Filename: network (13).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-base
Runtime: 23.2944729328 seconds
Hash: 6a7879092c5b0c179c077e0ec3a80c7d
Uploaded: 1542643063

Logfiles


packet_stats.log - (15478 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           824          5793898      196760825     110115939         90.7b   96.19
 IPv4      17            18          9597014      187021882      46961693        845.3m    0.90
 IPv6      17            20          9437352      186793545      76958852          1.5b    1.63
 IPv6      58             8        110148561      192154236     151085425          1.2b    1.28
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           824            67081        7611805        241382        198.9m   85.55
TMM_FLOWWORKER              IPv4      17            18           140109       19245528       1298306         23.4m   10.05
TMM_RECEIVEPCAPFILE         IPv4       6           750             2525          35880          3143          2.4m    1.01
TMM_RECEIVEPCAPFILE         IPv4      17            18             2551           3549          2925         52.7k    0.02
TMM_DECODEPCAPFILE          IPv4       6           750             2647          62844          3209          2.4m    1.04
TMM_DECODEPCAPFILE          IPv4      17            18             2713           4257          3064         55.2k    0.02
TMM_FLOWWORKER              IPv6      17            20           129826         345743        216473          4.3m    1.86
TMM_FLOWWORKER              IPv6      58             8            78659         169559        103467        827.7k    0.36
TMM_RECEIVEPCAPFILE         IPv6      17            20             2551           3623          2957         59.1k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58             8             2552           3645          2895         23.2k    0.01
TMM_DECODEPCAPFILE          IPv6      17            20             2733          12258          3579         71.6k    0.03
TMM_DECODEPCAPFILE          IPv6      58             8             2835          19397          5448         43.6k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           750             2837          32587          3541          2.7m  1.40  
flow                    IPv4      17            18             2845           6334          4086         73.6k  0.04  
stream                  IPv4       6           824             2877         468691         18211         15.0m  7.94  
app-layer               IPv4      17            18             2726          33119          9728        175.1k  0.09  
detect                  IPv4       6           824            44994        7565505        193646        159.6m  84.39 
detect                  IPv4      17            18           123278         465224        219211          3.9m  2.09  
tcp-prune               IPv4       6           824             2545          50564          3421          2.8m  1.49  
flow                    IPv6      17            20             2891          11064          4307         86.1k  0.05  
flow                    IPv6      58             8             3833           5426          4374         35.0k  0.02  
app-layer               IPv6      17            20             2551          72281         10179        203.6k  0.11  
detect                  IPv6      17            20           111803         312878        189238          3.8m  2.00  
detect                  IPv6      58             8            66599         153566         90117        720.9k  0.38  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            15             4186          14396          6291         94.4k  76.81 
dns                     IPv4      17             4             3948          11470          7122         28.5k  23.19 
Proto detect            IPv4       6            73             2763           8196          4603        336.0k
Proto detect            IPv4      17            13             2746          13429          5210         67.7k
Proto detect            IPv6      17            10             3024           5747          4238         42.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            40766       18718227       4732852         18.9m  77.52 
LOGGER_JSON_HTTP            IPv4       6            34            41774         224482         66001          2.2m  9.19  
LOGGER_JSON_FILE            IPv4       6            33            54003         220888         98352          3.2m  13.29 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           332             2577          80026         23577         7.8m  26.78 
payload                           IPv4      17            18             3745          40418         10731       193.2k  0.66  
stream                            IPv4       6           332             2535         254711         23691         7.9m  26.90 
http_uri                          IPv4       6            34             4052          24197          6286       213.8k  0.73  
http_request_line                 IPv4       6            34             3966           8950          5264       179.0k  0.61  
http_client_body                  IPv4       6           317             2608         209878         18419         5.8m  19.97 
http_header (request)             IPv4       6            37             3434         105774         43082         1.6m  5.45  
http_header (request trailer)     IPv4       6            33             2677           4365          3325       109.8k  0.38  
http_header_names (request)       IPv4       6            37             2813          63617         12712       470.4k  1.61  
http_accept (request)             IPv4       6            37             3225           6014          3857       142.7k  0.49  
http_referer (request)            IPv4       6            37             2829           4250          3194       118.2k  0.40  
http_content_len (request)        IPv4       6            37             2982           5737          4345       160.8k  0.55  
http_content_type (request)       IPv4       6            37             5653          15034          8484       313.9k  1.07  
http_protocol (request)           IPv4       6            34             3479           6537          4627       157.3k  0.54  
http_start (request)              IPv4       6            37             3014          24423         10387       384.3k  1.31  
http_raw_header (request)         IPv4       6           317             4013          54233          5698         1.8m  6.18  
http_method                       IPv4       6            34             4340           9585          5900       200.6k  0.69  
http_cookie (request)             IPv4       6            37             2984          25497          4585       169.7k  0.58  
http_raw_uri                      IPv4       6            34             3772           6783          4989       169.7k  0.58  
http_user_agent                   IPv4       6            37            11670          37820         19828       733.6k  2.51  
http_host                         IPv4       6            37             2564           8384          4641       171.7k  0.59  
dns_query                         IPv4      17             2             8048          12950         10499        21.0k  0.07  
Total                             IPv4                  1891                                         15252        28.8m
payload                           IPv6      17            20             3590          49886         17401       348.0k  1.19  
payload                           IPv6      58             8             2916           7835          5611        44.9k  0.15  
Total                             IPv6                    28                                         14032       392.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            68             3095          22473          7751        527.1k  0.26  
PROF_DETECT_IPONLY          IPv4      17            13             4839          35751         10958        142.5k  0.07  
PROF_DETECT_RULES           IPv4       6           824             2529        2307967         72532         59.8m  29.23 
PROF_DETECT_RULES           IPv4      17            18            60556         331153        118932          2.1m  1.05  
PROF_DETECT_STATEFUL_START    IPv4       6           342             2628        1409042         77416         26.5m  12.95 
PROF_DETECT_STATEFUL_CONT    IPv4       6           824             2511         121971          6342          5.2m  2.56  
PROF_DETECT_STATEFUL_CONT    IPv4      17            18             2516          14989          4321         77.8k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           688             2557          65470          3090          2.1m  1.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2792           3488          3241         13.0k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           824             7756         711257         60403         49.8m  24.34 
PROF_DETECT_PREFILTER       IPv4      17            18            24385          91800         42913        772.4k  0.38  
PROF_DETECT_PF_PAYLOAD      IPv4       6           332            28124         310699         56183         18.7m  9.12  
PROF_DETECT_PF_PAYLOAD      IPv4      17            18             8772          45782         16133        290.4k  0.14  
PROF_DETECT_PF_TX           IPv4       6           688             2599         640235         28433         19.6m  9.57  
PROF_DETECT_PF_TX           IPv4      17             2            13809          18813         16311         32.6k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6           104             2719          55620          5288        550.0k  0.27  
PROF_DETECT_PF_SORT1        IPv4      17            18             2711           4185          3277         59.0k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           824             2512          32364          3018          2.5m  1.22  
PROF_DETECT_PF_SORT2        IPv4      17            18             2547           4735          2954         53.2k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6           824             2560         460891          3725          3.1m  1.50  
PROF_DETECT_NONMPMLIST      IPv4      17            18             2529           4128          3030         54.5k  0.03  
PROF_DETECT_ALERT           IPv4       6           824             2518          68256          3149          2.6m  1.27  
PROF_DETECT_ALERT           IPv4      17            18             2526           3593          2832         51.0k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           824             2559          32703          3309          2.7m  1.33  
PROF_DETECT_CLEANUP         IPv4      17            18             2528           5050          3162         56.9k  0.03  
PROF_DETECT_GETSGH          IPv4       6           824             2515          29846          3284          2.7m  1.32  
PROF_DETECT_GETSGH          IPv4      17            18             2726          10825          5713        102.8k  0.05  
PROF_DETECT_IPONLY          IPv6      17            10             2899           5870          4076         40.8k  0.02  
PROF_DETECT_IPONLY          IPv6      58             8             2864           7037          4575         36.6k  0.02  
PROF_DETECT_RULES           IPv6      17            20            49398         178990         99930          2.0m  0.98  
PROF_DETECT_RULES           IPv6      58             8             2527           3210          2716         21.7k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv6      17            20             2564           3466          2882         57.6k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv6      58             8             2562           3833          2932         23.5k  0.01  
PROF_DETECT_PREFILTER       IPv6      17            20            24366          76701         42230        844.6k  0.41  
PROF_DETECT_PREFILTER       IPv6      58             8            18872          33241         24462        195.7k  0.10  
PROF_DETECT_PF_PAYLOAD      IPv6      17            20             8633          55830         23522        470.5k  0.23  
PROF_DETECT_PF_PAYLOAD      IPv6      58             8             8110          14053         11187         89.5k  0.04  
PROF_DETECT_PF_SORT1        IPv6      17            20             2729           5878          3869         77.4k  0.04  
PROF_DETECT_PF_SORT2        IPv6      17            20             2549           4061          3126         62.5k  0.03  
PROF_DETECT_PF_SORT2        IPv6      58             8             2511           3295          2752         22.0k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            20             2555           4666          3351         67.0k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      58             8             2514           3326          2817         22.5k  0.01  
PROF_DETECT_ALERT           IPv6      17            20             2533           3704          2802         56.1k  0.03  
PROF_DETECT_ALERT           IPv6      58             8             2519           3483          2719         21.8k  0.01  
PROF_DETECT_CLEANUP         IPv6      17            20             2519           5371          3226         64.5k  0.03  
PROF_DETECT_CLEANUP         IPv6      58             8             2726          20978          5604         44.8k  0.02  
PROF_DETECT_GETSGH          IPv6      17            20             2540          19754          7378        147.6k  0.07  
PROF_DETECT_GETSGH          IPv6      58             8             5294           6553          5756         46.1k  0.02  


stats.log - (3223 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 11/19/2018 -- 15:58:07 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 814
decoder.bytes                              | Total                     | 438271
decoder.ipv4                               | Total                     | 768
decoder.ipv6                               | Total                     | 28
decoder.ethernet                           | Total                     | 814
decoder.tcp                                | Total                     | 750
decoder.udp                                | Total                     | 38
decoder.icmpv6                             | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 538
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 34
flow.udp                                   | Total                     | 21
flow.icmpv6                                | Total                     | 8
tcp.sessions                               | Total                     | 34
tcp.syn                                    | Total                     | 34
tcp.synack                                 | Total                     | 34
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.tx.http                          | Total                     | 34
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 19
flow_mgr.new_pruned                        | Total                     | 18
flow.spare                                 | Total                     | 10014
flow_mgr.flows_checked                     | Total                     | 57
flow_mgr.flows_notimeout                   | Total                     | 38
flow_mgr.flows_timeout                     | Total                     | 19
flow_mgr.flows_timeout_inuse               | Total                     | 5
flow_mgr.flows_removed                     | Total                     | 14
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65477
flow_mgr.rows_empty                        | Total                     | 4
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7091296


eve.json - (29678 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{"timestamp":"2018-11-13T03:01:27.524501+0000","flow_id":253638195216597,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.56.12","src_port":56295,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64361,"rrname":"default.uzinfocomcdn.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-13T03:01:28.347251+0000","flow_id":253638195216597,"pcap_cnt":38,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.12","dest_port":56295,"proto":"UDP","dns":{"type":"answer","id":64361,"rcode":"NOERROR","rrname":"default.uzinfocomcdn.com","rrtype":"A","ttl":3600,"rdata":"209.250.248.102"}}
{"timestamp":"2018-11-13T03:01:30.363491+0000","flow_id":747540107135971,"pcap_cnt":61,"event_type":"dns","src_ip":"192.168.56.12","src_port":51818,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53880,"rrname":"www.f4cky0u.me","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-13T03:01:31.213214+0000","flow_id":747540107135971,"pcap_cnt":62,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.12","dest_port":51818,"proto":"UDP","dns":{"type":"answer","id":53880,"rcode":"NXDOMAIN","rrname":"www.f4cky0u.me"}}
{"timestamp":"2018-11-13T03:01:42.024577+0000","flow_id":1643674296800060,"pcap_cnt":128,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61845,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:01:46.290964+0000","flow_id":1596397444555523,"pcap_cnt":152,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61846,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:01:50.557389+0000","flow_id":1378898153469756,"pcap_cnt":176,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61847,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:02:07.619104+0000","flow_id":1031669376051607,"pcap_cnt":264,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61851,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:02:16.152220+0000","flow_id":611393941817398,"pcap_cnt":310,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61853,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:02:37.485346+0000","flow_id":1246297483730014,"pcap_cnt":434,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61858,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:02:41.761116+0000","flow_id":267949031134111,"pcap_cnt":458,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61859,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:11.634932+0000","flow_id":1379555288786775,"pcap_cnt":619,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61866,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:15.909911+0000","flow_id":1642860406626461,"pcap_cnt":641,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61867,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:20.185179+0000","flow_id":743079790823544,"pcap_cnt":666,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61868,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:24.454352+0000","flow_id":1689205251825406,"pcap_cnt":690,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61869,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:28.725075+0000","flow_id":401114495191190,"pcap_cnt":714,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61870,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:41.589881+0000","flow_id":191651088562431,"pcap_cnt":788,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61873,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1989155023048088,"event_type":"http","src_ip":"192.168.56.12","src_port":61843,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1989155023048088,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61843,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":895327784757590,"event_type":"http","src_ip":"192.168.56.12","src_port":61844,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":895327784757590,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61844,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1060237345824773,"event_type":"http","src_ip":"192.168.56.12","src_port":61831,"dest_ip":"185.231.48.210","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/akeo.tmp","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1765432323762259,"event_type":"http","src_ip":"192.168.56.12","src_port":61842,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1765432323762259,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61842,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1643674296800060,"event_type":"http","src_ip":"192.168.56.12","src_port":61845,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1689205251825406,"event_type":"http","src_ip":"192.168.56.12","src_port":61869,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":5805703080764,"event_type":"http","src_ip":"192.168.56.12","src_port":61862,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":5805703080764,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61862,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":12664768361705,"event_type":"http","src_ip":"192.168.56.12","src_port":61871,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":12664768361705,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61871,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bps.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bps.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":722549843189391,"event_type":"http","src_ip":"192.168.56.12","src_port":61854,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":722549843189391,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61854,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":441390547107590,"event_type":"http","src_ip":"192.168.56.12","src_port":61856,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":441390547107590,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61856,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"hostname":"www.mail.ru","url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":162690117625033,"event_type":"http","src_ip":"192.168.56.12","src_port":61850,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":162690117625033,"event_type":"fileinfo","src_ip":"192.168.56.12","src_port":61850,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/bp.ico","gaps":false,"state":"CLOSED","stored":false,"size":11560,"tx_id":0}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":743079790823544,"event_type":"http","src_ip":"192.168.56.12","src_port":61868,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bp.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0"}}
{"timestamp":"2018-11-13T03:03:45.985842+0000","flow_id":1729646659923804,"event_type":"http","src_ip":"192.168.56.12","src_port":61855,"dest_ip":"209.250.248.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"url":"\/bps.ico

This file has been truncated. Go here to download in full.


keyword_perf.log - (6508 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/19/2018 -- 15:58:07
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             4630374         1412            1412            33235           3279.00         3279.00         0.00           
  content          10146573        2573            1465            100246          3943.00         4107.00         3726.00        
  pcre             2150157         390             34              135112          5513.00         6916.00         5379.00        
  byte_test        76298           14              5               32248           5449.00         9737.00         3067.00        
  isdataat         12706           4               0               3275            3176.00         0.00            3176.00        
  urilen           440037          136             68              22284           3235.00         2961.00         3510.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             4630374         1412            1412            33235           3279.00         3279.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1063695         286             145             21980           3719.00         3887.00         3545.00        
  pcre             99692           17              1               16186           5864.00         5021.00         5916.00        
  byte_test        76298           14              5               32248           5449.00         9737.00         3067.00        
  isdataat         12706           4               0               3275            3176.00         0.00            3176.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1949708         541             51              100246          3603.00         3559.00         3608.00        
  pcre             599998          102             0               135112          5882.00         0.00            5882.00        
  urilen           440037          136             68              22284           3235.00         2961.00         3510.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5367753         1286            957             78314           4173.00         4241.00         3978.00        
  pcre             1074317         197             33              78674           5453.00         6974.00         5147.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          124671          34              34              4579            3666.00         3666.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1640746         426             278             31093           3851.00         3917.00         3726.00        
  pcre             376150          74              0               32225           5083.00         0.00            5083.00        


suricata-4.0.0-etpro-base-perf.txt-2018-11-19-T-15-58-07-11192018.1557-network_13.pcap.txt - (13527 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
  --------------------------------------------------------------------------
  Date: 11/19/2018 -- 15:58:07. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023583      1        4        1694595      3.30   37       0        429308      45799.86    0.00        45799.86   
  2        2819993      1        2        1302293      2.53   33       0        422487      39463.42    0.00        39463.42   
  3        2816526      1        13       1359544      2.64   33       0        421606      41198.30    0.00        41198.30   
  4        2816940      1        2        2119436      4.12   33       0        188664      64225.33    0.00        64225.33   
  5        2827279      1        5        1017972      1.98   33       0        173904      30847.64    0.00        30847.64   
  6        2810991      1        4        1785862      3.47   33       0        170680      54117.03    0.00        54117.03   
  7        2828123      1        2        1402640      2.73   37       0        170112      37909.19    0.00        37909.19   
  8        2814883      1        3        1343436      2.61   33       0        150003      40710.18    0.00        40710.18   
  9        2816909      1        2        2058296      4.00   33       0        140405      62372.61    0.00        62372.61   
  10       2021038      1        4        999649       1.94   33       0        107950      30292.39    0.00        30292.39   
  11       2827505      1        2        1547529      3.01   37       0        106179      41825.11    0.00        41825.11   
  12       2017552      1        6        7327339      14.25  342      0        89512       21424.97    0.00        21424.97   
  13       2816910      1        2        1895543      3.69   33       0        85845       57440.70    0.00        57440.70   
  14       2828876      1        1        1137337      2.21   332      0        81878       3425.71     0.00        3425.71    
  15       2816328      1        5        1285484      2.50   37       0        80688       34742.81    0.00        34742.81   
  16       2025064      1        5        1192255      2.32   33       0        76375       36128.94    0.00        36128.94   
  17       2804626      1        9        838817       1.63   37       0        73720       22670.73    0.00        22670.73   
  18       2816055      1        2        959276       1.87   33       0        71244       29068.97    0.00        29068.97   
  19       2100540      1        12       288699       0.56   68       0        69266       4245.57     0.00        4245.57    
  20       2815817      1        5        988411       1.92   33       0        67199       29951.85    0.00        29951.85   
  21       2012649      1        5        658939       1.28   16       0        63980       41183.69    0.00        41183.69   
  22       2828008      1        2        867181       1.69   33       0        63107       26278.21    0.00        26278.21   
  23       2819785      1        2        772622       1.50   33       0        62779       23412.79    0.00        23412.79   
  24       2816327      1        4        1156697      2.25   37       0        61996       31262.08    0.00        31262.08   
  25       2808851      1        4        887579       1.73   37       0        58010       23988.62    0.00        23988.62   
  26       2023083      1        2        537687       1.05   16       0        55857       33605.44    0.00        33605.44   
  27       2023916      1        2        685632       1.33   18       0        51871       38090.67    0.00        38090.67   
  28       2017259      1        12       1054311      2.05   37       0        48081       28494.89    0.00        28494.89   
  29       2014405      1        10       519884       1.01   16       0        47248       32492.75    0.00        32492.75   
  30       2816525      1        10       1116610      2.17   37       0        46950       30178.65    0.00        30178.65   
  31       2827580      1        7        884023       1.72   33       0        45046       26788.58    0.00        26788.58   
  32       2811544      1        1        48552        0.09   2        0        44290       24276.00    0.00        24276.00   
  33       2823166      1        3        558151       1.09   18       0        44009       31008.39    0.00        31008.39   
  34       2828190      1        2        903581       1.76   37       0        42755       24421.11    0.00        24421.11   
  35       2808852      1        4        788497       1.53   37       0        42747       21310.73    0.00        21310.73   
  36       2810793      1        5        139747       0.27   34       0        39204       4110.21     0.00        4110.21    
  37       2014380      1        4        1304245      2.54   68       0        38986       19180.07    0.00        19180.07   
  38       2816857      1        2        737623       1.43   33       0        36236       22352.21    0.00        22352.21   
  39       2019012      1        3        34769        0.07   1        0        34769       34769.00    0.00        34769.00   
  40       2009243      1        2        58065        0.11   9        0        34324       6451.67     0.00        6451.67    
  41       2816165      1        5        364289       0.71   16       0        33837       22768.06    0.00        22768.06   
  42       2806132      1        3        893206       1.74   33       0        32694       27066.85    0.00        27066.85   
  43       2826256      1        2        352892       0.69   16       0        25740       22055.75    0.00        22055.75   
  44       2809850      1        2        24973        0.05   1        0        24973       24973.00    0.00        24973.00   
  45       2014701      1        12       54448        0.11   4        0        24875       13612.00    0.00        13612.00   
  46       2100540      1        12       240933       0.47   68       0        22396       3543.13     0.00        3543.13    
  47       2020698      1        2        20906        0.04   1        0        20906       20906.00    0.00        20906.00   
  48       2803760      1        3        37251        0.07   2        0        20565       18625.50    0.00        18625.50   
  49       2019230      1        2        24163        0.05   2        0        20531       12081.50    0.00        12081.50   
  50       2013382      1        3        259678       0.51   18       0        19985       14426.56    0.00        14426.56   
  51       2826281      1        2        37366        0.07   2        0        19108       18683.00    0.00        18683.00   
  52       2022531      1        1        18454        0.04   1        0        18454       18454.00    0.00        18454.00   
  53       2811445      1        4        127557       0.25   33       0        18226       3865.36     0.00        3865.36    
  54       2022545      1        1        17984        0.03   1        0        17984       17984.00    0.00        17984.00   
  55       2010140      1        7        226780       0.44   37       0        17699       6129.19     0.00        6129.19    
  56       2022543      1        1        33679        0.07   2        0        17122       16839.50    0.00        16839.50   
  57       2014702      1        9        37003        0.07   4        0        16242       9250.75     0.00        9250.75    
  58       2014703      1        9        38309        0.07   4        0        15944       9577.25     0.00        9577.25    
  59       2811577      1        2        19603        0.04   2        0        14916       9801.50     0.00        9801.50    
  60       2010143      1        3        155135       0.30   37       0        13361       4192.84     0.00        4192.84    
  61       2020388      1        8        115282       0.22   33       0        5541        3493.39     0.00        3493.39    
  62       2802205      1        3        42813        0.08   14       0        5238        3058.07     0.00        3058.07    
  63       2020369      1        3        68884        0.13   18       0        4988        3826.89     0.00        3826.89    
  64       2804587      1        2        114354       0.22   34       0        4909        3363.35     0.00        3363.35    
  65       2013926      1        8        114843       0.22   34       0        4807        3377.74     0.00        3377.74    
  66       2008116      1        4        46842        0.09   14       0        4720        3345.86     0.00        3345.86    
  67       2804589      1        3        107818       0.21   34       0        4678        3171.12     0.00        3171.12    
  68       2025200      1        1        14430        0.03   4        0        4568        3607.50     0.00        3607.50    
  69       2019017      1        3        31122        0.06   10       0        4310        3112.20     0.00        3112.20    
  70       2019010      1        3        30772        0.06   10       0        4296        3077.20     0.00        3077.20    
  71       2008120      1        4        114054       0.22   38       0        4221        3001.42     0.00        3001.42    
  72       2823788      1        4        8211         0.02   2        0        4207        4105.50     0.00        4105.50    
  73       2100518      1        8        42806        0.08   14       0        4173        3057.57     0.00        3057.57    
  74       2013739      1        15       99223        0.19   34       0        4102        2918.32     0.00        2918.32    
  75       2023612      1        4        25184        0.05   8        0        4030        3148.00     0.00        3148.00    
  76       2008118      1        3        27502        0.05   9        0        3962        3055.78     0.00        3055.78    
  77       2801347      1        5        43866        0.09   14       0        3961        3133.29     0.00        3133.29    
  78       2023627      1        3        88420        0.17   30       0        3959        2947.33     0.00        2947.33    
  79       2023624      1        3        64875        0.13   22       0        3949        2948.86     0.00        2948.86    
  80       2019011      1        3        20724        0.04   6        0        3916        3454.00     0.00        3454.00    
  81       2102523      1        8        102383       0.20   34       0        3872        3011.26     0.00        3011.26    
  82       2102523      1        8        106785       0.21   34       0        3805        3140.74     0.00        3140.74    
  83       2023616      1        3        23867        0.05   8        0        3732        2983.38     0.00        2983.38    
  84       2023621      1        4        78676        0.15   28       0        3693        2809.86     0.00        2809.86    
  85       2802822      1        1        25314        0.05   8        0        3693        3164.25     0.00        3164.25    
  86       2023620      1        3        23702        0.05   8        0        3692        2962.75     0.00        2962.75    
  87       2816920      1        1        96790        0.19   34       0        3671        2846.76     0.00        2846.76    
  88       2019490      1        3        24001        0.05   8        0        3658        3000.12     0.00        3000.12    
  89       2023623      1        3        40072        0.08   14       0        3564        2862.29     0.00        2862.29    
  90       2010142      1        4        101811       0.20   37       0        3514        2751.65     0.00        2751.65    
  91       2023613      1        3        55299        0.11   20       0        3509        2764.95     0.00        2764.95    
  92       2008117      1        3        24457        0.05   8        0        3501        3057.12     0.00        3057.12    
  93       2023617      1        3        72588        0.14   26       0        3462        2791.85     0.00        2791.85    
  94       2009702      1        5        12507        0.02   4        0        3342        3126.75     0.00        3126.75    
  95       2013075      1        8        6044         0.01   2        0        3316        3022.00     0.00        3022.00    
  96       2023622      1        3        6154         0.01   2        0        3262        3077.00     0.00        3077.00    
  97       2023626      1        3        11491        0.02   4        0        3139        2872.75     0.00        2872.75    
  98       2019016      1        3        17557        0.03   6        0        3105        2926.17     0.00        2926.17    
  99       2023625      1        3        8418         0.02   3        0        3078        2806.00     0.00        2806.00    
  100      2023619      1        3        16994        0.03   6        0        3068        2832.33     0.00        2832.33    
  101      2019019      1        3        3049         0.01   1        0        3049        3049.00     0.00        3049.00    
  102      2810792      1        5        92055        0.18   34       0        3023        2707.50     0.00        2707.50    


suricata-report-2018-11-19-T-15-58-07-11192018.1557-network_13.pcap.txt - (16570 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/6a7879092c5b0c179c077e0ec3a80c7dc868f2786383154b95a80e4733a7b823 -r /var/pcap/11192018.1557-network_13.pcap -vvv -k none
elapsedtime:22.245536
stderr:
stdout:
19/11/2018 -- 15:57:44 - <Info> - Configuration node 'rule-files' redefined.
19/11/2018 -- 15:57:44 - <Notice> - This is Suricata version 4.0.0 RELEASE
19/11/2018 -- 15:57:44 - <Info> - CPUs/cores online: 1
19/11/2018 -- 15:57:44 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34177 and 'request-body-inspect-window' set to 16971 after randomization.
19/11/2018 -- 15:57:44 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31626 and 'response-body-inspect-window' set to 15637 after randomization.
19/11/2018 -- 15:57:44 - <Config> - DNS request flood protection level: 500
19/11/2018 -- 15:57:44 - <Config> - DNS per flow memcap (state-memcap): 524288
19/11/2018 -- 15:57:44 - <Config> - DNS global memcap: 16777216
19/11/2018 -- 15:57:44 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/11/2018 -- 15:57:44 - <Config> - preallocated 1000 hosts of size 136
19/11/2018 -- 15:57:44 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
19/11/2018 -- 15:57:44 - <Config> - using magic-file /usr/share/file/magic
19/11/2018 -- 15:57:44 - <Config> - Core dump size is unlimited.
19/11/2018 -- 15:57:45 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
19/11/2018 -- 15:57:45 - <Config> - preallocated 1000 defrag trackers of size 168
19/11/2018 -- 15:57:45 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
19/11/2018 -- 15:57:45 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/11/2018 -- 15:57:45 - <Config> - stream "memcap": 33554432
19/11/2018 -- 15:57:45 - <Config> - stream "midstream" session pickups: disabled
19/11/2018 -- 15:57:45 - <Config> - stream "async-oneside": disabled
19/11/2018 -- 15:57:45 - <Config> - stream "checksum-validation": disabled
19/11/2018 -- 15:57:45 - <Config> - stream."inline": disabled
19/11/2018 -- 15:57:45 - <Config> - stream "bypass": disabled
19/11/2018 -- 15:57:45 - <Config> - stream "max-synack-queued": 5
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly "memcap": 134217728
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly "depth": 0
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly "toserver-chunk-size": 2574
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly "toclient-chunk-size": 2665
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly.raw: enabled
19/11/2018 -- 15:57:45 - <Config> - stream.reassembly "segment-prealloc": 2048
19/11/2018 -- 15:57:45 - <Config> - Delayed detect disabled
19/11/2018 -- 15:57:45 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/11/2018 -- 15:57:45 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/11/2018 -- 15:57:45 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/11/2018 -- 15:57:45 - <Config> - prefilter engines: MPM
19/11/2018 -- 15:57:45 - <Config> - IP reputation disabled
19/11/2018 -- 15:57:45 - <Perf> - Registered 148 keyword profiling counters.
19/11/2018 -- 15:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
19/11/2018 -- 15:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
19/11/2018 -- 15:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
19/11/2018 -- 15:57:50 - <Config> - No rules loaded from ET-icmp.rules.
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
19/11/2018 -- 15:57:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
19/11/2018 -- 15:57:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
19/11/2018 -- 15:57:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
19/11/2018 -- 15:57:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
19/11/2018 -- 15:57:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
19/11/2018 -- 15:57:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
19/11/2018 -- 15:57:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
19/11/2018 -- 15:57:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
19/11/2018 -- 15:57:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
19/11/2018 -- 15:57:56 - <Config> - No rules loaded from local.rules.
19/11/2018 -- 15:57:56 - <Info> - 31 rule files processed. 32260 rules successfully loaded, 0 rules failed
19/11/2018 -- 15:57:56 - <Info> - Threshold config parsed: 0 rule(s) found
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tcp-packet
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tcp-stream
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for udp-packet
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for other-ip
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_uri
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_request_line
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_client_body
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_response_line
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_header
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_header
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_header_names
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_header_names
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_accept
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_accept_enc
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_accept_lang
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_referer
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_connection
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_content_len
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_content_len
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_content_type
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_content_type
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_protocol
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_protocol
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_start
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_start
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_raw_header
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_raw_header
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_method
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_cookie
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_cookie
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_raw_uri
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_user_agent
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_host
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_raw_host
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_stat_msg
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_stat_code
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for dns_query
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tls_sni
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tls_cert_issuer
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tls_cert_subject
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for tls_cert_serial
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for dce_stub_data
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for dce_stub_data
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for ssh_protocol
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for ssh_protocol
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for ssh_software
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for ssh_software
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for file_data
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for file_data
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_request_line
19/11/2018 -- 15:57:57 - <Perf> - using shared mpm ctx' for http_response_line
19/11/2018 -- 15:57:57 - <Info> - 32265 signatures processed. 2 are IP-only rules, 14352 are inspecting packet payload, 21545 inspect application layer, 0 are decoder event only
19/11/2018 -- 15:57:57 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/11/2018 -- 15:57:57 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
19/11/2018 -- 15:57:57 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
19/11/2018 -- 15:57:57 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
19/11/2018 -- 15:57:57 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
19/11/2018 -- 15:57:57 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/11/2018 -- 15:57:57 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/11/2018 -- 15:58:03 - <Perf> - Unique rule groups: 102
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toserver TCP packet": 35
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toclient TCP packet": 17
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toserver TCP stream": 33
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toclient TCP stream": 19
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toserver UDP packet": 27
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "toclient UDP packet": 15
19/11/2018 -- 15:58:03 - <Perf> - Builtin MPM "other IP packet": 3
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_uri": 14
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_request_line": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_client_body": 5
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_response_line": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_header": 10
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_header": 6
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_header_names": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_accept": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_referer": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_content_len": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_content_type": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_content_type": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_protocol": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_start": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_method": 5
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_cookie": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_cookie": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver http_host": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver dns_query": 4
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver tls_sni": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toserver file_data": 1
19/11/2018 -- 15:58:03 - <Perf> - AppLayer MPM "toclient file_data": 7
19/11/2018 -- 15:58:05 - <Perf> - Registered 32265 rule profiling counters.
19/11/2018 -- 15:58:05 - <Info> - fast output device (regular) initialized: alert
19/11/2018 -- 15:58:05 - <Info> - eve-log output device (regular) initialized: eve.json
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'alert'
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'http'
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'dns'
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'tls'
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'files'
19/11/2018 -- 15:58:05 - <Config> - enabling 'eve-log' module 'ssh'
19/11/2018 -- 15:58:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
19/11/2018 -- 15:58:05 - <Info> - stats output device (regular) initialized: stats.log
19/11/2018 -- 15:58:05 - <Config> - AutoFP mode using "Hash" flow load balancer
19/11/2018 -- 15:58:05 - <Info> - reading pcap file /var/pcap/11192018.1557-network_13.pcap
19/11/2018 -- 15:58:05 - <Config> - using 1 flow manager threads
19/11/2018 -- 15:58:05 - <Config> - using 1 flow recycler threads
19/11/2018 -- 15:58:05 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
19/11/2018 -- 15:58:05 - <Info> - pcap file end of file reached (pcap err code 0)
19/11/2018 -- 15:58:05 - <Notice> - Signal Received.  Stopping engine.
19/11/2018 -- 15:58:06 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
19/11/2018 -- 15:58:06 - <Info> - time elapsed 0.438s
19/11/2018 -- 15:58:07 - <Perf> - 63 flows processed
19/11/2018 -- 15:58:07 - <Notice> - Pcap-file module read 814 packets, 438271 bytes
19/11/2018 -- 15:58:07 - <Perf> - AutoFP - Total flow handler queues - 1
19/11/2018 -- 15:58:07 - <Info> - Alerts: 0
19/11/2018 -- 15:58:07 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
19/11/2018 -- 15:58:07 - <Perf> - Done dumping profiling data.
19/11/2018 -- 15:58:07 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
19/11/2018 -- 15:58:07 - <Perf> - Dumping profiling data for 32265 rules.
19/11/2018 -- 15:58:07 - <Perf> - Done dumping profiling data.
19/

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1152 bytes) - download
1
2
3
4
5
6
7
8
2018-11-19 15:57:44,148 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-19 15:57:44,978 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-19 15:57:44,978 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-base
2018-11-19 15:57:44,979 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-19 15:57:44,979 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-19 15:57:44,979 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/6a7879092c5b0c179c077e0ec3a80c7dc868f2786383154b95a80e4733a7b823 -r /var/pcap/11192018.1557-network_13.pcap -vvv -k none
2018-11-19 15:58:07,227 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-19 15:58:07,227 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.0930979252