Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4307589531 seconds
Hash: 6b3a5fe7bd9244316bdf69afdbe9acaf
Uploaded: 1562062024

Logfiles


suricata-report-2019-07-02-T-10-07-27-07022019.1007-network.pcap.txt - (17436 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6b3a5fe7bd9244316bdf69afdbe9acaf56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07022019.1007-network.pcap -vvv -k none
elapsedtime:21.487216
stderr:
stdout:
2/7/2019 -- 10:07:05 - <Info> - Configuration node 'rule-files' redefined.
2/7/2019 -- 10:07:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/7/2019 -- 10:07:05 - <Info> - CPUs/cores online: 1
2/7/2019 -- 10:07:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33770 and 'request-body-inspect-window' set to 15707 after randomization.
2/7/2019 -- 10:07:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32508 and 'response-body-inspect-window' set to 16335 after randomization.
2/7/2019 -- 10:07:05 - <Config> - DNS request flood protection level: 500
2/7/2019 -- 10:07:05 - <Config> - DNS per flow memcap (state-memcap): 524288
2/7/2019 -- 10:07:05 - <Config> - DNS global memcap: 16777216
2/7/2019 -- 10:07:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/7/2019 -- 10:07:05 - <Config> - preallocated 1000 hosts of size 136
2/7/2019 -- 10:07:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/7/2019 -- 10:07:05 - <Config> - using magic-file /usr/share/file/magic
2/7/2019 -- 10:07:05 - <Config> - Core dump size is unlimited.
2/7/2019 -- 10:07:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/7/2019 -- 10:07:05 - <Config> - preallocated 1000 defrag trackers of size 168
2/7/2019 -- 10:07:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/7/2019 -- 10:07:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/7/2019 -- 10:07:05 - <Config> - stream "memcap": 33554432
2/7/2019 -- 10:07:05 - <Config> - stream "midstream" session pickups: disabled
2/7/2019 -- 10:07:05 - <Config> - stream "async-oneside": disabled
2/7/2019 -- 10:07:05 - <Config> - stream "checksum-validation": disabled
2/7/2019 -- 10:07:05 - <Config> - stream."inline": disabled
2/7/2019 -- 10:07:05 - <Config> - stream "bypass": disabled
2/7/2019 -- 10:07:05 - <Config> - stream "max-synack-queued": 5
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly "memcap": 134217728
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly "depth": 0
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly "toserver-chunk-size": 2599
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly "toclient-chunk-size": 2568
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly.raw: enabled
2/7/2019 -- 10:07:05 - <Config> - stream.reassembly "segment-prealloc": 2048
2/7/2019 -- 10:07:05 - <Config> - Delayed detect disabled
2/7/2019 -- 10:07:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/7/2019 -- 10:07:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/7/2019 -- 10:07:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/7/2019 -- 10:07:05 - <Config> - prefilter engines: MPM
2/7/2019 -- 10:07:05 - <Config> - IP reputation disabled
2/7/2019 -- 10:07:05 - <Perf> - Registered 148 keyword profiling counters.
2/7/2019 -- 10:07:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/7/2019 -- 10:07:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/7/2019 -- 10:07:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/7/2019 -- 10:07:10 - <Config> - No rules loaded from ET-icmp.rules.
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/7/2019 -- 10:07:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/7/2019 -- 10:07:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/7/2019 -- 10:07:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/7/2019 -- 10:07:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/7/2019 -- 10:07:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/7/2019 -- 10:07:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/7/2019 -- 10:07:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/7/2019 -- 10:07:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/7/2019 -- 10:07:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/7/2019 -- 10:07:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/7/2019 -- 10:07:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/7/2019 -- 10:07:17 - <Config> - No rules loaded from local.rules.
2/7/2019 -- 10:07:17 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/7/2019 -- 10:07:17 - <Info> - Threshold config parsed: 0 rule(s) found
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tcp-packet
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tcp-stream
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for udp-packet
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for other-ip
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_uri
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_request_line
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_client_body
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_response_line
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_header
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_header
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_header_names
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_header_names
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_accept
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_accept_enc
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_accept_lang
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_referer
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_connection
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_content_len
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_content_len
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_content_type
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_content_type
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_protocol
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_protocol
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_start
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_start
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_raw_header
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_raw_header
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_method
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_cookie
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_cookie
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_raw_uri
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_user_agent
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_host
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_raw_host
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_stat_msg
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_stat_code
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for dns_query
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tls_sni
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for dce_stub_data
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for dce_stub_data
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for ssh_protocol
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for ssh_protocol
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for ssh_software
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for ssh_software
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for file_data
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for file_data
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_request_line
2/7/2019 -- 10:07:18 - <Perf> - using shared mpm ctx' for http_response_line
2/7/2019 -- 10:07:18 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/7/2019 -- 10:07:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/7/2019 -- 10:07:18 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/7/2019 -- 10:07:18 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/7/2019 -- 10:07:18 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/7/2019 -- 10:07:18 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/7/2019 -- 10:07:18 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/7/2019 -- 10:07:18 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/7/2019 -- 10:07:23 - <Perf> - Unique rule groups: 104
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/7/2019 -- 10:07:23 - <Perf> - Builtin MPM "other IP packet": 3
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_header": 10
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_header": 6
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_start": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_method": 5
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver http_host": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toserver file_data": 1
2/7/2019 -- 10:07:23 - <Perf> - AppLayer MPM "toclient file_data": 7
2/7/2019 -- 10:07:25 - <Perf> - Registered 39590 rule profiling counters.
2/7/2019 -- 10:07:25 - <Info> - fast output device (regular) initialized: alert
2/7/2019 -- 10:07:25 - <Info> - eve-log output device (regular) initialized: eve.json
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'alert'
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'http'
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'dns'
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'tls'
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'files'
2/7/2019 -- 10:07:25 - <Config> - enabling 'eve-log' module 'ssh'
2/7/2019 -- 10:07:25 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/7/2019 -- 10:07:25 - <Info> - stats output device (regular) initialized: stats.log
2/7/2019 -- 10:07:25 - <Config> - AutoFP mode using "Hash" flow load balancer
2/7/2019 -- 10:07:25 - <Info> - reading pcap file /var/pcap/07022019.1007-network.pcap
2/7/2019 -- 10:07:25 - <Config> - using 1 flow manager threads
2/7/2019 -- 10:07:25 - <Config> - using 1 flow recycler threads
2/7/2019 -- 10:07:25 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
2/7/2019 -- 10:07:25 - <Info> - pcap file end o

This file has been truncated. Go here to download in full.


packet_stats.log - (15440 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           633          3774580      183924563     116996465         74.1b   88.25
 IPv4      17            69         19196471      183496427     132796143          9.2b   10.92
 IPv6      17             5         20381719      174123077     139688236        698.4m    0.83
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           633            66284       15733201        272085        172.2m   84.87
TMM_FLOWWORKER              IPv4      17            69           153648        1042981        369550         25.5m   12.57
TMM_RECEIVEPCAPFILE         IPv4       6           607             2529          38821          3005          1.8m    0.90
TMM_RECEIVEPCAPFILE         IPv4      17            69             2551          11040          3074        212.2k    0.10
TMM_DECODEPCAPFILE          IPv4       6           607             2645          10307          2868          1.7m    0.86
TMM_DECODEPCAPFILE          IPv4      17            69             2682          26191          3215        221.9k    0.11
TMM_FLOWWORKER              IPv6      17             5           174409         297428        231237          1.2m    0.57
TMM_RECEIVEPCAPFILE         IPv6      17             5             2824           3640          3091         15.5k    0.01
TMM_DECODEPCAPFILE          IPv6      17             5             2711          17720          6219         31.1k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           607             2820          30956          3428          2.1m  1.14  
flow                    IPv4      17            69             2850          23690          4258        293.9k  0.16  
stream                  IPv4       6           633             2599        1397782         19174         12.1m  6.66  
app-layer               IPv4      17            69             2534         120682         12134        837.3k  0.46  
detect                  IPv4       6           633            44647       15684595        226443        143.3m  78.64 
detect                  IPv4      17            69           137151         552305        297693         20.5m  11.27 
tcp-prune               IPv4       6           633             2543          33888          3057          1.9m  1.06  
flow                    IPv6      17             5             2871           4020          3521         17.6k  0.01  
app-layer               IPv6      17             5             2540           8664          5055         25.3k  0.01  
detect                  IPv6      17             5           158147         274214        211729          1.1m  0.58  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            20             2796          45316         10923        218.5k  34.05 
http                    IPv4      17             1             4253           4253          4253          4.3k  0.66  
tls                     IPv4       6            28             2606          16428          3703        103.7k  16.16 
tls                     IPv4      17             5             2722           3710          3221         16.1k  2.51  
dns                     IPv4      17            36             3514         105317          8203        295.3k  46.03 
tls                     IPv6      17             1             3710           3710          3710          3.7k  0.58  
Proto detect            IPv4      17            47             2750          20406          4962        233.2k
Proto detect            IPv6      17             2             3019           3345          3182          6.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            36            27591         443449         79892          2.9m  44.72 
LOGGER_JSON_HTTP            IPv4       6            17            41002         116357         68474          1.2m  18.10 
LOGGER_JSON_TLS             IPv4       6            14            33393          72604         48561        679.9k  10.57 
LOGGER_JSON_FILE            IPv4       6            21            49218         178658         81487          1.7m  26.61 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           362             2560         136095         22838         8.3m  17.46 
payload                           IPv4      17            69             4372          99705         30088         2.1m  4.39  
stream                            IPv4       6           362             2536       13203209         74518        27.0m  56.99 
http_uri                          IPv4       6            17             7410          54879         21334       362.7k  0.77  
http_request_line                 IPv4       6            17             3724           8920          5579        94.8k  0.20  
http_client_body                  IPv4       6            17             2853         116663         17393       295.7k  0.62  
http_header (request)             IPv4       6            17            19938         101206         47765       812.0k  1.72  
http_header (request trailer)     IPv4       6            17             2618           2809          2683        45.6k  0.10  
http_header_names (request)       IPv4       6            17             6185          36725         15348       260.9k  0.55  
http_accept (request)             IPv4       6            17             3013           7841          4142        70.4k  0.15  
http_referer (request)            IPv4       6            17             2877           6575          3733        63.5k  0.13  
http_content_len (request)        IPv4       6            17             2940           6273          3570        60.7k  0.13  
http_content_type (request)       IPv4       6            17             2881          17806          4347        73.9k  0.16  
http_protocol (request)           IPv4       6            17             3321           5758          4252        72.3k  0.15  
http_start (request)              IPv4       6            17             6420          16476          9945       169.1k  0.36  
http_raw_header (request)         IPv4       6            17             8985          17614         12160       206.7k  0.44  
http_method                       IPv4       6            17             3659           7372          5055        85.9k  0.18  
http_cookie (request)             IPv4       6            17             2949           5096          3322        56.5k  0.12  
http_raw_uri                      IPv4       6            17             3193           9882          5172        87.9k  0.19  
http_user_agent                   IPv4       6            17             4492          28280         11765       200.0k  0.42  
http_host                         IPv4       6            17             3205           9958          5495        93.4k  0.20  
dns_query                         IPv4      17            18             2853          20084          8215       147.9k  0.31  
tls_sni                           IPv4       6            21             3197          21333          6190       130.0k  0.27  
http_response_line                IPv4       6            17             3238          10895          6213       105.6k  0.22  
http_header (response)            IPv4       6            17             9532          80214         34118       580.0k  1.23  
http_header (response trailer)    IPv4       6            17             2571          18240          3779        64.3k  0.14  
http_content_type (response)      IPv4       6            17             3099          11403          5762        98.0k  0.21  
http_raw_header (response)        IPv4       6           100             3821          39556          6022       602.2k  1.27  
http_cookie (response)            IPv4       6            17             2888           7752          3558        60.5k  0.13  
http_stat_code                    IPv4       6            17             2620           4165          3313        56.3k  0.12  
tls_cert_issuer                   IPv4       6            14             3506           9125          5160        72.2k  0.15  
tls_cert_subject                  IPv4       6            14             2945          11921          5492        76.9k  0.16  
tls_cert_serial                   IPv4       6            14             3157           6245          4330        60.6k  0.13  
file_data (http response)         IPv4       6            83             2565        1313331         57112         4.7m  10.01 
Total                             IPv4                  1465                                         32236        47.2m
payload                           IPv6      17             5            12081          31288         22249       111.2k  0.24  
Total                             IPv6                     5                                         22249       111.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            55             3374          80435         29324          1.6m  0.75  
PROF_DETECT_IPONLY          IPv4      17            47             3559          79196         33540          1.6m  0.73  
PROF_DETECT_RULES           IPv4       6           633             2525        1583372         81505         51.6m  23.92 
PROF_DETECT_RULES           IPv4      17            69            74885         376504        166562         11.5m  5.33  
PROF_DETECT_STATEFUL_START    IPv4       6           105             5108         883840        105562         11.1m  5.14  
PROF_DETECT_STATEFUL_CONT    IPv4       6           633             2509          39402          6886          4.4m  2.02  
PROF_DETECT_STATEFUL_CONT    IPv4      17            69             2512          51297          5211        359.6k  0.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           516             2540          18193          2776          1.4m  0.66  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            36             2602           3807          2819        101.5k  0.05  
PROF_DETECT_PREFILTER       IPv4       6           633             7740       14588174         96389         61.0m  28.29 
PROF_DETECT_PREFILTER       IPv4      17            69            28308         124943         58405          4.0m  1.87  
PROF_DETECT_PF_PAYLOAD      IPv4       6           362            13536       13231558        105600         38.2m  17.72 
PROF_DETECT_PF_PAYLOAD      IPv4      17            69             9672         104776         36102          2.5m  1.15  
PROF_DETECT_PF_TX           IPv4       6           516             2547        1333274         25560         13.2m  6.12  
PROF_DETECT_PF_TX           IPv4      17            18             8025          25380         13827        248.9k  0.12  
PROF_DETECT_PF_SORT1        IPv4       6           269             2544         111762          3892          1.0m  0.49  
PROF_DETECT_PF_SORT1        IPv4      17            69             2934           9154          3987        275.1k  0.13  
PROF_DETECT_PF_SORT2        IPv4       6           633             2508          16685          2789          1.8m  0.82  
PROF_DETECT_PF_SORT2        IPv4      17            69             2569           3938          2967        204.8k  0.09  
PROF_DETECT_NONMPMLIST      IPv4       6           633             2557          16362          2853          1.8m  0.84  
PROF_DETECT_NONMPMLIST      IPv4      17            69             2532          23943          3686        254.4k  0.12  
PROF_DETECT_ALERT           IPv4       6           633             2516          23335          2757          1.7m  0.81  
PROF_DETECT_ALERT           IPv4      17            69             2525          18286          2902        200.2k  0.09  
PROF_DETECT_CLEANUP         IPv4       6           633             2554          16922          2819          1.8m  0.83  
PROF_DETECT_CLEANUP         IPv4      17            69             2523          14934          3235        223.3k  0.10  
PROF_DETECT_GETSGH          IPv4       6           633             2510          21410          3259          2.1m  0.96  
PROF_DETECT_GETSGH          IPv4      17            69             2542          31425          5640        389.2k  0.18  
PROF_DETECT_IPONLY          IPv6      17             2             7579          78355         42967         85.9k  0.04  
PROF_DETECT_RULES           IPv6      17             5            89811         149594        111114        555.6k  0.26  
PROF_DETECT_STATEFUL_CONT    IPv6      17             5             2756           2818          2801         14.0k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             5            33187          54437         44417        222.1k  0.10  
PROF_DETECT_PF_PAYLOAD      IPv6      17             5            17122          36615         27454        137.3k  0.06  
PROF_DETECT_PF_SORT1        IPv6      17             5             3102           4039          3664         18.3k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             5             2575           3167          2767         13.8k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             5             2531           3498          3079         15.4k  0.01  
PROF_DETECT_ALERT           IPv6      17             5             2536           2767          2637         13.2k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             5             2525           2877          2676         13.4k  0.01  
PROF_DETECT_GETSGH          IPv6      17             5             2746           9012          4741         23.7k  0.01  


stats.log - (3300 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 7/2/2019 -- 10:07:27 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 734
decoder.bytes                              | Total                     | 420339
decoder.ipv4                               | Total                     | 676
decoder.ipv6                               | Total                     | 5
decoder.ethernet                           | Total                     | 734
decoder.tcp                                | Total                     | 607
decoder.udp                                | Total                     | 74
decoder.avg_pkt_size                       | Total                     | 572
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 28
flow.udp                                   | Total                     | 31
tcp.sessions                               | Total                     | 27
tcp.syn                                    | Total                     | 27
tcp.synack                                 | Total                     | 27
tcp.rst                                    | Total                     | 18
tcp.overlap                                | Total                     | 2
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 6
app_layer.flow.http                        | Total                     | 13
app_layer.tx.http                          | Total                     | 17
app_layer.flow.tls                         | Total                     | 14
app_layer.flow.dns_udp                     | Total                     | 18
app_layer.tx.dns_udp                       | Total                     | 18
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 13
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 58
flow_mgr.flows_notimeout                   | Total                     | 45
flow_mgr.flows_timeout                     | Total                     | 13
flow_mgr.flows_removed                     | Total                     | 13
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65478
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7091296


eve.json - (52055 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{"timestamp":"2019-07-02T09:56:43.306664+0000","flow_id":435173239533032,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.240.32","src_port":50943,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10143,"rrname":"srisawarakrabi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:41.536174+0000","flow_id":435173239533032,"pcap_cnt":14,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":50943,"proto":"UDP","dns":{"type":"answer","id":10143,"rcode":"NOERROR","rrname":"srisawarakrabi.com","rrtype":"A","ttl":14399,"rdata":"173.254.102.196"}}
{"timestamp":"2019-07-02T09:56:42.249219+0000","flow_id":1252307947358387,"pcap_cnt":27,"event_type":"http","src_ip":"192.168.240.32","src_port":49235,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-07-02T09:56:42.478822+0000","flow_id":1252307947358387,"pcap_cnt":47,"event_type":"fileinfo","src_ip":"173.254.102.196","src_port":80,"dest_ip":"192.168.240.32","dest_port":49235,"proto":"TCP","http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":743},"app_proto":"http","fileinfo":{"filename":"\/g\/att\/","gaps":false,"state":"CLOSED","stored":false,"size":1823,"tx_id":0}}
{"timestamp":"2019-07-02T09:56:42.494994+0000","flow_id":1250796119041762,"pcap_cnt":78,"event_type":"http","src_ip":"192.168.240.32","src_port":49236,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/paste173.jpg","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/jpeg"}}
{"timestamp":"2019-07-02T09:56:42.501205+0000","flow_id":1576693942502898,"pcap_cnt":109,"event_type":"http","src_ip":"192.168.240.32","src_port":49238,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/att.PNG","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/png"}}
{"timestamp":"2019-07-02T09:56:42.521013+0000","flow_id":89503534025681,"pcap_cnt":161,"event_type":"http","src_ip":"192.168.240.32","src_port":49237,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/paste174.jpg","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/jpeg"}}
{"timestamp":"2019-07-02T09:56:42.522364+0000","flow_id":130801792062459,"pcap_cnt":163,"event_type":"http","src_ip":"192.168.240.32","src_port":49239,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/paste175.jpg","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/jpeg"}}
{"timestamp":"2019-07-02T09:56:42.533554+0000","flow_id":1252307947358387,"pcap_cnt":170,"event_type":"http","src_ip":"192.168.240.32","src_port":49235,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/paste172.jpg","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/jpeg"}}
{"timestamp":"2019-07-02T09:56:42.764572+0000","flow_id":1252307947358387,"pcap_cnt":172,"event_type":"fileinfo","src_ip":"173.254.102.196","src_port":80,"dest_ip":"192.168.240.32","dest_port":49235,"proto":"TCP","http":{"hostname":"srisawarakrabi.com","url":"\/g\/att\/images\/paste172.jpg","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/jpeg","http_refer":"http:\/\/srisawarakrabi.com\/g\/att\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":108618},"app_proto":"http","fileinfo":{"filename":"\/g\/att\/images\/paste172.jpg","gaps":false,"state":"CLOSED","stored":false,"size":108618,"tx_id":1}}
{"timestamp":"2019-07-02T09:56:42.764609+0000","flow_id":1252307947358387,"pcap_cnt":173,"event_type":"http","src_ip":"192.168.240.32","src_port":49235,"dest_ip":"173.254.102.196","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"srisawarakrabi.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"image\/x-icon"}}
{"timestamp":"2019-07-02T09:56:47.384720+0000","flow_id":1158215951703760,"pcap_cnt":174,"event_type":"dns","src_ip":"192.168.240.32","src_port":56020,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59278,"rrname":"api.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:45.662371+0000","flow_id":1158215951703760,"pcap_cnt":175,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":56020,"proto":"UDP","dns":{"type":"answer","id":59278,"rcode":"NOERROR","rrname":"api.bing.com","rrtype":"CNAME","ttl":913,"rdata":"api-bing-com.e-0001.e-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.662371+0000","flow_id":1158215951703760,"pcap_cnt":175,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":56020,"proto":"UDP","dns":{"type":"answer","id":59278,"rcode":"NOERROR","rrname":"api-bing-com.e-0001.e-msedge.net","rrtype":"CNAME","ttl":581,"rdata":"e-0001.e-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.662371+0000","flow_id":1158215951703760,"pcap_cnt":175,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":56020,"proto":"UDP","dns":{"type":"answer","id":59278,"rcode":"NOERROR","rrname":"e-0001.e-msedge.net","rrtype":"A","ttl":222,"rdata":"13.107.5.80"}}
{"timestamp":"2019-07-02T09:56:45.664362+0000","flow_id":979075013092138,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.240.32","src_port":53321,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54805,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:47.388133+0000","flow_id":2226146684955685,"pcap_cnt":177,"event_type":"dns","src_ip":"192.168.240.32","src_port":53394,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57634,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:45.666253+0000","flow_id":1760247959857805,"pcap_cnt":178,"event_type":"dns","src_ip":"192.168.240.32","src_port":64926,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42451,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:47.390051+0000","flow_id":356281133036451,"pcap_cnt":179,"event_type":"dns","src_ip":"192.168.240.32","src_port":65297,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44901,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:45.674981+0000","flow_id":979075013092138,"pcap_cnt":180,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53321,"proto":"UDP","dns":{"type":"answer","id":54805,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":2,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-07-02T09:56:45.674981+0000","flow_id":979075013092138,"pcap_cnt":180,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53321,"proto":"UDP","dns":{"type":"answer","id":54805,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":47,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.674981+0000","flow_id":979075013092138,"pcap_cnt":180,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53321,"proto":"UDP","dns":{"type":"answer","id":54805,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"204.79.197.200"}}
{"timestamp":"2019-07-02T09:56:45.674981+0000","flow_id":979075013092138,"pcap_cnt":180,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53321,"proto":"UDP","dns":{"type":"answer","id":54805,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"13.107.21.200"}}
{"timestamp":"2019-07-02T09:56:45.675160+0000","flow_id":356281133036451,"pcap_cnt":181,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":65297,"proto":"UDP","dns":{"type":"answer","id":44901,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":2,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-07-02T09:56:45.675160+0000","flow_id":356281133036451,"pcap_cnt":181,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":65297,"proto":"UDP","dns":{"type":"answer","id":44901,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":47,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.675160+0000","flow_id":356281133036451,"pcap_cnt":181,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":65297,"proto":"UDP","dns":{"type":"answer","id":44901,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"204.79.197.200"}}
{"timestamp":"2019-07-02T09:56:45.675160+0000","flow_id":356281133036451,"pcap_cnt":181,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":65297,"proto":"UDP","dns":{"type":"answer","id":44901,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"13.107.21.200"}}
{"timestamp":"2019-07-02T09:56:45.685302+0000","flow_id":2226146684955685,"pcap_cnt":182,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53394,"proto":"UDP","dns":{"type":"answer","id":57634,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":1,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-07-02T09:56:45.685302+0000","flow_id":2226146684955685,"pcap_cnt":182,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53394,"proto":"UDP","dns":{"type":"answer","id":57634,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":59,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.685302+0000","flow_id":2226146684955685,"pcap_cnt":182,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53394,"proto":"UDP","dns":{"type":"answer","id":57634,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"204.79.197.200"}}
{"timestamp":"2019-07-02T09:56:45.685302+0000","flow_id":2226146684955685,"pcap_cnt":182,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":53394,"proto":"UDP","dns":{"type":"answer","id":57634,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":43,"rdata":"13.107.21.200"}}
{"timestamp":"2019-07-02T09:56:45.685341+0000","flow_id":1760247959857805,"pcap_cnt":183,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":64926,"proto":"UDP","dns":{"type":"answer","id":42451,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":55,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-07-02T09:56:45.685341+0000","flow_id":1760247959857805,"pcap_cnt":183,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":64926,"proto":"UDP","dns":{"type":"answer","id":42451,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":59,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-07-02T09:56:45.685341+0000","flow_id":1760247959857805,"pcap_cnt":183,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":64926,"proto":"UDP","dns":{"type":"answer","id":42451,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":29,"rdata":"204.79.197.200"}}
{"timestamp":"2019-07-02T09:56:45.685341+0000","flow_id":1760247959857805,"pcap_cnt":183,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":64926,"proto":"UDP","dns":{"type":"answer","id":42451,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":29,"rdata":"13.107.21.200"}}
{"timestamp":"2019-07-02T09:56:48.535004+0000","flow_id":1041800863164892,"pcap_cnt":184,"event_type":"dns","src_ip":"192.168.240.32","src_port":51343,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29476,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:46.820581+0000","flow_id":1041800863164892,"pcap_cnt":185,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":51343,"proto":"UDP","dns":{"type":"answer","id":29476,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":21,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-07-02T09:56:46.820581+0000","flow_id":1041800863164892,"pcap_cnt":185,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":51343,"proto":"UDP","dns":{"type":"answer","id":29476,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":46,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-07-02T09:56:46.820581+0000","flow_id":1041800863164892,"pcap_cnt":185,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":51343,"proto":"UDP","dns":{"type":"answer","id":29476,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":38,"rdata":"204.79.197.200"}}
{"timestamp":"2019-07-02T09:56:46.820581+0000","flow_id":1041800863164892,"pcap_cnt":185,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":51343,"proto":"UDP","dns":{"type":"answer","id":29476,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":38,"rdata":"13.107.21.200"}}
{"timestamp":"2019-07-02T09:56:46.850595+0000","flow_id":603349126772900,"pcap_cnt":202,"event_type":"tls","src_ip":"192.168.240.32","src_port":49241,"dest_ip":"204.79.197.200","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.bing.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2"}}
{"timestamp":"2019-07-02T09:56:46.850976+0000","flow_id":666545275446546,"pcap_cnt":207,"event_type":"tls","src_ip":"192.168.240.32","src_port":49240,"dest_ip":"204.79.197.200","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.bing.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2"}}
{"timestamp":"2019-07-02T09:56:47.093256+0000","flow_id":2032432922455112,"pcap_cnt":219,"event_type":"dns","src_ip":"192.168.240.32","src_port":65359,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20240,"rrname":"ctldl.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:48.821158+0000","flow_id":603898882590630,"pcap_cnt":220,"event_type":"dns","src_ip":"192.168.240.32","src_port":60265,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3008,"rrname":"ctldl.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-02T09:56:47.132613+0000","flow_id":603898882590630,"pcap_cnt":221,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":60265,"proto":"UDP","dns":{"type":"answer","id":3008,"rcode":"NOERROR","rrname":"ctldl.windowsupdate.com","rrtype":"CNAME","ttl":465,"rdata":"audownload.windowsupdate.nsatc.net"}}
{"timestamp":"2019-07-02T09:56:47.132613+0000","flow_id":603898882590630,"pcap_cnt":221,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.32","dest_port":60265,"proto":"UDP","dns":{"type":"answer","id":3008,"rcode":"NOERROR","rrname":"audownload.windowsup

This file has been truncated. Go here to download in full.


keyword_perf.log - (15494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/2/2019 -- 10:07:27
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2078832         672             672             23021           3093.00         3093.00         0.00           
  content          10320907        2611            963             245536          3952.00         4984.00         3349.00        
  pcre             1161649         277             62              24981           4193.00         4829.00         4010.00        
  byte_test        696249          234             106             18130           2975.00         3231.00         2763.00        
  byte_jump        58517           19              8               4573            3079.00         2830.00         3261.00        
  isdataat         63581           18              0               17929           3532.00         0.00            3532.00        
  flowbits         10963           2               2               7760            5481.00         5481.00         0.00           
  urilen           418310          132             44              28514           3169.00         2967.00         3269.00        
  byte_extract     259515          96              96              4688            2703.00         2703.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2078832         672             672             23021           3093.00         3093.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5965501         1770            500             100060          3370.00         4130.00         3071.00        
  pcre             472699          133             8               24981           3554.00         4048.00         3522.00        
  byte_test        696249          234             106             18130           2975.00         3231.00         2763.00        
  byte_jump        58517           19              8               4573            3079.00         2830.00         3261.00        
  isdataat         63581           18              0               17929           3532.00         0.00            3532.00        
  byte_extract     259515          96              96              4688            2703.00         2703.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         10963           2               2               7760            5481.00         5481.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          434956          118             64              17476           3686.00         3512.00         3891.00        
  pcre             282936          62              16              19014           4563.00         4454.00         4601.00        
  urilen           418310          132             44              28514           3169.00         2967.00         3269.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          280941          40              8               68386           7023.00         12143.00        5743.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          50730           17              0               4335            2984.00         0.00            2984.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1245884         35              8               245536          35596.00        114771.00       12137.00       
  pcre             20542           4               0               8725            5135.00         0.00            5135.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1769943         457             298             24429           3872.00         4044.00         3552.00        
  pcre             326982          64              24              22357           5109.00         5720.00         4742.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          246138          73              24              4544            3371.00         3550.00         3284.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4291            1               1               4291            4291.00         4291.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3122            1               1               3122            3122.00         3122.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11472           4               0               3027            2868.00         0.00            2868.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7278            2               2               3872            3639.00         3639.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3575            1               1               3575            3575.00         3575.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          93479           30              19              4055            3115.00         3249.00         2884.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          185306          56              35              4455            3309.00         3383.00         3184.00        
  pcre             58490           14              14              5373            4177.00         4177.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12598           4               2               3236            3149.00         3066.00         3232.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5693            2               0               3089            2846.00         0.00            2846.00        


suricata-4.0.0-etpro-all-perf.txt-2019-07-02-T-10-07-27-07022019.1007-network.pcap.txt - (43477 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/2/2019 -- 10:07:27. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820157      1        2        809989       1.68   3        0        430805      269996.33   0.00        269996.33  
  2        2820158      1        2        804481       1.67   3        0        426453      268160.33   0.00        268160.33  
  3        2021749      1        6        3893269      8.06   16       0        357239      243329.31   0.00        243329.31  
  4        2822213      1        2        2569438      5.32   23       0        298171      111714.70   0.00        111714.70  
  5        2814978      1        2        2707296      5.61   24       0        245030      112804.00   0.00        112804.00  
  6        2814979      1        2        2741685      5.68   24       0        241710      114236.88   0.00        114236.88  
  7        2807926      1        3        191467       0.40   8        0        113250      23933.38    0.00        23933.38   
  8        2018005      1        6        1322704      2.74   23       0        102370      57508.87    0.00        57508.87   
  9        2022480      1        2        308546       0.64   4        0        92450       77136.50    0.00        77136.50   
  10       2803027      1        6        182486       0.38   7        0        92439       26069.43    0.00        26069.43   
  11       2816909      1        2        419513       0.87   7        0        85313       59930.43    0.00        59930.43   
  12       2806921      1        3        143827       0.30   4        0        84856       35956.75    0.00        35956.75   
  13       2022054      1        3        73370        0.15   1        0        73370       73370.00    0.00        73370.00   
  14       2001330      1        8        700264       1.45   224      0        71399       3126.18     0.00        3126.18    
  15       2809816      1        2        149196       0.31   4        0        70058       37299.00    0.00        37299.00   
  16       2816910      1        2        390599       0.81   7        0        69931       55799.86    0.00        55799.86   
  17       2815254      1        7        201940       0.42   4        0        64250       50485.00    0.00        50485.00   
  18       2816327      1        4        282518       0.59   7        0        63371       40359.71    0.00        40359.71   
  19       2820309      1        2        132176       0.27   4        0        61147       33044.00    0.00        33044.00   
  20       2816940      1        2        382255       0.79   7        0        60840       54607.86    0.00        54607.86   
  21       2024848      1        2        168980       0.35   4        0        60461       42245.00    0.00        42245.00   
  22       2025064      1        5        276740       0.57   7        0        59852       39534.29    0.00        39534.29   
  23       2816929      1        4        280462       0.58   7        0        59723       40066.00    0.00        40066.00   
  24       2023818      1        2        92245        0.19   2        2        58773       46122.50    46122.50    0.00       
  25       2809850      1        2        222835       0.46   8        0        55360       27854.38    0.00        27854.38   
  26       2018457      1        1        733872       1.52   20       0        54060       36693.60    0.00        36693.60   
  27       2806659      1        4        150629       0.31   6        0        52433       25104.83    0.00        25104.83   
  28       2821839      1        2        52419        0.11   1        0        52419       52419.00    0.00        52419.00   
  29       2816928      1        3        253428       0.52   7        0        51821       36204.00    0.00        36204.00   
  30       2816669      1        4        148642       0.31   4        0        50954       37160.50    0.00        37160.50   
  31       2811447      1        2        285748       0.59   16       0        50773       17859.25    0.00        17859.25   
  32       2018789      1        3        214661       0.44   24       0        49591       8944.21     0.00        8944.21    
  33       2020661      1        3        326763       0.68   15       0        49016       21784.20    0.00        21784.20   
  34       2815480      1        6        83117        0.17   2        0        47261       41558.50    0.00        41558.50   
  35       2025142      1        2        169136       0.35   4        0        46338       42284.00    0.00        42284.00   
  36       2816647      1        2        165434       0.34   4        0        44590       41358.50    0.00        41358.50   
  37       2022547      1        1        409703       0.85   126      0        44568       3251.61     0.00        3251.61    
  38       2013739      1        15       133215       0.28   35       0        44568       3806.14     0.00        3806.14    
  39       2816925      1        3        221491       0.46   7        0        44474       31641.57    0.00        31641.57   
  40       2822979      1        3        44091        0.09   1        0        44091       44091.00    0.00        44091.00   
  41       2809088      1        7        146103       0.30   4        0        43937       36525.75    0.00        36525.75   
  42       2816165      1        5        413755       0.86   17       0        43765       24338.53    0.00        24338.53   
  43       2816356      1        2        240979       0.50   7        0        43723       34425.57    0.00        34425.57   
  44       2811279      1        7        70089        0.15   2        0        43457       35044.50    0.00        35044.50   
  45       2010067      1        10       156801       0.32   4        0        42677       39200.25    0.00        39200.25   
  46       2022502      1        4        335769       0.70   13       0        41623       25828.38    0.00        25828.38   
  47       2021381      1        7        146715       0.30   4        0        41584       36678.75    0.00        36678.75   
  48       2824257      1        2        155887       0.32   4        0        41281       38971.75    0.00        38971.75   
  49       2014701      1        12       448723       0.93   36       0        41259       12464.53    0.00        12464.53   
  50       2815451      1        2        351689       0.73   28       0        40671       12560.32    0.00        12560.32   
  51       2829393      1        1        197193       0.41   7        0        40564       28170.43    0.00        28170.43   
  52       2819931      1        2        40122        0.08   1        0        40122       40122.00    0.00        40122.00   
  53       2821615      1        2        378077       0.78   13       0        40001       29082.85    0.00        29082.85   
  54       2806802      1        2        137840       0.29   6        0        39973       22973.33    0.00        22973.33   
  55       2816526      1        13       201055       0.42   7        0        39787       28722.14    0.00        28722.14   
  56       2016537      1        2        889999       1.84   61       0        39676       14590.15    0.00        14590.15   
  57       2816328      1        5        194140       0.40   7        0        39573       27734.29    0.00        27734.29   
  58       2024771      1        1        674796       1.40   95       0        39149       7103.12     0.00        7103.12    
  59       2816927      1        3        240071       0.50   7        0        38325       34295.86    0.00        34295.86   
  60       2820851      1        5        238807       0.49   7        0        38272       34115.29    0.00        34115.29   
  61       2816895      1        2        70235        0.15   2        0        38035       35117.50    0.00        35117.50   
  62       2816930      1        4        193452       0.40   7        0        37386       27636.00    0.00        27636.00   
  63       2017552      1        6        1218012      2.52   78       0        37348       15615.54    0.00        15615.54   
  64       2828212      1        2        97989        0.20   4        0        37246       24497.25    0.00        24497.25   
  65       2012707      1        5        363476       0.75   17       0        36613       21380.94    0.00        21380.94   
  66       2815481      1        6        68505        0.14   2        0        36541       34252.50    0.00        34252.50   
  67       2821561      1        2        134939       0.28   4        0        36323       33734.75    0.00        33734.75   
  68       2014704      1        7        109527       0.23   4        0        35858       27381.75    0.00        27381.75   
  69       2022609      1        2        35485        0.07   1        0        35485       35485.00    0.00        35485.00   
  70       2018069      1        1        35068        0.07   1        0        35068       35068.00    0.00        35068.00   
  71       2816525      1        10       226361       0.47   7        0        34821       32337.29    0.00        32337.29   
  72       2827279      1        5        309401       0.64   17       0        34366       18200.06    0.00        18200.06   
  73       2816922      1        5        207210       0.43   7        0        34150       29601.43    0.00        29601.43   
  74       2019343      1        3        202142       0.42   7        0        33940       28877.43    0.00        28877.43   
  75       2829394      1        1        221475       0.46   7        0        33716       31639.29    0.00        31639.29   
  76       2819673      1        4        215715       0.45   7        0        33612       30816.43    0.00        30816.43   
  77       2815754      1        2        64761        0.13   2        0        33568       32380.50    0.00        32380.50   
  78       2020855      1        3        166165       0.34   7        0        33567       23737.86    0.00        23737.86   
  79       2023626      1        3        206804       0.43   60       0        33347       3446.73     0.00        3446.73    
  80       2830036      1        1        225524       0.47   10       0        33301       22552.40    0.00        22552.40   
  81       2014703      1        9        328179       0.68   36       0        33186       9116.08     0.00        9116.08    
  82       2012612      1        16       162278       0.34   7        0        33122       23182.57    0.00        23182.57   
  83       2815753      1        2        64368        0.13   2        0        32539       32184.00    0.00        32184.00   
  84       2826256      1        2        362258       0.75   17       0        32491       21309.29    0.00        21309.29   
  85       2815664      1        3        58727        0.12   2        0        31964       29363.50    0.00        29363.50   
  86       2815817      1        5        197931       0.41   7        0        31640       28275.86    0.00        28275.86   
  87       2816931      1        3        186122       0.39   7        0        31623       26588.86    0.00        26588.86   
  88       2802822      1        1        87513        0.18   21       0        31255       4167.29     0.00        4167.29    
  89       2019230      1        2        324128       0.67   36       0        31054       9003.56     0.00        9003.56    
  90       2828986      1        2        30785        0.06   1        0        30785       30785.00    0.00        30785.00   
  91       2020496      1        2        166200       0.34   6        0        30780       27700.00    0.00        27700.00   
  92       2021067      1        2        111116       0.23   4        0        30686       27779.00    0.00        27779.00   
  93       2022543      1        1        287339       0.60   18       0        30616       15963.28    0.00        15963.28   
  94       2811280      1        7        57732        0.12   2        0        30529       28866.00    0.00        28866.00   
  95       2806338      1        5        112392       0.23   4        0        30329       28098.00    0.00        28098.00   
  96       2803760      1        3        285659       0.59   18       0        29470       15869.94    0.00        15869.94   
  97       2828060      1        4        29261        0.06   1        0        29261       29261.00    0.00        29261.00   
  98       2812512      1        3        109037       0.23   4        0        29217       27259.25    0.00        27259.25   
  99       2019155      1        2        104158       0.22   4        0        28527       26039.50    0.00        26039.50   
  100      2821148      1        4        106463       0.22   4        0        28472       26615.75    0.00        26615.75   
  101      2020295      1        6        106861       0.22   4        0        28426       26715.25    0.00        26715.25   
  102      2807878      1        2        53205        0.11   2        0        28167       26602.50    0.00        26602.50   
  103      2014702      1        9        312139       0.65   36       0        28076       8670.53     0.00        8670.53    
  104      2829848      1        2        28072        0.06   1        0        28072       28072.00    0.00        28072.00   
  105      2816660      1        3        28041        0.06   1        0        28041       28041.00    0.00        28041.00   
  106      2809859      1        6        27788        0.06   1        0        27788       27788.00    0.00        27788.00   
  107      2022197      1        3        104597       0.22   4        0        27768       26149.25    0.00        26149.25   
  108      2816924      1        4        180393       0.37   7        0        27542       25770.43    0.00        25770.43   
  109      2815886      1        2        152214       0.32   7        0        27135       21744.86    0.00        21744.86   
  110      2828823      1        2        42844        0.09   2        0        24147       21422.00    0.00        21422.00   
  111      2814736      1        7        23655        0.05   1        0        23655       23655.00    0.00        23655.00   
  112      2811740      1        2        148644       0.31   7        0        23646       21234.86    0.00        21234.86   
  113      2014133      1        4        81801        0.17   4        0        23398       20450.25    0.00        20450.25   
  114      2008117      1        3        82849        0.17   21       0        23383       3945.19     0.00        3945.19    
  115      2804626      1        9        147197       0.30   7        0        23143       21028.14    0.00        21028.14   
  116      2816394      1        2        85853        0.18   4        0        23092       21463.25    0.00        21463.25   
  117      2828008      1        2        272546       0.56   17       0        22989       16032.12    0.00        16032.12   
  118      2020608      1        4        22923        0.05   1        0        22923       22923.00    0.00        22923.00   
  119      2021813      1        6        102395       0.21   5        0        22887       20479.00    0.00        20479.00   
  120      2816857      1        2        143188       0.30   7        0        22681       20455.43    0.00        20455.43   
  121      2828190      1        2        145673       0.30   7        0        22583       20810.43    0.00        20810.43   
  122      2022552      1        2        101320       0.21   5        0        22330       20264.00    0.00        20264.00   
  123      2007880      1        7        123587       0.26   6        0        22217       20597.83    0.00        20597.83   
  124      2022467      1        2        22186        0.05   1        0        22186       22186.00    0.00        22186.00   
  125      2806959      1        2        79

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-07-02 10:07:05,032 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-02 10:07:05,775 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-02 10:07:05,776 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-02 10:07:05,776 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-02 10:07:05,776 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-02 10:07:05,776 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6b3a5fe7bd9244316bdf69afdbe9acaf56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07022019.1007-network.pcap -vvv -k none
2019-07-02 10:07:27,266 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-02 10:07:27,266 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2416000366