Filename: pcap (5).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.2675070763 seconds
Hash: 6ee9f63fc735ad6889d9989184771264
Uploaded: 1568631199

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-09-16-T-10-53-47-09162019.1053-pcap_5.pcap.txt - (15574 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
  --------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:53:47. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023622      1        3        3384798      5.80   374      0        1443994     9050.26     0.00        9050.26    
  2        2802081      1        1        1704898      2.92   252      0        346868      6765.47     0.00        6765.47    
  3        2805348      1        4        1760688      3.02   20       0        167644      88034.40    0.00        88034.40   
  4        2023620      1        3        1602284      2.74   296      0        163862      5413.12     0.00        5413.12    
  5        2809850      1        2        850992       1.46   25       0        105222      34039.68    0.00        34039.68   
  6        2018316      1        4        1188058      2.03   18       0        102014      66003.22    0.00        66003.22   
  7        2801347      1        5        223004       0.38   26       0        100176      8577.08     0.00        8577.08    
  8        2010140      1        7        3268436      5.60   277      0        97696       11799.41    0.00        11799.41   
  9        2020741      1        1        1150974      1.97   18       0        92878       63943.00    0.00        63943.00   
  10       2020742      1        1        1098256      1.88   18       0        85992       61014.22    0.00        61014.22   
  11       2018666      1        4        1103962      1.89   18       0        83340       61331.22    0.00        61331.22   
  12       2816585      1        3        81484        0.14   1        0        81484       81484.00    0.00        81484.00   
  13       2023083      1        2        75622        0.13   1        0        75622       75622.00    0.00        75622.00   
  14       2828060      1        4        74612        0.13   1        0        74612       74612.00    0.00        74612.00   
  15       2009702      1        5        1256998      2.15   111      0        74394       11324.31    0.00        11324.31   
  16       2821148      1        4        73924        0.13   1        0        73924       73924.00    0.00        73924.00   
  17       2828986      1        2        70060        0.12   1        0        70060       70060.00    0.00        70060.00   
  18       2828008      1        2        68734        0.12   1        0        68734       68734.00    0.00        68734.00   
  19       2014703      1        9        1798538      3.08   111      0        66058       16203.05    0.00        16203.05   
  20       2014701      1        12       2430196      4.16   111      0        64686       21893.66    0.00        21893.66   
  21       2828314      1        4        62380        0.11   1        0        62380       62380.00    0.00        62380.00   
  22       2024894      1        3        60786        0.10   1        0        60786       60786.00    0.00        60786.00   
  23       2829848      1        2        58872        0.10   1        0        58872       58872.00    0.00        58872.00   
  24       2803760      1        3        1565516      2.68   53       0        57568       29538.04    0.00        29538.04   
  25       2816843      1        2        56818        0.10   1        0        56818       56818.00    0.00        56818.00   
  26       2020080      1        2        55164        0.09   1        0        55164       55164.00    0.00        55164.00   
  27       2826281      1        2        1547004      2.65   53       0        54964       29188.75    0.00        29188.75   
  28       2829589      1        2        54164        0.09   1        0        54164       54164.00    0.00        54164.00   
  29       2024771      1        1        50224        0.09   1        0        50224       50224.00    0.00        50224.00   
  30       2024897      1        1        49860        0.09   1        1        49860       49860.00    49860.00    0.00       
  31       2025000      1        3        47560        0.08   1        0        47560       47560.00    0.00        47560.00   
  32       2023623      1        3        916086       1.57   164      0        47550       5585.89     0.00        5585.89    
  33       2014702      1        9        1706702      2.92   111      0        47158       15375.69    0.00        15375.69   
  34       2805211      1        1        129058       0.22   6        0        45962       21509.67    0.00        21509.67   
  35       2815651      1        3        45706        0.08   1        0        45706       45706.00    0.00        45706.00   
  36       2007880      1        7        45542        0.08   1        0        45542       45542.00    0.00        45542.00   
  37       2018010      1        5        44722        0.08   1        0        44722       44722.00    0.00        44722.00   
  38       2816165      1        5        44426        0.08   1        0        44426       44426.00    0.00        44426.00   
  39       2014380      1        4        69860        0.12   2        0        43742       34930.00    0.00        34930.00   
  40       2811577      1        2        47608        0.08   2        0        42542       23804.00    0.00        23804.00   
  41       2009243      1        2        335260       0.57   53       0        41004       6325.66     0.00        6325.66    
  42       2010143      1        3        1998378      3.42   277      0        40858       7214.36     0.00        7214.36    
  43       2827279      1        5        40682        0.07   1        0        40682       40682.00    0.00        40682.00   
  44       2826256      1        2        40572        0.07   1        0        40572       40572.00    0.00        40572.00   
  45       2816884      1        3        40506        0.07   1        0        40506       40506.00    0.00        40506.00   
  46       2022531      1        1        458116       0.78   16       0        39950       28632.25    0.00        28632.25   
  47       2827580      1        7        39754        0.07   1        0        39754       39754.00    0.00        39754.00   
  48       2023619      1        3        524432       0.90   100      0        38672       5244.32     0.00        5244.32    
  49       2008117      1        3        916000       1.57   161      0        38098       5689.44     0.00        5689.44    
  50       2016537      1        2        37650        0.06   1        0        37650       37650.00    0.00        37650.00   
  51       2023617      1        3        953034       1.63   185      0        37088       5151.54     0.00        5151.54    
  52       2022545      1        1        425944       0.73   16       0        37040       26621.50    0.00        26621.50   
  53       2017552      1        6        61224        0.10   2        0        36852       30612.00    0.00        30612.00   
  54       2023624      1        3        1164276      1.99   228      0        33342       5106.47     0.00        5106.47    
  55       2023615      1        3        607614       1.04   115      0        32096       5283.60     0.00        5283.60    
  56       2019490      1        3        416726       0.71   79       0        31994       5275.01     0.00        5275.01    
  57       2023625      1        3        1491186      2.55   292      0        30324       5106.80     0.00        5106.80    
  58       2008120      1        4        2006896      3.44   362      0        30302       5543.91     0.00        5543.91    
  59       2010142      1        4        1432494      2.45   277      0        29856       5171.46     0.00        5171.46    
  60       2023616      1        3        745686       1.28   140      0        29760       5326.33     0.00        5326.33    
  61       2023612      1        4        1136616      1.95   212      0        28736       5361.40     0.00        5361.40    
  62       2013739      1        15       1387334      2.38   256      0        28722       5419.27     0.00        5419.27    
  63       2814886      1        1        45228        0.08   2        0        27634       22614.00    0.00        22614.00   
  64       2023621      1        4        1146470      1.96   218      0        27196       5259.04     0.00        5259.04    
  65       2023614      1        3        1276184      2.19   244      0        27064       5230.26     0.00        5230.26    
  66       2023626      1        3        1279298      2.19   246      0        27020       5200.40     0.00        5200.40    
  67       2025200      1        1        601494       1.03   106      0        26972       5674.47     0.00        5674.47    
  68       2023618      1        3        1281638      2.20   250      0        26856       5126.55     0.00        5126.55    
  69       2802026      1        1        723748       1.24   128      0        26604       5654.28     0.00        5654.28    
  70       2022543      1        1        26318        0.05   1        0        26318       26318.00    0.00        26318.00   
  71       2811544      1        1        29712        0.05   2        0        24542       14856.00    0.00        14856.00   
  72       2019230      1        2        30104        0.05   2        0        24516       15052.00    0.00        15052.00   
  73       2823788      1        4        321990       0.55   53       0        24146       6075.28     0.00        6075.28    
  74       2802822      1        1        862070       1.48   161      0        23270       5354.47     0.00        5354.47    
  75       2100566      1        5        90110        0.15   14       0        23082       6436.43     0.00        6436.43    
  76       2019011      1        3        132468       0.23   20       0        22596       6623.40     0.00        6623.40    
  77       2825296      1        3        143760       0.25   24       0        22486       5990.00     0.00        5990.00    
  78       2023627      1        3        1017448      1.74   198      0        22430       5138.63     0.00        5138.63    
  79       2022914      1        1        111350       0.19   6        0        22298       18558.33    0.00        18558.33   
  80       2023613      1        3        1082502      1.85   216      0        21670       5011.58     0.00        5011.58    
  81       2809037      1        1        207658       0.36   39       0        21294       5324.56     0.00        5324.56    
  82       2019017      1        3        128934       0.22   20       0        20872       6446.70     0.00        6446.70    
  83       2016363      1        2        61084        0.10   12       0        9752        5090.33     0.00        5090.33    
  84       2016680      1        6        8200         0.01   1        0        8200        8200.00     0.00        8200.00    
  85       2008118      1        3        282884       0.48   53       0        7594        5337.43     0.00        5337.43    
  86       2016323      1        1        61130        0.10   12       0        7352        5094.17     0.00        5094.17    
  87       2100518      1        8        107006       0.18   22       0        7228        4863.91     0.00        4863.91    
  88       2100540      1        12       22766        0.04   4        0        6784        5691.50     0.00        5691.50    
  89       2008116      1        4        110086       0.19   22       0        6644        5003.91     0.00        5003.91    
  90       2013075      1        8        269814       0.46   53       0        6610        5090.83     0.00        5090.83    
  91       2102523      1        8        6486         0.01   1        0        6486        6486.00     0.00        6486.00    
  92       2019492      1        2        56362        0.10   11       0        6414        5123.82     0.00        5123.82    
  93       2022331      1        3        147706       0.25   29       0        6402        5093.31     0.00        5093.31    
  94       2804589      1        3        6354         0.01   1        0        6354        6354.00     0.00        6354.00    
  95       2802205      1        3        106488       0.18   22       0        6352        4840.36     0.00        4840.36    
  96       2828876      1        1        11586        0.02   2        0        6310        5793.00     0.00        5793.00    
  97       2823571      1        2        6156         0.01   1        0        6156        6156.00     0.00        6156.00    
  98       2019010      1        3        97830        0.17   20       0        6102        4891.50     0.00        4891.50    
  99       2019016      1        3        94586        0.16   20       0        6052        4729.30     0.00        4729.30    
  100      2022330      1        2        39832        0.07   8        0        6014        4979.00     0.00        4979.00    
  101      2810055      1        2        11044        0.02   2        0        5574        5522.00     0.00        5522.00    
  102      2013926      1        8        5512         0.01   1        0        5512        5512.00     0.00        5512.00    
  103      2102523      1        8        10264        0.02   2        0        5466        5132.00     0.00        5132.00    
  104      2811445      1        4        5440         0.01   1        0        5440        5440.00     0.00        5440.00    
  105      2024513      1        5        5434         0.01   1        0        5434        5434.00     0.00        5434.00    
  106      2828877      1        1        5430         0.01   1        0        5430        5430.00     0.00        5430.00    
  107      2008119      1        3        5398         0.01   1        0        5398        5398.00     0.00        5398.00    
  108      2802823      1        1        5362         0.01   1        0        5362        5362.00     0.00        5362.00    
  109      2802876      1        3        5334         0.01   1        0        5334        5334.00     0.00        5334.00    
  110      2022506      1        3        18814        0.03   4        0        5308        4703.50     0.00        4703.50    
  111      2810793      1        5        5276         0.01   1        0        5276        5276.00     0.00        5276.00    
  112      2100540      1        12       19986        0.03   4        0        5274        4996.50     0.00        4996.50    
  113      2823937      1        13       5246         0.01   1        0        5246        5246.00     0.00        5246.00    
  114      2804587      1        2        5036         0.01   1        0        5036        5036.00     0.00        5036.00    
  115      2828748      1        2        4988         0.01   1        0        4988        4988.00     0.00        4988.00    
  116      2805442      1        2        23472        0.04   5        0        4948        4694.40     0.00        4694.40    
  117      2822838      1        2        14006        0.02   3        0        4942        4668.67     0.00        4668.67    
  118      2019491      1        2        8922         0.02   2        0        4470        4461.00     0.00        4461.00    


suricata-report-2019-09-16-T-10-53-47-09162019.1053-pcap_5.pcap.txt - (17648 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6ee9f63fc735ad6889d998918477126456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1053-pcap_5.pcap -vvv -k none
elapsedtime:27.223266
stderr:
stdout:
16/9/2019 -- 10:53:20 - <Info> - Configuration node 'rule-files' redefined.
16/9/2019 -- 10:53:20 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/9/2019 -- 10:53:20 - <Info> - CPUs/cores online: 1
16/9/2019 -- 10:53:20 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34357 and 'request-body-inspect-window' set to 16405 after randomization.
16/9/2019 -- 10:53:20 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32525 and 'response-body-inspect-window' set to 16745 after randomization.
16/9/2019 -- 10:53:20 - <Config> - DNS request flood protection level: 500
16/9/2019 -- 10:53:20 - <Config> - DNS per flow memcap (state-memcap): 524288
16/9/2019 -- 10:53:20 - <Config> - DNS global memcap: 16777216
16/9/2019 -- 10:53:20 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/9/2019 -- 10:53:20 - <Config> - preallocated 1000 hosts of size 136
16/9/2019 -- 10:53:20 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/9/2019 -- 10:53:20 - <Config> - using magic-file /usr/share/file/magic
16/9/2019 -- 10:53:20 - <Config> - Core dump size is unlimited.
16/9/2019 -- 10:53:20 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/9/2019 -- 10:53:20 - <Config> - preallocated 1000 defrag trackers of size 168
16/9/2019 -- 10:53:20 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/9/2019 -- 10:53:20 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/9/2019 -- 10:53:20 - <Config> - stream "memcap": 33554432
16/9/2019 -- 10:53:20 - <Config> - stream "midstream" session pickups: disabled
16/9/2019 -- 10:53:20 - <Config> - stream "async-oneside": disabled
16/9/2019 -- 10:53:20 - <Config> - stream "checksum-validation": disabled
16/9/2019 -- 10:53:20 - <Config> - stream."inline": disabled
16/9/2019 -- 10:53:20 - <Config> - stream "bypass": disabled
16/9/2019 -- 10:53:20 - <Config> - stream "max-synack-queued": 5
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly "memcap": 134217728
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly "depth": 0
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly "toserver-chunk-size": 2528
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly "toclient-chunk-size": 2585
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly.raw: enabled
16/9/2019 -- 10:53:20 - <Config> - stream.reassembly "segment-prealloc": 2048
16/9/2019 -- 10:53:20 - <Config> - Delayed detect disabled
16/9/2019 -- 10:53:20 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/9/2019 -- 10:53:20 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/9/2019 -- 10:53:20 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/9/2019 -- 10:53:20 - <Config> - prefilter engines: MPM
16/9/2019 -- 10:53:20 - <Config> - IP reputation disabled
16/9/2019 -- 10:53:20 - <Perf> - Registered 148 keyword profiling counters.
16/9/2019 -- 10:53:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/9/2019 -- 10:53:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/9/2019 -- 10:53:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/9/2019 -- 10:53:25 - <Config> - No rules loaded from ET-icmp.rules.
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/9/2019 -- 10:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/9/2019 -- 10:53:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/9/2019 -- 10:53:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/9/2019 -- 10:53:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/9/2019 -- 10:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/9/2019 -- 10:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/9/2019 -- 10:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/9/2019 -- 10:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/9/2019 -- 10:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/9/2019 -- 10:53:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/9/2019 -- 10:53:33 - <Config> - No rules loaded from local.rules.
16/9/2019 -- 10:53:33 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/9/2019 -- 10:53:33 - <Info> - Threshold config parsed: 0 rule(s) found
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tcp-packet
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tcp-stream
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for udp-packet
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for other-ip
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_uri
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_client_body
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_accept
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_accept_enc
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_accept_lang
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_referer
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_connection
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_method
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_raw_uri
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_user_agent
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_host
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_raw_host
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_stat_msg
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_stat_code
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for dns_query
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tls_sni
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:53:34 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:53:34 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/9/2019 -- 10:53:34 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/9/2019 -- 10:53:34 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/9/2019 -- 10:53:34 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/9/2019 -- 10:53:34 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/9/2019 -- 10:53:34 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/9/2019 -- 10:53:34 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/9/2019 -- 10:53:34 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/9/2019 -- 10:53:42 - <Perf> - Unique rule groups: 104
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/9/2019 -- 10:53:42 - <Perf> - Builtin MPM "other IP packet": 3
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_header": 10
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_header": 6
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_start": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_method": 5
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver http_host": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toserver file_data": 1
16/9/2019 -- 10:53:42 - <Perf> - AppLayer MPM "toclient file_data": 7
16/9/2019 -- 10:53:45 - <Perf> - Registered 39590 rule profiling counters.
16/9/2019 -- 10:53:45 - <Info> - fast output device (regular) initialized: alert
16/9/2019 -- 10:53:45 - <Info> - eve-log output device (regular) initialized: eve.json
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'alert'
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'http'
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'dns'
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'tls'
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'files'
16/9/2019 -- 10:53:45 - <Config> - enabling 'eve-log' module 'ssh'
16/9/2019 -- 10:53:45 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/9/2019 -- 10:53:45 - <Info> - stats output device (regular) initialized: stats.log
16/9/2019 -- 10:53:45 - <Config> - AutoFP mode using "Hash" flow load balancer
16/9/2019 -- 10:53:45 - <Info> - reading pcap file /var/pcap/09162019.1053-pcap_5.pcap
16/9/2019 -- 10:53:45 - <Config> - using 1 flow manager threads
16/9/2019 -- 10:53:45 - <Config> 

This file has been truncated. Go here to download in full.


packet_stats.log - (16031 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1            39         49394716      238838776     172701576          6.7b    9.79
 IPv4       2            14         10293498      232462480     127597723          1.8b    2.60
 IPv4       6            12        158824336      195605346     171687908          2.1b    3.00
 IPv4      17           374         11664048      242014278     155599406         58.2b   84.61
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1            39           138964       20515662        745238         29.1m   10.95
TMM_FLOWWORKER              IPv4       2            14           146674         529426        199360          2.8m    1.05
TMM_FLOWWORKER              IPv4       6            12           119868        3804416        787017          9.4m    3.56
TMM_FLOWWORKER              IPv4      17           374           215650       13009592        585399        218.9m   82.47
TMM_RECEIVEPCAPFILE         IPv4       1            39             5192           7380          5891        229.8k    0.09
TMM_RECEIVEPCAPFILE         IPv4       2            14             5290          28628          7636        106.9k    0.04
TMM_RECEIVEPCAPFILE         IPv4       6            12             5664           6230          5855         70.3k    0.03
TMM_RECEIVEPCAPFILE         IPv4      17           374             5156           7626          5822          2.2m    0.82
TMM_DECODEPCAPFILE          IPv4       1            39             5372          30352          6621        258.2k    0.10
TMM_DECODEPCAPFILE          IPv4       2            14             5254          17352          6806         95.3k    0.04
TMM_DECODEPCAPFILE          IPv4       6            12             5554          23308          7268         87.2k    0.03
TMM_DECODEPCAPFILE          IPv4      17           374             5184          26120          5883          2.2m    0.83

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1            39             5014           7596          5978        233.2k  0.10  
flow                    IPv4       6            12             5286           7720          6116         73.4k  0.03  
flow                    IPv4      17           374             4770          60134          7306          2.7m  1.18  
stream                  IPv4       6            12             6840         556954         75304        903.6k  0.39  
app-layer               IPv4      17           374             4436       12413176         48305         18.1m  7.81  
detect                  IPv4       1            39           117878       20477412        721446         28.1m  12.17 
detect                  IPv4       2            14           137200         516652        188209          2.6m  1.14  
detect                  IPv4       6            12            79442        3103760        617954          7.4m  3.21  
detect                  IPv4      17           374           187468        2159930        457013        170.9m  73.93 
tcp-prune               IPv4       6            12             4488          15598          6037         72.4k  0.03  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            31358          31358         31358         31.4k  1.69  
http                    IPv4      17             1            31358          31358         31358         31.4k  1.69  
dns                     IPv4      17           212             5154          30128          8474          1.8m  96.63 
Proto detect            IPv4      17           213             4672          48544          7717          1.6m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           102010         102010        102010        102.0k  0.57  
LOGGER_UNIFIED2             IPv4       6             1           128662         128662        128662        128.7k  0.71  
LOGGER_JSON_ALERT           IPv4       6             1           107236         107236        107236        107.2k  0.60  
LOGGER_JSON_DNS             IPv4      17           106            31280       10162416        164113         17.4m  96.58 
LOGGER_JSON_HTTP            IPv4       6             1            74868          74868         74868         74.9k  0.42  
LOGGER_JSON_FILE            IPv4       6             2            75514         127020        101267        202.5k  1.12  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1            39             6936         107550         21871       853.0k  5.20  
payload                           IPv4       6             4             4750         535698        249764       999.1k  6.09  
payload                           IPv4      17           374             5902         570340         31148        11.6m  71.04 
stream                            IPv4       6             4             4512         752690        321223         1.3m  7.83  
http_uri                          IPv4       6             1            42860          42860         42860        42.9k  0.26  
http_request_line                 IPv4       6             1            47528          47528         47528        47.5k  0.29  
http_client_body                  IPv4       6             1            73242          73242         73242        73.2k  0.45  
http_header (request)             IPv4       6             1           258986         258986        258986       259.0k  1.58  
http_header (request trailer)     IPv4       6             1             4554           4554          4554         4.6k  0.03  
http_header_names (request)       IPv4       6             1            64140          64140         64140        64.1k  0.39  
http_accept (request)             IPv4       6             1            19940          19940         19940        19.9k  0.12  
http_referer (request)            IPv4       6             1             5346           5346          5346         5.3k  0.03  
http_content_len (request)        IPv4       6             1            12488          12488         12488        12.5k  0.08  
http_content_type (request)       IPv4       6             1             7620           7620          7620         7.6k  0.05  
http_protocol (request)           IPv4       6             1            14698          14698         14698        14.7k  0.09  
http_start (request)              IPv4       6             1            44470          44470         44470        44.5k  0.27  
http_raw_header (request)         IPv4       6             1            33366          33366         33366        33.4k  0.20  
http_method                       IPv4       6             1            27188          27188         27188        27.2k  0.17  
http_cookie (request)             IPv4       6             1            11110          11110         11110        11.1k  0.07  
http_raw_uri                      IPv4       6             1            13162          13162         13162        13.2k  0.08  
http_user_agent                   IPv4       6             1            48802          48802         48802        48.8k  0.30  
http_host                         IPv4       6             1            20632          20632         20632        20.6k  0.13  
dns_query                         IPv4      17            53             5360          63668         12284       651.1k  3.97  
http_response_line                IPv4       6             1            38672          38672         38672        38.7k  0.24  
http_header (response)            IPv4       6             1            79004          79004         79004        79.0k  0.48  
http_header (response trailer)    IPv4       6             1             4542           4542          4542         4.5k  0.03  
http_content_type (response)      IPv4       6             1            36952          36952         36952        37.0k  0.23  
http_raw_header (response)        IPv4       6             1            20106          20106         20106        20.1k  0.12  
http_cookie (response)            IPv4       6             1             5694           5694          5694         5.7k  0.03  
http_stat_code                    IPv4       6             1            27054          27054         27054        27.1k  0.16  
Total                             IPv4                   499                                         32865        16.4m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1            27            41582         495484         62932          1.7m  0.87  
PROF_DETECT_IPONLY          IPv4       2            14            42730         407218         85924          1.2m  0.62  
PROF_DETECT_IPONLY          IPv4       6             2           120236         124412        122324        244.6k  0.13  
PROF_DETECT_IPONLY          IPv4      17           216             5280         484646         51628         11.2m  5.73  
PROF_DETECT_RULES           IPv4       1            39            14008          55632         27998          1.1m  0.56  
PROF_DETECT_RULES           IPv4       2            14             4436           5602          5048         70.7k  0.04  
PROF_DETECT_RULES           IPv4       6            12             4812        1470732        187434          2.2m  1.16  
PROF_DETECT_RULES           IPv4      17           374            76486        1907306        259383         97.0m  49.84 
PROF_DETECT_STATEFUL_START    IPv4       6             3            11316         569746        250700        752.1k  0.39  
PROF_DETECT_STATEFUL_CONT    IPv4       1            39             4410           6952          4981        194.3k  0.10  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             4414          25912          9272        129.8k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv4       6            12             4794          20674          8243         98.9k  0.05  
PROF_DETECT_STATEFUL_CONT    IPv4      17           374             4406         110894          7383          2.8m  1.42  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             6             4502           5266          4865         29.2k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           106             4534          24380          5775        612.2k  0.31  
PROF_DETECT_PREFILTER       IPv4       1            39            35820         148268         64070          2.5m  1.28  
PROF_DETECT_PREFILTER       IPv4       2            14            13504          42856         18698        261.8k  0.13  
PROF_DETECT_PREFILTER       IPv4       6            12            13906        1523316        326308          3.9m  2.01  
PROF_DETECT_PREFILTER       IPv4      17           374            42690         618304         80416         30.1m  15.45 
PROF_DETECT_PF_PAYLOAD      IPv4       1            39            15808         118046         31406          1.2m  0.63  
PROF_DETECT_PF_PAYLOAD      IPv4       6             4           466848         794986        590163          2.4m  1.21  
PROF_DETECT_PF_PAYLOAD      IPv4      17           374            14782         581270         41552         15.5m  7.98  
PROF_DETECT_PF_TX           IPv4       6             6             4918         899926        197059          1.2m  0.61  
PROF_DETECT_PF_TX           IPv4      17            53            14418          77276         23134          1.2m  0.63  
PROF_DETECT_PF_SORT1        IPv4       1            30             4476          21494          5328        159.8k  0.08  
PROF_DETECT_PF_SORT1        IPv4       6             4             4844           7808          6072         24.3k  0.01  
PROF_DETECT_PF_SORT1        IPv4      17           374             4592          32780          6639          2.5m  1.28  
PROF_DETECT_PF_SORT2        IPv4       1            39             4476          41756          6190        241.4k  0.12  
PROF_DETECT_PF_SORT2        IPv4       2            14             4426           5836          5227         73.2k  0.04  
PROF_DETECT_PF_SORT2        IPv4       6            12             4462          51542         13174        158.1k  0.08  
PROF_DETECT_PF_SORT2        IPv4      17           374             4464          39350          5832          2.2m  1.12  
PROF_DETECT_NONMPMLIST      IPv4       1            39             4458          20578          5443        212.3k  0.11  
PROF_DETECT_NONMPMLIST      IPv4       2            14             4416           6140          5299         74.2k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6            12             4836           8026          5615         67.4k  0.03  
PROF_DETECT_NONMPMLIST      IPv4      17           374             4424          35612          5681          2.1m  1.09  
PROF_DETECT_ALERT           IPv4       1            39             4432          22606          5741        223.9k  0.12  
PROF_DETECT_ALERT           IPv4       2            14             4436           5408          4979         69.7k  0.04  
PROF_DETECT_ALERT           IPv4       6            12             4428          37866          7609         91.3k  0.05  
PROF_DETECT_ALERT           IPv4      17           374             4428          34040          5267          2.0m  1.01  
PROF_DETECT_CLEANUP         IPv4       1            39             4478          26770          5413        211.1k  0.11  
PROF_DETECT_CLEANUP         IPv4       2            14             4432           5566          5098         71.4k  0.04  
PROF_DETECT_CLEANUP         IPv4       6            12             4496          36294          7810         93.7k  0.05  
PROF_DETECT_CLEANUP         IPv4      17           374             4416          46658          5663          2.1m  1.09  
PROF_DETECT_GETSGH          IPv4       1            39             4460           6592          5051        197.0k  0.10  
PROF_DETECT_GETSGH          IPv4       2            14             4808           5682          5318         74.5k  0.04  
PROF_DETECT_GETSGH          IPv4       6            12             4810          21496          7493         89.9k  0.05  
PROF_DETECT_GETSGH          IPv4      17           374             4420         249402         10786          4.0m  2.07  


unified2.alert.1568631225 - (382 bytes) - download
1
2
3
4
5
6
7
8
4]yÜ<ÍåÁÀ¨8mÃ{ö<ÀP:]yÜ]yÜ<ÍEÀ¨8mÃ{ö<ÀPPÑ!POST /news HTTP/1.1
Host: storedataresback.com
User-Agent: Go-http-client/1.1
Content-Length: 74
Content-Type: application/json
Accept-Encoding: gzip

{"pid":2424,"host":"VKdwMmCAQAAgEt","type":1,"username":"H0znfbVOr3komRY"}


stats.log - (3147 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 9/16/2019 -- 10:53:47 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 579
decoder.bytes                              | Total                     | 63956
decoder.ipv4                               | Total                     | 439
decoder.ethernet                           | Total                     | 579
decoder.tcp                                | Total                     | 12
decoder.udp                                | Total                     | 374
decoder.icmpv4                             | Total                     | 39
decoder.avg_pkt_size                       | Total                     | 110
decoder.max_pkt_size                       | Total                     | 427
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 163
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 2
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 14
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 16
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 53
app_layer.tx.dns_udp                       | Total                     | 53
app_layer.flow.failed_udp                  | Total                     | 110
flow_mgr.new_pruned                        | Total                     | 90
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 158
flow_mgr.flows_notimeout                   | Total                     | 68
flow_mgr.flows_timeout                     | Total                     | 90
flow_mgr.flows_removed                     | Total                     | 90
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65378
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7121536


eve.json - (41790 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{"timestamp":"2019-09-11T14:33:53.097709+0000","flow_id":1587855949397421,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.56.109","src_port":51842,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44625,"rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:53.098287+0000","flow_id":841841604919279,"pcap_cnt":23,"event_type":"dns","src_ip":"192.168.56.109","src_port":49828,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37551,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:53.453812+0000","flow_id":1821669674052788,"pcap_cnt":39,"event_type":"dns","src_ip":"192.168.56.109","src_port":58210,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31423,"rrname":"8.2.d.2.a.8.6.8.b.e.0.4.c.9.c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:53.458816+0000","flow_id":1782222546862144,"pcap_cnt":40,"event_type":"dns","src_ip":"192.168.56.109","src_port":55365,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57516,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:53.461474+0000","flow_id":1209986874149538,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.56.109","src_port":52731,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11508,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:53.468481+0000","flow_id":1250404663895553,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.56.109","src_port":64939,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1981,"rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.088808+0000","flow_id":286856668404456,"pcap_cnt":57,"event_type":"dns","src_ip":"192.168.56.109","src_port":49828,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37551,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.088979+0000","flow_id":1182209173248915,"pcap_cnt":58,"event_type":"dns","src_ip":"192.168.56.109","src_port":51842,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44625,"rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.141556+0000","flow_id":286856668404456,"pcap_cnt":59,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":49828,"proto":"UDP","dns":{"type":"answer","id":37551,"rcode":"NXDOMAIN","rrname":"112.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:33:54.146560+0000","flow_id":1182209173248915,"pcap_cnt":63,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":51842,"proto":"UDP","dns":{"type":"answer","id":44625,"rcode":"NXDOMAIN","rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:33:54.146560+0000","flow_id":1182209173248915,"pcap_cnt":63,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":51842,"proto":"UDP","dns":{"type":"answer","id":44625,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3495}}
{"timestamp":"2019-09-11T14:33:54.447829+0000","flow_id":181793178441045,"pcap_cnt":67,"event_type":"dns","src_ip":"192.168.56.109","src_port":52731,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11508,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.447981+0000","flow_id":1543130307548653,"pcap_cnt":68,"event_type":"dns","src_ip":"192.168.56.109","src_port":55365,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57516,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.448099+0000","flow_id":444007374313059,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.56.109","src_port":58210,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31423,"rrname":"8.2.d.2.a.8.6.8.b.e.0.4.c.9.c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.463625+0000","flow_id":2089383575556873,"pcap_cnt":70,"event_type":"dns","src_ip":"192.168.56.109","src_port":64939,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1981,"rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.501240+0000","flow_id":1543130307548653,"pcap_cnt":71,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":55365,"proto":"UDP","dns":{"type":"answer","id":57516,"rcode":"NXDOMAIN","rrname":"106.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:33:54.501334+0000","flow_id":181793178441045,"pcap_cnt":72,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":52731,"proto":"UDP","dns":{"type":"answer","id":11508,"rcode":"NXDOMAIN","rrname":"102.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:33:54.505494+0000","flow_id":444007374313059,"pcap_cnt":79,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":58210,"proto":"UDP","dns":{"type":"answer","id":31423,"rcode":"NXDOMAIN","rrname":"8.2.d.2.a.8.6.8.b.e.0.4.c.9.c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:33:54.505494+0000","flow_id":444007374313059,"pcap_cnt":79,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":58210,"proto":"UDP","dns":{"type":"answer","id":31423,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3495}}
{"timestamp":"2019-09-11T14:33:54.521179+0000","flow_id":2089383575556873,"pcap_cnt":83,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":64939,"proto":"UDP","dns":{"type":"answer","id":1981,"rcode":"NXDOMAIN","rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:33:54.521179+0000","flow_id":2089383575556873,"pcap_cnt":83,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":64939,"proto":"UDP","dns":{"type":"answer","id":1981,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3495}}
{"timestamp":"2019-09-11T14:33:54.693046+0000","flow_id":1002731079897910,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.56.109","src_port":56691,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45404,"rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.693597+0000","flow_id":794592669767005,"pcap_cnt":100,"event_type":"dns","src_ip":"192.168.56.109","src_port":64113,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48634,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.696514+0000","flow_id":2033978497474754,"pcap_cnt":101,"event_type":"dns","src_ip":"192.168.56.109","src_port":63555,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23893,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.697150+0000","flow_id":1421318592570174,"pcap_cnt":102,"event_type":"dns","src_ip":"192.168.56.109","src_port":52973,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58689,"rrname":"9.c.a.0.4.3.9.f.0.7.4.2.9.1.8.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.698383+0000","flow_id":246305734699023,"pcap_cnt":103,"event_type":"dns","src_ip":"192.168.56.109","src_port":50908,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2792,"rrname":"107.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:54.746976+0000","flow_id":794592669767005,"pcap_cnt":105,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":64113,"proto":"UDP","dns":{"type":"answer","id":48634,"rcode":"NXDOMAIN","rrname":"113.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:33:54.750468+0000","flow_id":1002731079897910,"pcap_cnt":109,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":56691,"proto":"UDP","dns":{"type":"answer","id":45404,"rcode":"NXDOMAIN","rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:33:54.750468+0000","flow_id":1002731079897910,"pcap_cnt":109,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":56691,"proto":"UDP","dns":{"type":"answer","id":45404,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3494}}
{"timestamp":"2019-09-11T14:33:54.751729+0000","flow_id":246305734699023,"pcap_cnt":110,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":50908,"proto":"UDP","dns":{"type":"answer","id":2792,"rcode":"NXDOMAIN","rrname":"107.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:33:54.753297+0000","flow_id":2033978497474754,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":63555,"proto":"UDP","dns":{"type":"answer","id":23893,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","ttl":21422,"rdata":"dns.google"}}
{"timestamp":"2019-09-11T14:33:54.753737+0000","flow_id":1421318592570174,"pcap_cnt":118,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":52973,"proto":"UDP","dns":{"type":"answer","id":58689,"rcode":"NXDOMAIN","rrname":"9.c.a.0.4.3.9.f.0.7.4.2.9.1.8.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:33:54.753737+0000","flow_id":1421318592570174,"pcap_cnt":118,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":52973,"proto":"UDP","dns":{"type":"answer","id":58689,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3494}}
{"timestamp":"2019-09-11T14:33:58.969642+0000","flow_id":1529379970010026,"pcap_cnt":200,"event_type":"dns","src_ip":"192.168.56.109","src_port":49720,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33308,"rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:58.972185+0000","flow_id":631173459400089,"pcap_cnt":201,"event_type":"dns","src_ip":"192.168.56.109","src_port":59241,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34649,"rrname":"114.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.200264+0000","flow_id":1230841088249416,"pcap_cnt":202,"event_type":"dns","src_ip":"192.168.56.109","src_port":52582,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10016,"rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.202432+0000","flow_id":1359556963145408,"pcap_cnt":203,"event_type":"dns","src_ip":"192.168.56.109","src_port":65053,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58064,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.471181+0000","flow_id":1389447788048525,"pcap_cnt":204,"event_type":"dns","src_ip":"192.168.56.109","src_port":64649,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28713,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.471768+0000","flow_id":1883852210909912,"pcap_cnt":205,"event_type":"dns","src_ip":"192.168.56.109","src_port":60041,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":828,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.747948+0000","flow_id":1947449939159468,"pcap_cnt":210,"event_type":"dns","src_ip":"192.168.56.109","src_port":49851,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35524,"rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.768146+0000","flow_id":1828335463676050,"pcap_cnt":211,"event_type":"dns","src_ip":"192.168.56.109","src_port":64467,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55771,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.840049+0000","flow_id":1099245437833585,"pcap_cnt":212,"event_type":"dns","src_ip":"192.168.56.109","src_port":50644,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2629,"rrname":"b.2.b.e.d.6.1.7.4.d.7.b.c.9.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.845494+0000","flow_id":1754897965377206,"pcap_cnt":213,"event_type":"dns","src_ip":"192.168.56.109","src_port":52421,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46958,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.979823+0000","flow_id":1842622672401263,"pcap_cnt":214,"event_type":"dns","src_ip":"192.168.56.109","src_port":49720,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33308,"rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:33:59.983678+0000","flow_id":1635276683674238,"pcap_cnt":215,"event_type":"dns","src_ip":"192.168.56.109","src_port":59241,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34649,"rrname":"114.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:34:00.038996+0000","flow_id":1635276683674238,"pcap_cnt":216,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":59241,"proto":"UDP","dns":{"type":"answer","id":34649,"rcode":"NXDOMAIN","rrname":"114.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:34:00.041559+0000","flow_id":1842622672401263,"pcap_cnt":217,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":49720,"proto":"UDP","dns":{"type":"answer","id":33308,"rcode":"NXDOMAIN","rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-11T14:34:00.041559+0000","flow_id":1842622672401263,"pcap_cnt":217,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":49720,"proto":"UDP","dns":{"type":"answer","id":33308,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3481}}
{"timestamp":"2019-09-11T14:34:00.207855+0000","flow_id":1634834302118895,"pcap_cnt":218,"event_type":"dns","src_ip":"192.168.56.109","src_port":52582,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10016,"rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:34:00.210405+0000","flow_id":2021364178892261,"pcap_cnt":219,"event_type":"dns","src_ip":"192.168.56.109","src_port":65053,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58064,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-11T14:34:00.263879+0000","flow_id":2021364178892261,"pcap_cnt":220,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port":65053,"proto":"UDP","dns":{"type":"answer","id":58064,"rcode":"NXDOMAIN","rrname":"110.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-11T14:34:00.265017+0000","flow_id":1634834302118895,"pcap_cnt":221,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.109","dest_port"

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-09-16-T-10-53-47-09162019.1053-pcap_5.pcap.txt - (187 bytes) - download
1
09/11/2019-14:34:04.408781  [**] [1:2024897:1] ET USER_AGENTS Go HTTP Client User-Agent [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.109:49169 -> 195.123.246.60:80


keyword_perf.log - (8556 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:53:47
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             176686          26              26              13664           6795.00         6795.00         0.00           
  content          5019594         805             526             78356           6235.00         6064.00         6558.00        
  pcre             801908          68              0               77404           11792.00        0.00            11792.00       
  byte_test        3139002         554             364             47776           5666.00         5561.00         5867.00        
  byte_jump        128022          20              20              21060           6401.00         6401.00         0.00           
  isdataat         169636          33              0               6332            5140.00         0.00            5140.00        
  urilen           11170           2               1               5750            5585.00         5750.00         5420.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             176686          26              26              13664           6795.00         6795.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4787994         770             510             78356           6218.00         6044.00         6558.00        
  pcre             743334          66              0               77404           11262.00        0.00            11262.00       
  byte_test        3139002         554             364             47776           5666.00         5561.00         5867.00        
  byte_jump        128022          20              20              21060           6401.00         6401.00         0.00           
  isdataat         169636          33              0               6332            5140.00         0.00            5140.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23082           4               1               6176            5770.00         6020.00         5687.00        
  urilen           11170           2               1               5750            5585.00         5750.00         5420.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          58424           8               3               8238            7303.00         7524.00         7170.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11518           2               0               6308            5759.00         0.00            5759.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          87760           13              6               7844            6750.00         6639.00         6846.00        
  pcre             58574           2               0               31876           29287.00        0.00            29287.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12972           2               2               6858            6486.00         6486.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26730           4               2               7784            6682.00         7295.00         6070.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11114           2               2               5908            5557.00         5557.00         0.00           


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-09-16 10:53:19,506 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-16 10:53:20,311 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-16 10:53:20,312 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-16 10:53:20,312 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-16 10:53:20,312 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-16 10:53:20,312 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6ee9f63fc735ad6889d998918477126456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1053-pcap_5.pcap -vvv -k none
2019-09-16 10:53:47,539 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-16 10:53:47,540 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 28.0430328846