       6         12155             4418        3249632         10413        126.6m  8.85  
PROF_DETECT_RULES           IPv4      17           217            77268        3356032        367721         79.8m  5.58  
PROF_DETECT_STATEFUL_START    IPv4       6            69             8910        1750304        197903         13.7m  0.96  
PROF_DETECT_STATEFUL_START    IPv4      17             2            14206          26214         20210         40.4k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         12155             4410       25269512         13172        160.1m  11.20 
PROF_DETECT_STATEFUL_CONT    IPv4      17           217             4412          55838          8888          1.9m  0.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6         12071             4456        1559256          5441         65.7m  4.59  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           156             4518          26372          5694        888.3k  0.06  
PROF_DETECT_PREFILTER       IPv4       6         12155            13590        9564560         33329        405.1m  28.34 
PROF_DETECT_PREFILTER       IPv4      17           217            41614       20269116        193120         41.9m  2.93  
PROF_DETECT_PF_PAYLOAD      IPv4       6           218            22608        2283292        181343         39.5m  2.77  
PROF_DETECT_PF_PAYLOAD      IPv4      17           217            14522         520612         54387         11.8m  0.83  
PROF_DETECT_PF_TX           IPv4       6         12071             4444        1350044          6374         76.9m  5.38  
PROF_DETECT_PF_TX           IPv4      17            82             5428          99234         28358          2.3m  0.16  
PROF_DETECT_PF_SORT1        IPv4       6           172             4430          12790          5702        980.9k  0.07  
PROF_DETECT_PF_SORT1        IPv4      17           217             4488          41126          6382          1.4m  0.10  
PROF_DETECT_PF_SORT2        IPv4       6         12155             4408        9538946          5987         72.8m  5.09  
PROF_DETECT_PF_SORT2        IPv4      17           217             4454          28084          5862          1.3m  0.09  
PROF_DETECT_NONMPMLIST      IPv4       6         12155             4446         436682          5571         67.7m  4.74  
PROF_DETECT_NONMPMLIST      IPv4      17           217             4432          22610          5440          1.2m  0.08  
PROF_DETECT_ALERT           IPv4       6         12155             4414        7679916          6472         78.7m  5.50  
PROF_DETECT_ALERT           IPv4      17           217             4434          36438          5266          1.1m  0.08  
PROF_DETECT_CLEANUP         IPv4       6         12155             4466        9372786          6886         83.7m  5.85  
PROF_DETECT_CLEANUP         IPv4      17           217             4430          31338          5984          1.3m  0.09  
PROF_DETECT_GETSGH          IPv4       6         12155             4420        7628054          6121         74.4m  5.20  
PROF_DETECT_GETSGH          IPv4      17           217             4430          67558          9462          2.1m  0.14  
PROF_DETECT_IPONLY          IPv6      17             6             5724          39320         13937         83.6k  0.01  
PROF_DETECT_RULES           IPv6      17            14            59020         211850        111204          1.6m  0.11  
PROF_DETECT_STATEFUL_CONT    IPv6      17            14             4414          10640          5282         74.0k  0.01  
PROF_DETECT_PREFILTER       IPv6      17            14            41600         271346         75595          1.1m  0.07  
PROF_DETECT_PF_PAYLOAD      IPv6      17            14            14380         233080         44943        629.2k  0.04  
PROF_DETECT_PF_SORT1        IPv6      17            14             4490           6642          5402         75.6k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17            14             4462          13844          5743         80.4k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            14             4430           7078          5084         71.2k  0.00  
PROF_DETECT_ALERT           IPv6      17            14             4422           5856          4859         68.0k  0.00  
PROF_DETECT_CLEANUP         IPv6      17            14             4430           7858          5376         75.3k  0.01  
PROF_DETECT_GETSGH          IPv6      17            14             4420          20898          8578        120.1k  0.01  


stats.log - (3083 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 10/2/2019 -- 12:17:27 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 12487
decoder.bytes                              | Total                     | 9991500
decoder.ipv4                               | Total                     | 12358
decoder.ipv6                               | Total                     | 14
decoder.ethernet                           | Total                     | 12487
decoder.tcp                                | Total                     | 12141
decoder.udp                                | Total                     | 231
decoder.avg_pkt_size                       | Total                     | 800
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 21
flow.udp                                   | Total                     | 88
tcp.sessions                               | Total                     | 21
tcp.syn                                    | Total                     | 21
tcp.synack                                 | Total                     | 21
tcp.rst                                    | Total                     | 9
tcp.overlap                                | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 8
app_layer.flow.tls                         | Total                     | 14
app_layer.flow.dns_udp                     | Total                     | 74
app_layer.tx.dns_udp                       | Total                     | 74
app_layer.flow.failed_udp                  | Total                     | 14
flow_mgr.new_pruned                        | Total                     | 12
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 12
flow_mgr.flows_notimeout                   | Total                     | 11
flow_mgr.flows_timeout                     | Total                     | 1
flow_mgr.flows_removed                     | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65524
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7095616


eve.json - (117450 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{"timestamp":"2019-08-13T07:34:59.536368+0000","flow_id":126501418905392,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.100.28","src_port":56000,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48250,"rrname":"detectportal.firefox.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.560551+0000","flow_id":126501418905392,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NOERROR","rrname":"detectportal.firefox.com","rrtype":"CNAME","ttl":38,"rdata":"detectportal.prod.mozaws.net"}}
{"timestamp":"2019-08-13T07:34:59.560551+0000","flow_id":126501418905392,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NOERROR","rrname":"detectportal.prod.mozaws.net","rrtype":"CNAME","ttl":46,"rdata":"detectportal.firefox.com-v2.edgesuite.net"}}
{"timestamp":"2019-08-13T07:34:59.560551+0000","flow_id":126501418905392,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NOERROR","rrname":"detectportal.firefox.com-v2.edgesuite.net","rrtype":"CNAME","ttl":16793,"rdata":"a1089.dscd.akamai.net"}}
{"timestamp":"2019-08-13T07:34:59.560551+0000","flow_id":126501418905392,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.112"}}
{"timestamp":"2019-08-13T07:34:59.560551+0000","flow_id":126501418905392,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.50"}}
{"timestamp":"2019-08-13T07:34:59.580659+0000","flow_id":217462383828019,"pcap_cnt":115,"event_type":"dns","src_ip":"192.168.100.28","src_port":58001,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45779,"rrname":"a1089.dscd.akamai.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.580831+0000","flow_id":217462383828019,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.50"}}
{"timestamp":"2019-08-13T07:34:59.580831+0000","flow_id":217462383828019,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.112"}}
{"timestamp":"2019-08-13T07:34:59.581111+0000","flow_id":786672252083703,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.100.28","src_port":49917,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16111,"rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.603817+0000","flow_id":786672252083703,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":49917,"proto":"UDP","dns":{"type":"answer","id":16111,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","ttl":19,"rdata":"2a02:26f0:6c00:0000:0000:0000:0210:ba22"}}
{"timestamp":"2019-08-13T07:34:59.603817+0000","flow_id":786672252083703,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":49917,"proto":"UDP","dns":{"type":"answer","id":16111,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","ttl":19,"rdata":"2a02:26f0:6c00:0000:0000:0000:0210:ba1b"}}
{"timestamp":"2019-08-13T07:34:59.791519+0000","flow_id":1213192569295839,"pcap_cnt":124,"event_type":"dns","src_ip":"192.168.100.28","src_port":58850,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41660,"rrname":"search.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.804180+0000","flow_id":1213192569295839,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NOERROR","rrname":"search.services.mozilla.com","rrtype":"CNAME","ttl":35,"rdata":"search.r53-2.services.mozilla.com"}}
{"timestamp":"2019-08-13T07:34:59.804180+0000","flow_id":1213192569295839,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"52.88.112.58"}}
{"timestamp":"2019-08-13T07:34:59.804180+0000","flow_id":1213192569295839,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"52.43.169.220"}}
{"timestamp":"2019-08-13T07:34:59.804180+0000","flow_id":1213192569295839,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"34.211.94.5"}}
{"timestamp":"2019-08-13T07:34:59.805881+0000","flow_id":1638211795504121,"pcap_cnt":127,"event_type":"dns","src_ip":"192.168.100.28","src_port":65121,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50267,"rrname":"search.r53-2.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.806003+0000","flow_id":1638211795504121,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"34.211.94.5"}}
{"timestamp":"2019-08-13T07:34:59.806003+0000","flow_id":1638211795504121,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"52.43.169.220"}}
{"timestamp":"2019-08-13T07:34:59.806003+0000","flow_id":1638211795504121,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":25,"rdata":"52.88.112.58"}}
{"timestamp":"2019-08-13T07:34:59.806260+0000","flow_id":518859566304628,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.100.28","src_port":60553,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12208,"rrname":"search.r53-2.services.mozilla.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.811482+0000","flow_id":518859566304628,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":60553,"proto":"UDP","dns":{"type":"answer","id":12208,"rcode":"NOERROR","rrname":"r53-2.services.mozilla.com","rrtype":"SOA","ttl":161}}
{"timestamp":"2019-08-13T07:34:59.854037+0000","flow_id":177461205913512,"pcap_cnt":136,"event_type":"http","src_ip":"192.168.100.28","src_port":49767,"dest_ip":"2.16.186.112","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"detectportal.firefox.com","url":"\/success.txt","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; rv:68.0) Gecko\/20100101 Firefox\/68.0","http_content_type":"text\/plain"}}
{"timestamp":"2019-08-13T07:34:59.875132+0000","flow_id":926325261163132,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.100.28","src_port":59396,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42807,"rrname":"push.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.880470+0000","flow_id":926325261163132,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":59396,"proto":"UDP","dns":{"type":"answer","id":42807,"rcode":"NOERROR","rrname":"push.services.mozilla.com","rrtype":"CNAME","ttl":8,"rdata":"autopush.prod.mozaws.net"}}
{"timestamp":"2019-08-13T07:34:59.880470+0000","flow_id":926325261163132,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":59396,"proto":"UDP","dns":{"type":"answer","id":42807,"rcode":"NOERROR","rrname":"autopush.prod.mozaws.net","rrtype":"A","ttl":57,"rdata":"52.10.70.103"}}
{"timestamp":"2019-08-13T07:34:59.884194+0000","flow_id":2038610121686498,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.100.28","src_port":61705,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8013,"rrname":"autopush.prod.mozaws.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.884333+0000","flow_id":2038610121686498,"pcap_cnt":140,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":61705,"proto":"UDP","dns":{"type":"answer","id":8013,"rcode":"NOERROR","rrname":"autopush.prod.mozaws.net","rrtype":"A","ttl":57,"rdata":"52.10.70.103"}}
{"timestamp":"2019-08-13T07:34:59.884745+0000","flow_id":2170171412414473,"pcap_cnt":141,"event_type":"dns","src_ip":"192.168.100.28","src_port":63882,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10959,"rrname":"autopush.prod.mozaws.net","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-08-13T07:34:59.890218+0000","flow_id":2170171412414473,"pcap_cnt":142,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":63882,"proto":"UDP","dns":{"type":"answer","id":10959,"rcode":"NOERROR","rrname":"prod.mozaws.net","rrtype":"SOA","ttl":51}}
{"timestamp":"2019-08-13T07:35:00.016660+0000","flow_id":26218227581204,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.100.28","src_port":55729,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47105,"rrname":"snippets.cdn.mozilla.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:35:00.042147+0000","flow_id":26218227581204,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":55729,"proto":"UDP","dns":{"type":"answer","id":47105,"rcode":"NOERROR","rrname":"snippets.cdn.mozilla.net","rrtype":"CNAME","ttl":17,"rdata":"drcwo519tnci7.cloudfront.net"}}
{"timestamp":"2019-08-13T07:35:00.042147+0000","flow_id":26218227581204,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":55729,"proto":"UDP","dns":{"type":"answer","id":47105,"rcode":"NOERROR","rrname":"drcwo519tnci7.cloudfront.net","rrtype":"A","ttl":59,"rdata":"13.224.192.58"}}
{"timestamp":"2019-08-13T07:35:00.044096+0000","flow_id":753785687551040,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.100.28","src_port":59956,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17366,"rrname":"drcwo519tnci7.cloudfront.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:35:00.044221+0000","flow_id":753785687551040,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":59956,"proto":"UDP","dns":{"type":"answer","id":17366,"rcode":"NOERROR","rrname":"drcwo519tnci7.cloudfront.net","rrtype":"A","ttl":59,"rdata":"13.224.192.58"}}
{"timestamp":"2019-08-13T07:35:00.045541+0000","flow_id":1097273549566437,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.100.28","src_port":50157,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4057,"rrname":"drcwo519tnci7.cloudfront.net","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-08-13T07:35:00.051029+0000","flow_id":1097273549566437,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":50157,"proto":"UDP","dns":{"type":"answer","id":4057,"rcode":"NOERROR","rrname":"drcwo519tnci7.cloudfront.net","rrtype":"SOA","ttl":42}}
{"timestamp":"2019-08-13T07:35:00.105346+0000","flow_id":33515377044162,"pcap_cnt":162,"event_type":"tls","src_ip":"192.168.100.28","src_port":49778,"dest_ip":"13.224.192.58","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Mozilla Corporation, CN=*.cdn.mozilla.net","issuerdn":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"}}
{"timestamp":"2019-08-13T07:35:00.183382+0000","flow_id":545851288374358,"pcap_cnt":171,"event_type":"dns","src_ip":"192.168.100.28","src_port":56314,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27626,"rrname":"tiles.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.services.mozilla.com","rrtype":"CNAME","ttl":57,"rdata":"tiles.r53-2.services.mozilla.com"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"50.112.158.49"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"54.244.7.18"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"34.212.248.156"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"34.217.222.115"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"35.160.36.173"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"35.167.240.192"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.28","dest_port":56314,"proto":"UDP","dns":{"type":"answer","id":27626,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"34.208.112.219"}}
{"timestamp":"2019-08-13T07:35:00.188970+0000","flow_id":545851288374358,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.1

This file has been truncated. Go here to download in full.


suricata-report-2019-10-02-T-12-17-27-10022019.1217-9d289884-d795-4931-8e98-e0c2b2beff54.pcap.txt - (17820 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/67b7e3bc70046b4114bf11ea1bd4f41256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10022019.1217-9d289884-d795-4931-8e98-e0c2b2beff54.pcap -vvv -k none
elapsedtime:26.361165
stderr:
stdout:
2/10/2019 -- 12:17:01 - <Info> - Configuration node 'rule-files' redefined.
2/10/2019 -- 12:17:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/10/2019 -- 12:17:01 - <Info> - CPUs/cores online: 1
2/10/2019 -- 12:17:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34234 and 'request-body-inspect-window' set to 16185 after randomization.
2/10/2019 -- 12:17:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31372 and 'response-body-inspect-window' set to 16787 after randomization.
2/10/2019 -- 12:17:01 - <Config> - DNS request flood protection level: 500
2/10/2019 -- 12:17:01 - <Config> - DNS per flow memcap (state-memcap): 524288
2/10/2019 -- 12:17:01 - <Config> - DNS global memcap: 16777216
2/10/2019 -- 12:17:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/10/2019 -- 12:17:01 - <Config> - preallocated 1000 hosts of size 136
2/10/2019 -- 12:17:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/10/2019 -- 12:17:01 - <Config> - using magic-file /usr/share/file/magic
2/10/2019 -- 12:17:01 - <Config> - Core dump size is unlimited.
2/10/2019 -- 12:17:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/10/2019 -- 12:17:01 - <Config> - preallocated 1000 defrag trackers of size 168
2/10/2019 -- 12:17:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/10/2019 -- 12:17:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/10/2019 -- 12:17:01 - <Config> - stream "memcap": 33554432
2/10/2019 -- 12:17:01 - <Config> - stream "midstream" session pickups: disabled
2/10/2019 -- 12:17:01 - <Config> - stream "async-oneside": disabled
2/10/2019 -- 12:17:01 - <Config> - stream "checksum-validation": disabled
2/10/2019 -- 12:17:01 - <Config> - stream."inline": disabled
2/10/2019 -- 12:17:01 - <Config> - stream "bypass": disabled
2/10/2019 -- 12:17:01 - <Config> - stream "max-synack-queued": 5
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly "memcap": 134217728
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly "depth": 0
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly "toserver-chunk-size": 2665
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly "toclient-chunk-size": 2526
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly.raw: enabled
2/10/2019 -- 12:17:01 - <Config> - stream.reassembly "segment-prealloc": 2048
2/10/2019 -- 12:17:01 - <Config> - Delayed detect disabled
2/10/2019 -- 12:17:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/10/2019 -- 12:17:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/10/2019 -- 12:17:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/10/2019 -- 12:17:01 - <Config> - prefilter engines: MPM
2/10/2019 -- 12:17:01 - <Config> - IP reputation disabled
2/10/2019 -- 12:17:01 - <Perf> - Registered 148 keyword profiling counters.
2/10/2019 -- 12:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/10/2019 -- 12:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/10/2019 -- 12:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/10/2019 -- 12:17:06 - <Config> - No rules loaded from ET-icmp.rules.
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/10/2019 -- 12:17:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/10/2019 -- 12:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/10/2019 -- 12:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/10/2019 -- 12:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/10/2019 -- 12:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/10/2019 -- 12:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/10/2019 -- 12:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/10/2019 -- 12:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/10/2019 -- 12:17:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/10/2019 -- 12:17:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/10/2019 -- 12:17:14 - <Config> - No rules loaded from local.rules.
2/10/2019 -- 12:17:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/10/2019 -- 12:17:14 - <Info> - Threshold config parsed: 0 rule(s) found
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tcp-packet
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tcp-stream
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for udp-packet
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for other-ip
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_uri
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_request_line
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_client_body
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_response_line
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_header
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_header
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_header_names
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_header_names
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_accept
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_accept_enc
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_accept_lang
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_referer
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_connection
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_content_len
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_content_len
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_content_type
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_content_type
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_protocol
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_protocol
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_start
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_start
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_raw_header
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_raw_header
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_method
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_cookie
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_cookie
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_raw_uri
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_user_agent
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_host
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_raw_host
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_stat_msg
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_stat_code
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for dns_query
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tls_sni
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for dce_stub_data
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for dce_stub_data
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for ssh_protocol
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for ssh_protocol
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for ssh_software
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for ssh_software
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for file_data
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for file_data
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_request_line
2/10/2019 -- 12:17:15 - <Perf> - using shared mpm ctx' for http_response_line
2/10/2019 -- 12:17:15 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/10/2019 -- 12:17:15 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/10/2019 -- 12:17:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/10/2019 -- 12:17:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/10/2019 -- 12:17:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/10/2019 -- 12:17:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/10/2019 -- 12:17:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/10/2019 -- 12:17:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/10/2019 -- 12:17:22 - <Perf> - Unique rule groups: 104
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/10/2019 -- 12:17:22 - <Perf> - Builtin MPM "other IP packet": 3
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_header": 10
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_header": 6
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_start": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_method": 5
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver http_host": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toserver file_data": 1
2/10/2019 -- 12:17:22 - <Perf> - AppLayer MPM "toclient file_data": 7
2/10/2019 -- 12:17:24 - <Perf> - Registered 39590 rule profiling counters.
2/10/2019 -- 12:17:24 - <Info> - fast output device (regular) initialized: alert
2/10/2019 -- 12:17:24 - <Info> - eve-log output device (regular) initialized: eve.json
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'alert'
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'http'
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'dns'
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'tls'
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'files'
2/10/2019 -- 12:17:24 - <Config> - enabling 'eve-log' module 'ssh'
2/10/2019 -- 12:17:24 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/10/2019 -- 12:17:24 - <Info> - stats output device (regular) initialized: stats.log
2/10/2019 -- 12:17:24 - <Config> - AutoFP mode using "Hash" flow load balancer
2/10/2019 -- 12:17:24 - <Info> - reading pcap file /var/pcap/10022019.1217-9d289884-d795-4931-8e98-e0c2b2beff54.pcap
2/10/2019 -- 12:17:24 - <Config> - us

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-10-02-T-12-17-27-10022019.1217-9d289884-d795-4931-8e98-e0c2b2beff54.pcap.txt - (30678 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 10/2/2019 -- 12:17:27. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2803760      1        3        5323310      5.40   82       0        2923430     64918.41    0.00        64918.41   
  2        2020742      1        1        2911918      2.95   10       0        2678214     291191.80   0.00        291191.80  
  3        2020741      1        1        1686500      1.71   10       0        1454320     168650.00   0.00        168650.00  
  4        2021749      1        6        3313440      3.36   11       0        530118      301221.82   0.00        301221.82  
  5        2025064      1        5        821688       0.83   8        0        309846      102711.00   0.00        102711.00  
  6        2814978      1        2        2032708      2.06   11       0        308946      184791.64   0.00        184791.64  
  7        2816925      1        3        632084       0.64   8        0        307340      79010.50    0.00        79010.50   
  8        2828675      1        2        285432       0.29   4        2        211252      71358.00    137821.00   4895.00    
  9        2016537      1        2        1325180      1.34   42       0        195946      31551.90    0.00        31551.90   
  10       2814979      1        2        1795282      1.82   11       0        192938      163207.45   0.00        163207.45  
  11       2018005      1        6        1523772      1.54   11       0        166806      138524.73   0.00        138524.73  
  12       2805348      1        4        1273632      1.29   14       0        165564      90973.71    0.00        90973.71   
  13       2828123      1        2        656800       0.67   8        0        147536      82100.00    0.00        82100.00   
  14       2822181      1        4        353318       0.36   5        0        145422      70663.60    0.00        70663.60   
  15       2822213      1        2        1342686      1.36   11       0        143476      122062.36   0.00        122062.36  
  16       2816940      1        2        782614       0.79   8        0        137898      97826.75    0.00        97826.75   
  17       2816910      1        2        830260       0.84   8        0        129592      103782.50   0.00        103782.50  
  18       2816619      1        2        207956       0.21   2        0        127470      103978.00   0.00        103978.00  
  19       2811429      1        3        293302       0.30   3        0        125844      97767.33    0.00        97767.33   
  20       2020825      1        6        305498       0.31   5        0        123618      61099.60    0.00        61099.60   
  21       2816669      1        4        181668       0.18   2        0        121750      90834.00    0.00        90834.00   
  22       2019230      1        2        1502518      1.52   77       0        121320      19513.22    0.00        19513.22   
  23       2816909      1        2        833146       0.84   8        0        119308      104143.25   0.00        104143.25  
  24       2018457      1        1        637084       0.65   11       0        119058      57916.73    0.00        57916.73   
  25       2024414      1        2        160520       0.16   2        0        114906      80260.00    0.00        80260.00   
  26       2827505      1        2        640344       0.65   8        0        110196      80043.00    0.00        80043.00   
  27       2816327      1        4        486598       0.49   8        0        106840      60824.75    0.00        60824.75   
  28       2816929      1        4        485570       0.49   8        0        105142      60696.25    0.00        60696.25   
  29       2014702      1        9        2612018      2.65   156      0        104872      16743.71    0.00        16743.71   
  30       2001330      1        8        656912       0.67   98       0        104482      6703.18     0.00        6703.18    
  31       2022480      1        2        979080       0.99   11       0        101954      89007.27    0.00        89007.27   
  32       2020470      1        6        299054       0.30   5        0        101528      59810.80    0.00        59810.80   
  33       2808793      1        3        177348       0.18   2        0        94724       88674.00    0.00        88674.00   
  34       2804589      1        3        128814       0.13   6        0        93026       21469.00    0.00        21469.00   
  35       2823423      1        3        246806       0.25   3        0        92004       82268.67    0.00        82268.67   
  36       2827279      1        5        395160       0.40   8        0        89528       49395.00    0.00        49395.00   
  37       2828955      1        2        243250       0.25   3        0        88066       81083.33    0.00        81083.33   
  38       2808577      1        5        588260       0.60   93       0        87488       6325.38     0.00        6325.38    
  39       2018359      1        3        553724       0.56   8        0        87032       69215.50    0.00        69215.50   
  40       2024771      1        1        482964       0.49   8        0        86078       60370.50    0.00        60370.50   
  41       2010140      1        7        1166178      1.18   162      0        82980       7198.63     0.00        7198.63    
  42       2014701      1        12       3492496      3.54   156      0        81950       22387.79    0.00        22387.79   
  43       2816924      1        4        433626       0.44   8        0        81262       54203.25    0.00        54203.25   
  44       2023766      1        2        231614       0.23   3        0        80844       77204.67    0.00        77204.67   
  45       2816356      1        2        459832       0.47   8        0        78910       57479.00    0.00        57479.00   
  46       2009702      1        5        3605010      3.65   156      0        76484       23109.04    0.00        23109.04   
  47       2023083      1        2        447464       0.45   8        0        76266       55933.00    0.00        55933.00   
  48       2023583      1        4        496632       0.50   8        0        75880       62079.00    0.00        62079.00   
  49       2805089      1        6        140038       0.14   2        0        74472       70019.00    0.00        70019.00   
  50       2017552      1        6        1510296      1.53   50       0        73160       30205.92    0.00        30205.92   
  51       2012707      1        5        391632       0.40   8        0        72150       48954.00    0.00        48954.00   
  52       2819673      1        4        429838       0.44   8        0        70262       53729.75    0.00        53729.75   
  53       2816922      1        5        457408       0.46   8        0        70106       57176.00    0.00        57176.00   
  54       2809850      1        2        925292       0.94   21       0        70064       44061.52    0.00        44061.52   
  55       2018055      1        3        118192       0.12   2        0        69494       59096.00    0.00        59096.00   
  56       2820851      1        5        479112       0.49   8        0        69432       59889.00    0.00        59889.00   
  57       2828823      1        2        504124       0.51   11       0        69240       45829.45    0.00        45829.45   
  58       2816328      1        5        424828       0.43   8        0        67544       53103.50    0.00        53103.50   
  59       2823788      1        4        569548       0.58   82       0        67174       6945.71     0.00        6945.71    
  60       2816931      1        3        395204       0.40   8        0        66692       49400.50    0.00        49400.50   
  61       2815817      1        5        453140       0.46   8        0        66368       56642.50    0.00        56642.50   
  62       2812616      1        2        112236       0.11   2        0        64606       56118.00    0.00        56118.00   
  63       2816928      1        3        386140       0.39   8        0        64594       48267.50    0.00        48267.50   
  64       2816927      1        3        417158       0.42   8        0        64394       52144.75    0.00        52144.75   
  65       2805155      1        3        110142       0.11   2        0        63578       55071.00    0.00        55071.00   
  66       2816930      1        4        391606       0.40   8        0        63478       48950.75    0.00        48950.75   
  67       2821561      1        2        111492       0.11   2        0        63148       55746.00    0.00        55746.00   
  68       2804626      1        9        357786       0.36   8        0        62700       44723.25    0.00        44723.25   
  69       2816394      1        2        100588       0.10   2        0        62226       50294.00    0.00        50294.00   
  70       2826281      1        2        2448426      2.48   82       0        61624       29858.85    0.00        29858.85   
  71       2828008      1        2        327854       0.33   8        0        60978       40981.75    0.00        40981.75   
  72       2816526      1        13       392284       0.40   8        0        60480       49035.50    0.00        49035.50   
  73       2022502      1        4        360228       0.37   8        0        60466       45028.50    0.00        45028.50   
  74       2816525      1        10       413494       0.42   8        0        59780       51686.75    0.00        51686.75   
  75       2014380      1        4        389566       0.39   11       0        57202       35415.09    0.00        35415.09   
  76       2018666      1        4        310268       0.31   10       0        56148       31026.80    0.00        31026.80   
  77       2826256      1        2        343444       0.35   8        0        55946       42930.50    0.00        42930.50   
  78       2804095      1        2        107302       0.11   2        0        55804       53651.00    0.00        53651.00   
  79       2811447      1        2        132670       0.13   7        0        55792       18952.86    0.00        18952.86   
  80       2020609      1        4        55564        0.06   1        0        55564       55564.00    0.00        55564.00   
  81       2013414      1        10       86250        0.09   2        0        53258       43125.00    0.00        43125.00   
  82       2808852      1        4        332226       0.34   8        0        52948       41528.25    0.00        41528.25   
  83       2019083      1        2        51490        0.05   1        0        51490       51490.00    0.00        51490.00   
  84       2816857      1        2        330706       0.34   8        0        51328       41338.25    0.00        41338.25   
  85       2815451      1        2        776792       0.79   28       0        49752       27742.57    0.00        27742.57   
  86       2816165      1        5        331298       0.34   8        0        48450       41412.25    0.00        41412.25   
  87       2828190      1        2        330530       0.34   8        0        48286       41316.25    0.00        41316.25   
  88       2020788      1        2        48160        0.05   1        0        48160       48160.00    0.00        48160.00   
  89       2827580      1        7        241578       0.24   6        0        48042       40263.00    0.00        40263.00   
  90       2811577      1        2        1341026      1.36   76       0        47186       17645.08    0.00        17645.08   
  91       2022531      1        1        143392       0.15   4        0        47178       35848.00    0.00        35848.00   
  92       2808851      1        4        305144       0.31   8        0        45946       38143.00    0.00        38143.00   
  93       2024778      1        1        100874       0.10   7        0        44450       14410.57    0.00        14410.57   
  94       2020612      1        3        43586        0.04   1        0        43586       43586.00    0.00        43586.00   
  95       2022543      1        1        1443926      1.46   53       0        43558       27243.89    0.00        27243.89   
  96       2811542      1        1        1306930      1.32   79       0        43370       16543.42    0.00        16543.42   
  97       2023625      1        3        817800       0.83   152      0        42000       5380.26     0.00        5380.26    
  98       2022914      1        1        74424        0.08   3        0        41316       24808.00    0.00        24808.00   
  99       2811544      1        1        1359260      1.38   76       0        41264       17885.00    0.00        17885.00   
  100      2022545      1        1        135278       0.14   4        0        40644       33819.50    0.00        33819.50   
  101      2018316      1        4        303202       0.31   10       0        40396       30320.20    0.00        30320.20   
  102      2020782      1        2        38886        0.04   1        0        38886       38886.00    0.00        38886.00   
  103      2022544      1        1        564794       0.57   21       0        38498       26894.95    0.00        26894.95   
  104      2020773      1        2        38492        0.04   1        0        38492       38492.00    0.00        38492.00   
  105      2014169      1        2        59644        0.06   2        0        36076       29822.00    0.00        29822.00   
  106      2014703      1        9        2551862      2.59   156      0        35812       16358.09    0.00        16358.09   
  107      2810487      1        1        148838       0.15   5        0        34786       29767.60    0.00        29767.60   
  108      2020608      1        4        34780        0.04   1        0        34780       34780.00    0.00        34780.00   
  109      2020371      1        2        33846        0.03   1        0        33846       33846.00    0.00        33846.00   
  110      2025200      1        1        934842       0.95   156      0        33842       5992.58     0.00        5992.58    
  111      2828748      1        2        125960       0.13   19       0        32192       6629.47     0.00        6629.47    
  112      2020695      1        1        31892        0.03   1        0        31892       31892.00    0.00        31892.00   
  113      2018057      1        4        31570        0.03   1        0        31570       31570.00    0.00        31570.00   
  114      2016363      1        2        62500        0.06   7        0        30496       8928.57     0.00        8928.57    
  115      2827278      1        1        45880        0.05   2        0        29534       22940.00    0.00        22940.00   
  116      2023624      1        3        874728       0.89   174      0        29088       5027.17     0.00        5027.17    
  117      2023626      1        3        1100804      1.12   208      0        28470       5292.33     0.00        5292.33    
  118      2001263      1        5        103298       0.10   4        0        28360       25824.50    0.00        25824.50   
  119      2008117      1        3        364948       0.37   66       0        27850       5529.52     0.00        5529.52    
  120      2024777      1        2        202058       0.20   29       0        27806       6967.52     0.00        6967.52    
  121      2809487      1        2        194740       0.20   27       0        27000       7212.59     0.00        7212.59    
  122      2010143      1        3        1051850      1.07   162      0        26770       6492.90     0.00        6492.90    
  123      2802205      1        3        207678       0.21   35       0        25218       5933.66     0.00        5933.66    
  124      2010142      1        4        851428       0.86   162      0        25052       5255.73     0.00        5255.73    
  125      2023613      1        3        2

This file has been truncated. Go here to download in full.


keyword_perf.log - (12619 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/2/2019 -- 12:17:27
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2907074         450             450             48602           6460.00         6460.00         0.00           
  content          14200822        2193            1208            206486          6475.00         6741.00         6148.00        
  pcre             1960706         187             35              68656           10485.00        10488.00        10484.00       
  byte_test        5992010         1053            506             85678           5690.00         5950.00         5450.00        
  byte_jump        143462          23              14              21638           6237.00         6369.00         6032.00        
  isdataat         427946          82              0               10696           5218.00         0.00            5218.00        
  flowbits         146492          2               2               138432          73246.00        73246.00        0.00           
  urilen           643104          113             25              18580           5691.00         5528.00         5737.00        
  byte_extract     538704          99              99              35162           5441.00         5441.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2907074         450             450             48602           6460.00         6460.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10229870        1642            837             190188          6230.00         6403.00         6050.00        
  pcre             901788          95              22              68656           9492.00         9427.00         9512.00        
  byte_test        5992010         1053            506             85678           5690.00         5950.00         5450.00        
  byte_jump        143462          23              14              21638           6237.00         6369.00         6032.00        
  isdataat         427946          82              0               10696           5218.00         0.00            5218.00        
  byte_extract     538704          99              99              35162           5441.00         5441.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         146492          2               2               138432          73246.00        73246.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          219228          29              14              28530           7559.00         8862.00         6343.00        
  pcre             336848          25              5               30954           13473.00        15997.00        12843.00       
  urilen           643104          113             25              18580           5691.00         5528.00         5737.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          49470           8               0               11292           6183.00         0.00            6183.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          34554           6               0               6692            5759.00         0.00            5759.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2597182         338             253             206486          7683.00         7920.00         6981.00        
  pcre             583234          51              8               42836           11435.00        9964.00         11709.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          182906          28              9               8826            6532.00         6409.00         6590.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18084           3               3               6780            6028.00         6028.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          112746          20              18              6832            5637.00         5762.00         4512.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          667270          104             72              11826           6416.00         6478.00         6276.00        
  pcre             138836          16              0               17798           8677.00         0.00            8677.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11102           2               2               6032            5551.00         5551.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19172           2               0               14230           9586.00         0.00            9586.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          59238           11              0               6686            5385.00         0.00            5385.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-10-02 12:17:00,437 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-02 12:17:01,169 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-02 12:17:01,169 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-02 12:17:01,169 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-02 12:17:01,169 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-02 12:17:01,170 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/67b7e3bc70046b4114bf11ea1bd4f41256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10022019.1217-9d289884-d795-4931-8e98-e0c2b2beff54.pcap -vvv -k none
2019-10-02 12:17:27,534 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-02 12:17:27,535 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.1063640118