Filename: sessions.pcap
Status: Analysis complete
IDS: suricata-3.0
Ruleset: etpro-base
Runtime: 28.5596740246 seconds
Hash: 732f896d981a50fc939016c0cd7c36d1
Uploaded: 1510024073

Logfiles


packet_stats.log - (4345 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1304           170562      402963999     214435972        279.6b   99.97
 IPv4     256             2           170562       71956572      36063567         72.1m    0.03
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_RECEIVEPCAPFILE         IPv4       6          1252             2559       19219218         28473         35.6m    6.60
TMM_DECODEPCAPFILE          IPv4       6          1252             2928         232440          3754          4.7m    0.87
TMM_DETECT                  IPv4       6          1304            45120       37574058        342934        447.2m   82.82
TMM_STREAMTCP               IPv4       6          1303             2964         419595          8031         10.5m    1.94
TMM_PACKETLOGGER            IPv4       6          1304             2796        3764268         25229         32.9m    6.09
TMM_TXLOGGER                IPv4       6          1304             2586         788610          3683          4.8m    0.89
TMM_FILELOGGER              IPv4       6          1304             2676          41301          3280          4.3m    0.79
Note: TMM_STREAMTCP includes TCP app layer parsers, see below.

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4       6           288             2598          68490          4568          1.3m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_ALERTFASTLOG            IPv4       6           102            17112        3607656         86839          8.9m   34.03
TMM_ALERTUNIFIED2ALERT      IPv4       6           102            20319         192237         37299          3.8m   14.61
TMM_JSONALERTLOG            IPv4       6           102            38601        3125433        131078         13.4m   51.36

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_MPM             IPv4       6          1304             2601       19217685         30514         39.8m  9.78  
PROF_DETECT_MPM_PACKET      IPv4       6           507             2853         712155         20180         10.2m  2.51  
PROF_DETECT_MPM_PKT_STR     IPv4       6            69             2892          71370         11142        768.8k  0.19  
PROF_DETECT_MPM_STREAM      IPv4       6            22            51288         345975         99242          2.2m  0.54  
PROF_DETECT_IPONLY          IPv4       6           192             3369         412995          9965          1.9m  0.47  
PROF_DETECT_RULES           IPv4       6          1304             2517       37426965        227437        296.6m  72.89 
PROF_DETECT_STATEFUL        IPv4       6          1304             2514         788754          4044          5.3m  1.30  
PROF_DETECT_PREFILTER       IPv4       6          1304             2565         107160          3281          4.3m  1.05  
PROF_DETECT_NONMPMLIST      IPv4       6          1304             2604         774825          4530          5.9m  1.45  
PROF_DETECT_ALERT           IPv4       6          1304             2511        1211178          4826          6.3m  1.55  
PROF_DETECT_CLEANUP         IPv4       6          1304             2859         503712          4828          6.3m  1.55  
PROF_DETECT_GETSGH          IPv4       6          1304             2511       15132519         20991         27.4m  6.73  


suricata-3.0-etpro-base-alert-2017-11-07-T-03-08-22-11072017.0250-sessions.pcap.txt - (24303 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
04/14/2017-13:03:24.333664  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.27.5:49158 -> 46.4.120.155:45560
04/14/2017-04:30:57.830547  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49160 -> 46.4.120.155:45560
04/14/2017-04:30:57.830387  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:02.115178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.056559  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49159 -> 46.4.120.155:45560
04/15/2017-08:23:26.204843  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.10:49160 -> 46.4.120.155:45560
04/12/2017-21:57:48.928928  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.64.10:49159 -> 46.4.120.155:45560
04/14/2017-00:24:48.436889  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.52.10:49160 -> 46.4.120.155:45560
04/14/2017-00:12:40.056594  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.81.10:49159 -> 46.4.120.155:45560
04/16/2017-05:41:38.356871  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.72.10:49159 -> 46.4.120.155:45560
04/16/2017-09:47:10.702122  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49157 -> 46.4.120.155:45590
04/18/2017-20:53:12.775267  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.43.10:49161 -> 46.4.120.155:45590
04/19/2017-17:33:28.993930  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49160 -> 46.4.120.155:45590
04/15/2017-10:52:50.584192  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.9.5:49159 -> 46.4.120.155:45560
04/16/2017-11:35:24.246603  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49158 -> 46.4.120.155:45560
04/17/2017-16:20:33.925068  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49160 -> 46.4.120.155:45560
04/19/2017-20:10:14.657325  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 172.16.40.30:49164 -> 46.4.120.155:45560
04/19/2017-20:38:56.162271  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49159 -> 46.4.120.155:45550
04/19/2017-20:38:56.129458  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49158 -> 46.4.120.155:45560
04/21/2017-09:40:14.473758  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/20/2017-18:22:34.222194  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.10:49168 -> 46.4.120.155:45590
04/20/2017-15:53:23.575154  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49169 -> 46.4.120.155:45560
04/20/2017-18:42:33.917083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.16.5:49162 -> 46.4.120.155:45560
04/20/2017-15:53:06.648659  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.96.10:49164 -> 46.4.120.155:45590
04/20/2017-14:54:48.965435  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.102.10:49167 -> 46.4.120.155:45560
04/21/2017-19:51:00.596901  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49170 -> 46.4.120.155:45560
04/21/2017-19:50:59.951732  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.104.10:49168 -> 46.4.120.155:45590
04/21/2017-22:33:21.705114  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.18.5:49166 -> 46.4.120.155:45560
04/21/2017-23:10:25.274815  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.105.10:49161 -> 46.4.120.155:45590
04/20/2017-03:00:27.273229  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.22.5:49161 -> 46.4.120.155:45560
04/21/2017-15:53:49.638571  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49170 -> 46.4.120.155:45560
04/20/2017-20:14:21.289791  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.36.5:49163 -> 46.4.120.155:45590
04/21/2017-15:05:34.952817  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.41.5:49163 -> 46.4.120.155:45590
04/21/2017-14:43:02.755039  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49170 -> 46.4.120.155:45590
04/21/2017-15:53:49.118860  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49168 -> 46.4.120.155:45590
04/21/2017-23:51:41.725151  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2826161:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/21/2017-23:51:41.725151  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.103.10:49160 -> 46.4.120.155:45560
04/22/2017-00:01:39.798852  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49161 -> 46.4.120.155:45590
04/22/2017-00:15:42.795959  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.111.10:49167 -> 46.4.120.155:45590
04/22/2017-00:14:13.530627  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49169 -> 46.4.120.155:45560
04/22/2017-00:13:56.635897  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.57.10:49164 -> 46.4.120.155:45590
04/22/2017-00:43:42.462222  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49164 -> 46.4.120.155:45590
04/22/2017-01:04:46.298934  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.7.5:49160 -> 46.4.120.155:45560
04/21/2017-23:52:29.021216  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.65.10:49162 -> 46.4.120.155:45560
04/22/2017-00:11:18.537069  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.6.10:49166 -> 46.4.120.155:45560
04/22/2017-00:01:26.997733  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.10.5:49163 -> 46.4.120.155:45590
04/22/2017-00:06:13.318586  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.19.5:49166 -> 46.4.120.155:45590
04/21/2017-23:11:35.005729  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.17.10:49160 -> 46.4.120.155:45560
04/22/2017-01:09:06.402814  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49166 -> 46.4.120.155:45560
04/22/2017-01:09:20.659180  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.31.10:49167 -> 46.4.120.155:45590
04/22/2017-01:34:15.402168  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49165 -> 46.4.120.155:45590
04/22/2017-01:34:15.059178  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.23.10:49164 -> 46.4.120.155:45560
04/22/2017-12:50:57.092419  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49168 -> 46.4.120.155:45590
04/22/2017-12:47:43.198310  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.62.10:49164 -> 46.4.120.155:45590
04/22/2017-00:51:33.399201  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.80.10:49165 -> 46.4.120.155:45590
04/22/2017-04:53:37.518328  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.10:49165 -> 46.4.120.155:45560
04/22/2017-01:45:20.395447  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.30.10:49169 -> 46.4.120.155:45560
04/22/2017-00:44:52.260083  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.8.10:49167 -> 46.4.120.155:45590
04/22/2017-00:24:53.901010  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.14.5:49164 -> 46.4.120.155:45590
04/22/2017-03:55:19.187121  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.50.10:49161 -> 46.4.120.155:45590
04/22/2017-02:28:44.660714  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.12.5:49163 -> 46.4.120.155:45590
04/22/2017-13:11:52.844906  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49166 -> 46.4.120.155:45560
04/22/2017-13:31:47.910857  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/22/2017-12:50:10.299979  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.74.10:49167 -> 46.4.120.155:45590
04/22/2017-12:54:02.272119  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49163 -> 46.4.120.155:45560
04/22/2017-12:52:31.566789  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49164 -> 46.4.120.155:45590
04/22/2017-12:52:33.851737  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.91.10:49165 -> 46.4.120.155:45560
04/22/2017-12:54:17.586597  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.67.10:49168 -> 46.4.120.155:45590
04/23/2017-02:29:55.766693  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.95.10:49164 -> 46.4.120.155:45560
04/23/2017-04:31:24.826962  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2825959:2] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-13 3) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-04:31:24.826962  [**] [1:2828184:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.5:49163 -> 46.4.120.155:45590
04/23/2017-02:32:07.460265  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49166 -> 46.4.120.155:45560
04/23/2017-02:32:28.755965  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.4.10:49169 -> 46.4.120.155:45590
04/22/2017-13:32:29.055687  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.5:49166 -> 46.4.120.155:45590
04/23/2017-03:04:15.009826  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.3.5:49164 -> 46.4.120.155:45560
04/23/2017-01:42:19.240994  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.5.5:49166 -> 46.4.120.155:45560
04/23/2017-05:23:05.324608  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.87.10:49162 -> 46.4.120.155:45560
04/23/2017-01:02:14.728388  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.11.10:49162 -> 46.4.120.155:45560
04/23/2017-01:50:33.493899  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.1.5:49163 -> 46.4.120.155:45590
04/23/2017-06:06:17.290900  [**] [1:2022886:3] ET POLICY Crypto Coin Miner Login [**] [Classification: A Network Trojan was 

This file has been truncated. Go here to download in full.


stats.log - (1647 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
-------------------------------------------------------------------
Date: 11/7/2017 -- 03:08:22 (uptime: 0d, 00h 00m 01s)
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
decoder.pkts              | Total                     | 1252
decoder.bytes             | Total                     | 171188
decoder.ipv4              | Total                     | 1252
decoder.ethernet          | Total                     | 1252
decoder.tcp               | Total                     | 1252
decoder.avg_pkt_size      | Total                     | 136
decoder.max_pkt_size      | Total                     | 418
tcp.sessions              | Total                     | 96
tcp.pseudo                | Total                     | 1
tcp.syn                   | Total                     | 100
tcp.synack                | Total                     | 100
tcp.rst                   | Total                     | 1
detect.alert              | Total                     | 120
detect.mpm_list           | Total                     | 3
detect.nonmpm_list        | Total                     | 15
detect.fnonmpm_list       | Total                     | 3
detect.match_list         | Total                     | 7
flow_mgr.closed_pruned    | Total                     | 1
flow.spare                | Total                     | 10000
tcp.memuse                | Total                     | 393216
tcp.reassembly_memuse     | Total                     | 12320544
flow.memuse               | Total                     | 7101952


eve.json - (45358 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2017-04-14T13:03:24.333664+0000","flow_id":39250752,"pcap_cnt":4,"event_type":"alert","src_ip":"192.168.27.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830547+0000","flow_id":39251056,"pcap_cnt":26,"event_type":"alert","src_ip":"192.168.22.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T04:30:57.830387+0000","flow_id":39251360,"pcap_cnt":35,"event_type":"alert","src_ip":"192.168.22.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:02.115178+0000","flow_id":39252272,"pcap_cnt":66,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":39252272,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.056559+0000","flow_id":39252272,"pcap_cnt":70,"event_type":"alert","src_ip":"192.168.2.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T08:23:26.204843+0000","flow_id":39252576,"pcap_cnt":74,"event_type":"alert","src_ip":"192.168.2.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-12T21:57:48.928928+0000","flow_id":39252880,"pcap_cnt":87,"event_type":"alert","src_ip":"192.168.64.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T00:24:48.436889+0000","flow_id":39251968,"pcap_cnt":122,"event_type":"alert","src_ip":"192.168.52.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-14T00:12:40.056594+0000","flow_id":39253488,"pcap_cnt":131,"event_type":"alert","src_ip":"192.168.81.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T05:41:38.356871+0000","flow_id":39253792,"pcap_cnt":145,"event_type":"alert","src_ip":"192.168.72.10","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T09:47:10.702122+0000","flow_id":39254096,"pcap_cnt":158,"event_type":"alert","src_ip":"192.168.2.5","src_port":49157,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-18T20:53:12.775267+0000","flow_id":39254704,"pcap_cnt":191,"event_type":"alert","src_ip":"192.168.43.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T17:33:28.993930+0000","flow_id":39255008,"pcap_cnt":200,"event_type":"alert","src_ip":"192.168.11.5","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-15T10:52:50.584192+0000","flow_id":39255616,"pcap_cnt":222,"event_type":"alert","src_ip":"192.168.9.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-16T11:35:24.246603+0000","flow_id":39255920,"pcap_cnt":235,"event_type":"alert","src_ip":"192.168.22.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-17T16:20:33.925068+0000","flow_id":39256528,"pcap_cnt":267,"event_type":"alert","src_ip":"192.168.65.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:10:14.657325+0000","flow_id":39257136,"pcap_cnt":298,"event_type":"alert","src_ip":"172.16.40.30","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.162271+0000","flow_id":39257440,"pcap_cnt":319,"event_type":"alert","src_ip":"192.168.12.5","src_port":49159,"dest_ip":"46.4.120.155","dest_port":45550,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-19T20:38:56.129458+0000","flow_id":39257744,"pcap_cnt":347,"event_type":"alert","src_ip":"192.168.12.5","src_port":49158,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T09:40:14.473758+0000","flow_id":39258048,"pcap_cnt":362,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:22:34.222194+0000","flow_id":39258352,"pcap_cnt":371,"event_type":"alert","src_ip":"192.168.1.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:23.575154+0000","flow_id":39259264,"pcap_cnt":407,"event_type":"alert","src_ip":"192.168.96.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T18:42:33.917083+0000","flow_id":39259568,"pcap_cnt":418,"event_type":"alert","src_ip":"192.168.16.5","src_port":49162,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T15:53:06.648659+0000","flow_id":39259872,"pcap_cnt":429,"event_type":"alert","src_ip":"192.168.96.10","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T14:54:48.965435+0000","flow_id":39260176,"pcap_cnt":440,"event_type":"alert","src_ip":"192.168.102.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:51:00.596901+0000","flow_id":39260480,"pcap_cnt":453,"event_type":"alert","src_ip":"192.168.104.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T19:50:59.951732+0000","flow_id":39260784,"pcap_cnt":460,"event_type":"alert","src_ip":"192.168.104.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T22:33:21.705114+0000","flow_id":39261088,"pcap_cnt":472,"event_type":"alert","src_ip":"192.168.18.5","src_port":49166,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:10:25.274815+0000","flow_id":39261392,"pcap_cnt":485,"event_type":"alert","src_ip":"192.168.105.10","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T03:00:27.273229+0000","flow_id":39261696,"pcap_cnt":498,"event_type":"alert","src_ip":"192.168.22.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.638571+0000","flow_id":39262000,"pcap_cnt":509,"event_type":"alert","src_ip":"192.168.62.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-20T20:14:21.289791+0000","flow_id":39262304,"pcap_cnt":516,"event_type":"alert","src_ip":"192.168.36.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:05:34.952817+0000","flow_id":39262608,"pcap_cnt":529,"event_type":"alert","src_ip":"192.168.41.5","src_port":49163,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T14:43:02.755039+0000","flow_id":39262912,"pcap_cnt":548,"event_type":"alert","src_ip":"192.168.31.10","src_port":49170,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T15:53:49.118860+0000","flow_id":39263216,"pcap_cnt":559,"event_type":"alert","src_ip":"192.168.62.10","src_port":49168,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":39258048,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":39258048,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2826161,"rev":2,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-21T23:51:41.725151+0000","flow_id":39258048,"pcap_cnt":572,"event_type":"alert","src_ip":"192.168.103.10","src_port":49160,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2828184,"rev":1,"signature":"ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-10-06 11)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:01:39.798852+0000","flow_id":39263520,"pcap_cnt":581,"event_type":"alert","src_ip":"192.168.3.5","src_port":49161,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:15:42.795959+0000","flow_id":39263824,"pcap_cnt":594,"event_type":"alert","src_ip":"192.168.111.10","src_port":49167,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:14:13.530627+0000","flow_id":39264128,"pcap_cnt":601,"event_type":"alert","src_ip":"192.168.57.10","src_port":49169,"dest_ip":"46.4.120.155","dest_port":45560,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:13:56.635897+0000","flow_id":39264432,"pcap_cnt":608,"event_type":"alert","src_ip":"192.168.57.10","src_port":49164,"dest_ip":"46.4.120.155","dest_port":45590,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022886,"rev":3,"signature":"ET POLICY Crypto Coin Miner Login","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-04-22T00:43:42.462222+0000","flow_id":39264736,"pcap_cnt":624,"event_type":"alert","src_ip":"192.168.30.10","src_port":49164,"dest_ip":"46.4.120.155","des

This file has been truncated. Go here to download in full.


unified2.alert.1510024101 - (42008 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
4XðȜ`ÝæÀ¨.x›À±øËXðȜXðȜ`¯‚Ò<±ôOI"3'E¡+@€wßÀ¨.x›À±øÈñfߙînPý\U{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP¬SÝæÀ¨
.x›À±øÈXðPXðP¬S¬Æ([ÿì¯/ Ež@€|îÀ¨
.x›À±ø H±÷Â`AkPúð™è{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XðP«³ÝæÀ¨
.x›À±øÈXðPXðP«³¬Æ([ÿì¯/ Ež@€|ðÀ¨
.x›À±ø&¼nÕMqˆ
PÞC{"method": "login", "params": {"login": "smenov1999@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØfÁêÝæÀ¨
.x›À±øÒXñØfXñØfÁê¶Z5á?qY/ E¨@€êÀ¨
.x›À±øäO6hèzPúð¶[{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ÜïÝæÀ¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~Üï+'˜À¨
.x›À±øÒXñØ~XñØ~Üï¶E¨PÿÀ¨
.x›À±øPÇ&{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XñØ~ +ÝæÀ¨
.x›À±øÒXñØ~XñØ~ +¶Z5á?qY/ E¨@€åÀ¨
.x›À±ø̈x,tB5PË{"method": "login", "params": {"login": "ebrahim.mo.wahba@foc.cu.edu.eg", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xî¢Ü, ÝæÀ¨@
.x›À±øÃXî¢ÜXî¢Ü, §&ÙÏÆТ/ @E™@€R÷À¨@
.x›À±øE‹nF*G~.P–‚{"method": "login", "params": {"login": "klliptoman@bk.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4	XðЪ™+'˜À¨4
.x›À±øÒ	XðÐXðЪ™¶¶ÐòÚ¤r/ 4E¨@€^àÀ¨4
.x›À±ø¾UC!»•²Púð™Õ{"id":"1","jsonrpc":"2.0","method":"login","params":{"agent":"MinerGateWin32-cli/4.04","login":"jungl3s@yandex.ru","pass":""}}

4
XðøÝÝæÀ¨Q
.x›À±øÊ
XðøXðøÝ®R
QÅÕ/ QE @€AðÀ¨Q
.x›À±øÉÄIœŠ¶žšPúðm«{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-opt/3.4.12"}, "id": 1}
4XórÝæÀ¨H
.x›À±øÉXóXór­v‚´Å/ HEŸ@€JñÀ¨H
.x›À±ø#tÄmŒPúð°Œ{"method": "login", "params": {"login": "lemoh4uk.sa@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4Xó=ž
¶ªÝæÀ¨.x›À²ÉXó=žXó=ž
¶ª­>x]°ÁOI"3EŸE@€ÇÀ¨.x›À²¸‰¡oÄPø~{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4
Xö|¸ÔcÝæÀ¨+
.x›À	²É
Xö|¸Xö|¸Ôc­R({#@/ +EŸ@€gìÀ¨+
.x›À	²a­LËÕñ{%Pò{"method": "login", "params": {"login": "mr.monstercat1@mail.ru", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Ÿh*ŠÝæÀ¨.x›À²ÂX÷ŸhX÷Ÿh*Š¦rY}‘I¸OI"3E˜=À@€JSÀ¨.x›À²¯‘­%äj—·P½ø{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xñû‚êÝæÀ¨	.x›À±øÍXñû‚Xñû‚ê±JTlҕdOI"3	E£
¹@€OÀ¨	.x›À±øО{	\ËòUPý\$ª{"method": "login", "params": {"login": "sapunkov789@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.2-dev"}, "id": 1}
4XóVüÃKÝæÀ¨.x›À±øÈXóVüXóVüÃK¬Úûg¬´NOI"3"Ežs@€|šÀ¨.x›À±øê`ü=>m´Pý\u{"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XôëQŒÝæÀ¨A
.x›À±øÂXôëQXôëQŒ¦béy†Ä/ AE˜!P@€0¾À¨A
.x›À±øÙxbœroú+PúðØ]{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xր&
­Ýæ¬(.x›À±øÈX÷Ä&X÷Ä&
­¬ÄzÜ
ÄzÌÂEžA9@€>S¬(.x›À±ø°ûª‘­SŐP¬{"method": "login", "params": {"login": "mr.styler92@gmail.com", "pass": "", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷ÊàyßÝæÀ¨.x›À±îÌX÷ÊàX÷Êàyß°¢(sQWhOI"3E¢G@€†ÂÀ¨.x›À±îFèiÿý˜Í“PÖ?{"method": "login", "params": {"login": "juliano_ps10@hotmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4X÷Êàù²ÝæÀ¨.x›À±øÌX÷ÊàX÷Êàù²°¢(sQWhOI"3E¢E@€†ÄÀ¨.x›À±øé.^‘'P„Pï{"method": "login", "params": {"login": "wormsystemhack@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XùÓ~:žÝæÀ¨g
.x›À±øËXùÓ~XùÓ~:ž¯Ž›þ-^/ gE¡@€+ìÀ¨g
.x›À±øfÙ7½%Ù¦Pþp{"method": "login", "params": {"login": "mertcanerkale@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøüjcòÝæÀ¨
.x›À²ÂXøüjXøüjcò¦v>Rn"/ E˜&#@€këÀ¨
.x›À²
@FVßVPí:{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4XøÙsƲÝæÀ¨`
.x›À±øÂXøÙsXøÙsƲ¦þ¬~ +/ `E˜1v@€˜À¨`
.x›À±øøIbÏØP…N{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xù
þ[ÝæÀ¨.x›À
±øÈXùXù
þ[¬æªJóOI"3Ežñ@€zÀ¨.x›À
±øú¯ãÛb½,Pñ {"method": "login", "params": {"login": "vasrashpil@gmail.com", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4XøÙb	åÓÝæÀ¨`
.x›À²ÂXøÙbXøÙb	åÓ¦þ¬~ +/ `E˜1e@€©À¨`
.x›À²ŒÐ5IyTXªP­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø˸»;ÝæÀ¨f
.x›À±øÂXø˸Xø˸»;¦Bd`ś£/ fE˜.4@€þÙÀ¨f
.x›À±øYm}gFǾePúð€{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb¤	¥ÝæÀ¨h
.x›À±øÂXúb¤Xúb¤	¥¦¶°Wˌ/ hE˜$@€ðÀ¨h
.x›À±ø鿾6˜èðP"x{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xúb£…´ÝæÀ¨h
.x›À²ÂXúb£Xúb£…´¦¶°Wˌ/ hE˜$@€õÀ¨h
.x›À²‚Õ<†U©PÁî{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xúˆ±
ÂZÝæÀ¨.x›À±øÂXúˆ±Xúˆ±
ÂZ¦’ŸÛgOI"3E˜<ð@€D#À¨.x›À±øÛ£¶IÏXhPk{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4Xú‘a1ÝæÀ¨i
.x›À	²ÂXú‘aXú‘a1¦æ:nZ%/ iE˜4Q@€õ¼À¨i
.x›À	²•ëö/¶œPPàÄ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4Xø$K+MÝæÀ¨.x›À	±øÂXø$KXø$K+M¦–@|m‘OI"3"E˜@@€=À¨.x›À	±øŸÂÔW–9b%Pý\=-{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4 Xú+
	¾kÝæÀ¨>
.x›À±ø Xú+
Xú+
	¾k¦ŽúPÚh/ >E˜/Ñ@€%=À¨>
.x›À±øΛ‰0ÓEÏÔPƒ{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4!XùkÿÝæÀ¨$.x›À²Â!XùXùkÿ¦_é!‰OI"36E˜<\@€2·À¨$.x›À²¦ÒÍñ…í-P&;{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4"Xú¾‰ñÝæÀ¨).x›À²Â"Xú¾Xú¾‰ñ¦^#½dOI"3AE˜<ù@€-À¨).x›À²dƒ…Öÿ…ìP2M{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4#Xúv…_ÝæÀ¨
.x›À²Â#XúvXúv…_¦F©#˜/ E˜*©@€IeÀ¨
.x›À²¡¡‡aýÔP)’{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4$Xú+
ÐLÝæÀ¨>
.x›À²Â$Xú+
Xú+
ÐL¦ŽúPÚh/ >E˜/Ë@€%CÀ¨>
.x›À²ÍúŒÀ›Š<PPâ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4%Xú›
ŸÝæÀ¨g
.x›À±øÈ%Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4&Xú›
Ÿ+±À¨g
.x›À±øÈ&Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4'Xú›
Ÿ+'˜À¨g
.x›À±øÈ'Xú›
Xú›
Ÿ¬Ž›þ-^/ gEž@€+ïÀ¨g
.x›À±ø´1³Ü¥óP‹€{"method": "login", "params": {"login": "HoffmannSV@yandex.ru", "pass": "x", "agent": "cpuminer-multi/0.1"}, "id": 1}
4(Xúc0„ÝæÀ¨.x›À	²Â(XúcXúc0„¦â¹K„!LOI"3E˜>@€RÀ¨.x›À	²‹.H÷>½PpØ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4)Xú ®%7ÝæÀ¨o
.x›À²Â)Xú ®Xú ®%7¦ÞC&Hù/ oE˜!œ@€rÀ¨o
.x›À²T¤+‡Ð–À”P!q{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4*Xú UÃÝæÀ¨9
.x›À±øÂ*Xú UXú Uæ^W§	:Ó/ 9E˜2@€'qÀ¨9
.x›À±øã·éJPó_P»C{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4+Xú D	³ùÝæÀ¨9
.x›À²Â+Xú DXú D	³ù¦^W§	:Ó/ 9E˜2Š@€'„À¨9
.x›À² +›úÞ­‡Pa?{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4,Xú§>
ŽÝæÀ¨
.x›À²Â,Xú§>Xú§>
Ž¦>D¬êŸ/ E˜0(@€DæÀ¨
.x›À²ÂÐq\×è½P«¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4-Xú¬.¶ÝæÀ¨.x›À±øÆ-Xú¬.Xú¬.¶ª"&Õ05OI"3Eœ
“@€~|À¨.x›À±øhÛ±!šúÚPRO{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4.Xú›=RàÝæÀ¨A
.x›À
±øÆ.Xú›=Xú›=Ràª^̂nŒE/ AEœb@€J¨À¨A
.x›À
±øé,’ÓýîµPuS{"method": "login", "params": {"login": "mark48ld@gmail.com", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
4/XúŸ¦1íÝæÀ¨
.x›À±øÂ/XúŸ¦XúŸ¦1í¦Fe×Ƚ¿/ E˜/+@€]ãÀ¨
.x›À±ød:ÅôÙÊ3P͜{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
40XúV9eÝæÀ¨
.x›À²Â0XúVXúV9e¦¶pœó¢>OI"3E˜>Ö@€J=À¨
.x›À²¡χ\T?P­²{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
41XúžuÜzÝæÀ¨.x›À²Â1XúžuXúžuÜz¦¢c^aMOI"3E˜=†@€BÀ¨.x›À²"R²[{1‚ÒP¼{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
42Xú‘§aÝæÀ¨
.x›À±øÍ2Xú‘§Xú‘§a±ºBƒÌ®/ E£
1@€wÒÀ¨
.x›À±ø áœ]œ\EPúð™{"method": "login", "params": {"login": "pash.alexandrov@yandex.ru", "pass": "x", "agent": "cpuminer-multi/1.1"}, "id": 1}
43Xú­2%~ÝæÀ¨
.x›À±øÂ3Xú­2Xú­2%~¦ò=¯/ E˜.Ý@€E1À¨
.x›À±øŒ[¢ò9¦P{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
44Xú­@
ìÝæÀ¨
.x›À²Â4Xú­@Xú­@
ì¦ò=¯/ E˜.å@€E)À¨
.x›À²;'¦ uî£P¿Í{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
45Xú³"øÝæÀ¨
.x›À
²Â5Xú³Xú³"ø¦ºœw°/ E˜@€]	À¨
.x›À
²Vo:]QÓåPðé{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
46Xú³ç*ÝæÀ¨
.x›À±øÂ6Xú³Xú³ç*¦ºœw°/ E˜@€]À¨
.x›À±ø|¤¨ÊÚèH>P\e{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
47XûQ±iÝæÀ¨[
.x›À²Â7XûQ±XûQ±i¦BßÕU/ [E˜.Ø@€	6À¨[
.x›À²½{‹KLðÂPõð{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
48XûPï¦ÝæÀ¨>
.x›À²Â8XûPïXûP簾š/À^/ >E˜6T@€ºÀ¨>
.x›À²;6U}¹Pë{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
49Xú©aÝæÀ¨P
.x›À
²Â9Xú©Xú©a¦ªCgÁC/ PE˜7(@€æÀ¨P
.x›À
²ĺòôdPq³{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4:XúáÑè¸ÝæÀ¨
.x›À
±øÂ:XúáÑXúáÑ踦夓V/ E˜%G@€_ÇÀ¨
.x›À
±ø1NûXkwkÁPª{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4;Xúµ°·ÝæÀ¨
.x›À±øÂ;Xúµ°Xúµ°·¦&ÓDL¯0/ E˜2(@€BæÀ¨
.x›À±ø-UÑê¶îßPÆ	{"method": "login", "params": {"login": "roman@kosoj.ru", "pass": "x", "agent": "cpuminer-opt/3.6.1"}, "id": 1}
4<Xú§„÷óÝæÀ¨
.x›À²Â<Xú§„Xú§„÷ó¦Êá‰V/ E˜5e@€U©À¨
.x›À²«?Œl€§.ÄP²°{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4=Xú¢Õ
¿’ÝæÀ¨.x›À²Â=Xú¢ÕXú¢Õ
¿’¦ïì\D”OI"3E˜=ç@€G,À¨.x›À²Ñ3 [¥¤Pғ{"method": "login", "params": {"login": "skifs8@mail.ru", "pass": "x", "agent": "cpuminer-multi/1.3"}, "id": 1}
4>XúÔ'ÚñÝæÀ¨2
.x›À	²Â>XúÔ'XúÔ'Úñ¦VUA»‡/ 2E˜0§@€0gÀ¨2
.x›À	²ǛFÂM¤ÍPF.{"method": "login", "param

This file has been truncated. Go here to download in full.


suricata-3.0-etpro-base-perf.txt-2017-11-07-T-03-08-22-11072017.0250-sessions.pcap.txt - (34751 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:08:22
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2828101      1        1        13512999     5.23   15       0        12743211    900866.60   0.00        900866.60  
  2        2825604      1        1        12416175     4.80   15       0        11243967    827745.00   0.00        827745.00  
  3        2822627      1        1        2018367      0.78   15       0        1320519     134557.80   0.00        134557.80  
  4        2822773      1        1        1359288      0.53   15       0        427692      90619.20    0.00        90619.20   
  5        2825076      1        1        1341672      0.52   15       0        525984      89444.80    0.00        89444.80   
  6        2828172      1        1        1316688      0.51   15       0        431121      87779.20    0.00        87779.20   
  7        2827526      1        1        1258776      0.49   15       0        455652      83918.40    0.00        83918.40   
  8        2827502      1        2        1253694      0.49   15       0        429768      83579.60    0.00        83579.60   
  9        2824197      1        1        1239354      0.48   15       0        426252      82623.60    0.00        82623.60   
  10       2823752      1        1        1234446      0.48   15       0        428496      82296.40    0.00        82296.40   
  11       2827783      1        1        1224465      0.47   15       0        457068      81631.00    0.00        81631.00   
  12       2827870      1        1        1207575      0.47   15       0        448971      80505.00    0.00        80505.00   
  13       2822606      1        3        1206741      0.47   15       0        429762      80449.40    0.00        80449.40   
  14       2825276      1        1        1202001      0.47   15       0        420498      80133.40    0.00        80133.40   
  15       2828013      1        1        1200702      0.46   15       0        430959      80046.80    0.00        80046.80   
  16       2827938      1        1        1199193      0.46   15       0        432159      79946.20    0.00        79946.20   
  17       2824574      1        2        1197885      0.46   15       0        424740      79859.00    0.00        79859.00   
  18       2826163      1        2        1190520      0.46   15       0        439863      79368.00    0.00        79368.00   
  19       2827792      1        1        1189488      0.46   15       0        438660      79299.20    0.00        79299.20   
  20       2826446      1        2        1184544      0.46   15       0        421728      78969.60    0.00        78969.60   
  21       2827041      1        1        1179075      0.46   15       0        421647      78605.00    0.00        78605.00   
  22       2827361      1        2        1175031      0.45   15       0        428121      78335.40    0.00        78335.40   
  23       2826830      1        1        1174293      0.45   15       0        422967      78286.20    0.00        78286.20   
  24       2828180      1        1        1173036      0.45   15       0        433650      78202.40    0.00        78202.40   
  25       2823101      1        1        1166532      0.45   15       0        425100      77768.80    0.00        77768.80   
  26       2828032      1        2        1163601      0.45   15       0        431283      77573.40    0.00        77573.40   
  27       2827654      1        1        1161987      0.45   15       0        434904      77465.80    0.00        77465.80   
  28       2824817      1        1        1156650      0.45   15       0        455217      77110.00    0.00        77110.00   
  29       2827878      1        1        1156131      0.45   15       0        427920      77075.40    0.00        77075.40   
  30       2827179      1        1        1151313      0.45   15       0        421806      76754.20    0.00        76754.20   
  31       2826930      1        2        1032189      0.40   15       0        224412      68812.60    0.00        68812.60   
  32       2822604      1        3        1030581      0.40   15       1        127959      68705.40    46395.00    70299.00   
  33       2827397      1        2        945918       0.37   15       0        162546      63061.20    0.00        63061.20   
  34       2826501      1        2        944691       0.37   15       0        102096      62979.40    0.00        62979.40   
  35       2825958      1        2        943287       0.37   15       0        119841      62885.80    0.00        62885.80   
  36       2827174      1        1        941535       0.36   15       0        112593      62769.00    0.00        62769.00   
  37       2824090      1        1        934221       0.36   15       0        113601      62281.40    0.00        62281.40   
  38       2827525      1        1        924789       0.36   15       0        112830      61652.60    0.00        61652.60   
  39       2826346      1        3        924216       0.36   15       0        103242      61614.40    0.00        61614.40   
  40       2827437      1        2        922263       0.36   15       0        129411      61484.20    0.00        61484.20   
  41       2825497      1        2        919323       0.36   15       0        85899       61288.20    0.00        61288.20   
  42       2825827      1        1        915249       0.35   15       0        115290      61016.60    0.00        61016.60   
  43       2827178      1        1        913590       0.35   15       0        110694      60906.00    0.00        60906.00   
  44       2827781      1        1        912891       0.35   15       0        103164      60859.40    0.00        60859.40   
  45       2823023      1        1        903711       0.35   15       0        85713       60247.40    0.00        60247.40   
  46       2827520      1        2        899160       0.35   15       0        89340       59944.00    0.00        59944.00   
  47       2827786      1        1        898524       0.35   15       0        112875      59901.60    0.00        59901.60   
  48       2824196      1        1        896868       0.35   15       0        114924      59791.20    0.00        59791.20   
  49       2822759      1        1        895485       0.35   15       0        109161      59699.00    0.00        59699.00   
  50       2824643      1        1        894600       0.35   15       0        155955      59640.00    0.00        59640.00   
  51       2823230      1        1        894414       0.35   15       0        142359      59627.60    0.00        59627.60   
  52       2822774      1        1        894144       0.35   15       0        112155      59609.60    0.00        59609.60   
  53       2827398      1        2        892737       0.35   15       0        163584      59515.80    0.00        59515.80   
  54       2824619      1        1        892602       0.35   15       0        106410      59506.80    0.00        59506.80   
  55       2823474      1        1        892431       0.35   15       0        95538       59495.40    0.00        59495.40   
  56       2827435      1        2        890838       0.34   15       0        96516       59389.20    0.00        59389.20   
  57       2828105      1        1        889410       0.34   15       0        155844      59294.00    0.00        59294.00   
  58       2822814      1        1        884463       0.34   15       0        115740      58964.20    0.00        58964.20   
  59       2824112      1        1        882273       0.34   15       0        109770      58818.20    0.00        58818.20   
  60       2827232      1        2        881583       0.34   15       0        107412      58772.20    0.00        58772.20   
  61       2826162      1        2        881487       0.34   15       0        113400      58765.80    0.00        58765.80   
  62       2827233      1        2        880815       0.34   15       0        100335      58721.00    0.00        58721.00   
  63       2823097      1        1        880590       0.34   15       0        112476      58706.00    0.00        58706.00   
  64       2826164      1        2        878439       0.34   15       0        109704      58562.60    0.00        58562.60   
  65       2824250      1        1        877308       0.34   15       0        108030      58487.20    0.00        58487.20   
  66       2827789      1        1        876819       0.34   15       0        172797      58454.60    0.00        58454.60   
  67       2827043      1        1        876486       0.34   15       0        134418      58432.40    0.00        58432.40   
  68       2827500      1        2        875331       0.34   15       0        114345      58355.40    0.00        58355.40   
  69       2827530      1        1        873252       0.34   15       0        98757       58216.80    0.00        58216.80   
  70       2824719      1        1        871875       0.34   15       0        83187       58125.00    0.00        58125.00   
  71       2825602      1        1        871260       0.34   15       0        100551      58084.00    0.00        58084.00   
  72       2826831      1        1        871230       0.34   15       0        136953      58082.00    0.00        58082.00   
  73       2828034      1        2        869787       0.34   15       0        93933       57985.80    0.00        57985.80   
  74       2822624      1        1        868272       0.34   15       0        102576      57884.80    0.00        57884.80   
  75       2828014      1        1        867759       0.34   15       0        117666      57850.60    0.00        57850.60   
  76       2824688      1        1        866523       0.34   15       0        103884      57768.20    0.00        57768.20   
  77       2828011      1        1        863418       0.33   15       0        104484      57561.20    0.00        57561.20   
  78       2826161      1        2        860115       0.33   15       1        99144       57341.00    60123.00    57142.29   
  79       2823996      1        1        859788       0.33   15       0        84054       57319.20    0.00        57319.20   
  80       2827237      1        2        858660       0.33   15       0        98832       57244.00    0.00        57244.00   
  81       2827866      1        1        858564       0.33   15       0        86394       57237.60    0.00        57237.60   
  82       2825705      1        3        856428       0.33   15       0        90207       57095.20    0.00        57095.20   
  83       2827521      1        2        854982       0.33   15       0        102663      56998.80    0.00        56998.80   
  84       2823324      1        1        854895       0.33   15       0        98898       56993.00    0.00        56993.00   
  85       2825605      1        1        854460       0.33   15       0        131529      56964.00    0.00        56964.00   
  86       2825210      1        1        854160       0.33   15       0        115836      56944.00    0.00        56944.00   
  87       2827522      1        1        853308       0.33   15       0        84270       56887.20    0.00        56887.20   
  88       2827042      1        1        853227       0.33   15       0        137844      56881.80    0.00        56881.80   
  89       2825672      1        2        852402       0.33   15       1        99327       56826.80    44022.00    57741.43   
  90       2822607      1        3        848037       0.33   15       0        93834       56535.80    0.00        56535.80   
  91       2824912      1        1        847956       0.33   15       0        116628      56530.40    0.00        56530.40   
  92       2827038      1        1        847575       0.33   15       0        83433       56505.00    0.00        56505.00   
  93       2828020      1        1        847203       0.33   15       0        84702       56480.20    0.00        56480.20   
  94       2828103      1        1        846189       0.33   15       0        91272       56412.60    0.00        56412.60   
  95       2822625      1        1        845028       0.33   15       0        95847       56335.20    0.00        56335.20   
  96       2825495      1        2        844797       0.33   15       0        89091       56319.80    0.00        56319.80   
  97       2827871      1        1        844476       0.33   15       0        135774      56298.40    0.00        56298.40   
  98       2825606      1        1        844392       0.33   15       0        83856       56292.80    0.00        56292.80   
  99       2822818      1        1        844239       0.33   15       0        130278      56282.60    0.00        56282.60   
  100      2827940      1        1        842889       0.33   15       0        94602       56192.60    0.00        56192.60   
  101      2825212      1        1        842595       0.33   15       0        85977       56173.00    0.00        56173.00   
  102      2827436      1        2        842196       0.33   15       0        103905      56146.40    0.00        56146.40   
  103      2822605      1        3        842061       0.33   15       0        100371      56137.40    0.00        56137.40   
  104      2826765      1        1        841602       0.33   15       0        90957       56106.80    0.00        56106.80   
  105      2827655      1        1        841428       0.33   15       0        101133      56095.20    0.00        56095.20   
  106      2828104      1        1        840660       0.33   15       0        99495       56044.00    0.00        56044.00   
  107      2827360      1        2        840330       0.33   15       0        84555       56022.00    0.00        56022.00   
  108      2824285      1        1        839535       0.32   15       0        88938       55969.00    0.00        55969.00   
  109      2828173      1        1        839328       0.32   15       0        83847       55955.20    0.00        55955.20   
  110      2824571      1        2        838821       0.32   15       0        101040      55921.40    0.00        55921.40   
  111      2824573      1        2        838785       0.32   15       0        84747       55919.00    0.00        55919.00   
  112      2824366      1        1        838407       0.32   15       0        87723       55893.80    0.00        55893.80   
  113      2827931      1        1        838272       0.32   15       0        117501      55884.80    0.00        55884.80   
  114      2825213      1        1        837846       0.32   15       0        83514       55856.40    0.00        55856.40   
  115      2825075      1        1        837780       0.32   15       0        85140       55852.00    0.00        55852.00   
  116      2826763      1        1        837033       0.32   15       0        84039       55802.20    0.00        55802.20   
  117      2827682      1        2        836763       0.32   15       0        102474      55784.20    0.00        55784.20   
  118      2828015      1        1        836484       0.32   15       0        102963      55765.60    0.00        55765.60   
  119      2826165      1        2        836196       0.32   15       0        83310       55746.40    0.00        55746.40   
  120      2823604      1        1        835269       0.32   15       0        85632       55684.60    0.00        55684.60   
  121      2822916      1        1        834681       0.32   15       0        93648       55645.40    0.00        55645.40   
  122      2827176      1        1        834357       0.32   15       0        85251       55623.80    0.00        55623.80   
  123      2827037      1        1        832302       0.32   15       0        88182       55486.80    0.00        55486.80   
  124      2828102      1        1        831756       0.32   15       0        84162       55450.40    0.00        55450.40   
  125      2827937      1        1        831222       0.32   15  

This file has been truncated. Go here to download in full.


keyword_perf.log - (2597 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/7/2017 -- 03:08:22
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          63607341        13679           10928           11182548        4649.00         5086.00         2915.00        
  pcre             69817638        10441           3427            12655974        6686.00         5078.00         7472.00        
  flow             810171          120             120             397413          6751.00         6751.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             810171          120             120             397413          6751.00         6751.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          63607341        13679           10928           11182548        4649.00         5086.00         2915.00        
  pcre             69817638        10441           3427            12655974        6686.00         5078.00         7472.00        


suricata-report-2017-11-07-T-03-08-22-11072017.0250-sessions.pcap.txt - (11491 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
lastcmd:ulimit -c unlimited; /opt/suricata30/bin/suricata -c /opt/suricata30/etc/etpro/suricata30-etpro-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d135db2cd89379e8568daa8f0277aae4f4 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
elapsedtime:26.643499
stderr:
stdout:
7/11/2017 -- 03:07:55 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
7/11/2017 -- 03:07:55 - <Notice> - This is Suricata version 3.0 RELEASE
7/11/2017 -- 03:07:55 - <Info> - CPUs/cores online: 1
7/11/2017 -- 03:07:55 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
7/11/2017 -- 03:07:55 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
7/11/2017 -- 03:07:55 - <Info> - DNS request flood protection level: 500
7/11/2017 -- 03:07:55 - <Info> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 03:07:55 - <Info> - DNS global memcap: 16777216
7/11/2017 -- 03:07:55 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 defrag trackers of size 168
7/11/2017 -- 03:07:55 - <Info> - defrag memory usage: 3838016 bytes, maximum: 33554432
7/11/2017 -- 03:07:55 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
7/11/2017 -- 03:07:55 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 hosts of size 136
7/11/2017 -- 03:07:55 - <Info> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:07:55 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 10000 flows of size 288
7/11/2017 -- 03:07:55 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
7/11/2017 -- 03:07:55 - <Info> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 03:07:55 - <Info> - stream "memcap": 33554432
7/11/2017 -- 03:07:55 - <Info> - stream "midstream" session pickups: disabled
7/11/2017 -- 03:07:55 - <Info> - stream "async-oneside": disabled
7/11/2017 -- 03:07:55 - <Info> - stream "checksum-validation": disabled
7/11/2017 -- 03:07:55 - <Info> - stream."inline": disabled
7/11/2017 -- 03:07:55 - <Info> - stream "max-synack-queued": 5
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "memcap": 134217728
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "depth": 0
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "toserver-chunk-size": 2670
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "toclient-chunk-size": 2527
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly.raw: enabled
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 4, prealloc 256
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 16, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 112, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 248, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 512, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 768, prealloc 1024
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 1448, prealloc 1024
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 65535, prealloc 128
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "chunk-prealloc": 250
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "zero-copy-size": 128
7/11/2017 -- 03:07:55 - <Info> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 ippairs of size 136
7/11/2017 -- 03:07:55 - <Info> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:07:55 - <Info> - using magic-file /usr/share/file/magic
7/11/2017 -- 03:07:55 - <Info> - Delayed detect disabled
7/11/2017 -- 03:07:55 - <Info> - IP reputation disabled
7/11/2017 -- 03:07:55 - <Info> - Registered 113 keyword profiling counters.
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-ftp.rules
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-policy.rules
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-trojan.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-games.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-pop3.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-user_agents.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-rpc.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-attack_response.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-icmp.rules
7/11/2017 -- 03:08:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/ET-icmp.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-scan.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-voip.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-chat.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-web_client.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-imap.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-web_server.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-current_events.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-smtp.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-malware.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-snmp.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-worm.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-dns.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-misc.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-sql.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-dos.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-netbios.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-telnet.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-exploit.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-p2p.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-tftp.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-mobile_malware.rules
7/11/2017 -- 03:08:10 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/local.rules
7/11/2017 -- 03:08:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/local.rules
7/11/2017 -- 03:08:10 - <Info> - 31 rule files processed. 31469 rules successfully loaded, 0 rules failed
7/11/2017 -- 03:08:11 - <Info> - 31474 signatures processed. 2 are IP-only rules, 14215 are inspecting packet payload, 20976 inspect application layer, 0 are decoder event only
7/11/2017 -- 03:08:11 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 03:08:11 - <Info> - building signature grouping structure, stage 2: building source address list... complete
7/11/2017 -- 03:08:18 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
7/11/2017 -- 03:08:21 - <Info> - Registered 31474 rule profiling counters.
7/11/2017 -- 03:08:21 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 03:08:21 - <Info> - Core dump size is unlimited.
7/11/2017 -- 03:08:21 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 03:08:21 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'alert'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'http'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'dns'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'tls'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'files'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 03:08:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 03:08:21 - <Info> - http-log output device (regular) initialized: http.log
7/11/2017 -- 03:08:21 - <Info> - stats output device (regular) initialized: stats.log
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 03:08:21 - <Info> - using 1 flow manager threads
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - using 1 flow recycler threads
7/11/2017 -- 03:08:21 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
7/11/2017 -- 03:08:21 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 03:08:21 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 03:08:21 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 03:08:21 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - time elapsed 0.244s
7/11/2017 -- 03:08:22 - <Info> - 96 flows processed
7/11/2017 -- 03:08:22 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 03:08:22 - <Info> - AutoFP - Total flow handler queues - 1
7/11/2017 -- 03:08:22 - <Info> - AutoFP - Queue 0  - pkts: 1252         flows: 96          
7/11/2017 -- 03:08:22 - <Info> - Stream TCP processed 1303 TCP packets
7/11/2017 -- 03:08:22 - <Info> - Fast log output wrote 120 alerts
7/11/2017 -- 03:08:22 - <Info> - Alert unified2 module wrote 120 alerts
7/11/2017 -- 03:08:22 - <Info> - HTTP logger logged 0 requests
7/11/2017 -- 03:08:22 - <Info> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:08:22 - <Info> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:08:22 - <Info> - Dumping profiling data for 31474 rules.
7/11/2017 -- 03:08:22 - <Info> - Done dumping profiling data.
7/11/2017 -- 03:08:22 - <Info> - Done dumping keyword profiling data.
7/11/2017 -- 03:08:22 - <Info> - cleaning up signature grouping structure... complete
7/11/2017 -- 03:08:22 - <Info> - Done dumping profiling data.
returncode:
0errors:
warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 7/11/2017 -- 03:08:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/ET-icmp.rules
- 7/11/2017 -- 03:08:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/local.rules


IDSDeathBlossom.py.log - (13517 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
2017-11-07 03:07:54,104 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2017-11-07 03:07:55,594 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2017-11-07 03:07:55,595 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.0-etpro-base
2017-11-07 03:07:55,596 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2017-11-07 03:07:55,596 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2017-11-07 03:07:55,596 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata30/bin/suricata -c /opt/suricata30/etc/etpro/suricata30-etpro-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d135db2cd89379e8568daa8f0277aae4f4 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none
2017-11-07 03:08:22,257 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
2017-11-07 03:08:22,259 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
7/11/2017 -- 03:08:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/ET-icmp.rules
2017-11-07 03:08:22,260 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
7/11/2017 -- 03:08:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/local.rules
2017-11-07 03:08:22,261 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2017-11-07 03:08:22,261 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata30/bin/suricata -c /opt/suricata30/etc/etpro/suricata30-etpro-base.yaml -l /var/www/html/732f896d981a50fc939016c0cd7c36d135db2cd89379e8568daa8f0277aae4f4 -r /var/pcap/11072017.0250-sessions.pcap -vvv -k none; returncode:0; elapsed:26.643499; Errors:
None
 Warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 7/11/2017 -- 03:08:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/ET-icmp.rules
- 7/11/2017 -- 03:08:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/local.rules

 stderr:

 stdout:
7/11/2017 -- 03:07:55 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
7/11/2017 -- 03:07:55 - <Notice> - This is Suricata version 3.0 RELEASE
7/11/2017 -- 03:07:55 - <Info> - CPUs/cores online: 1
7/11/2017 -- 03:07:55 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
7/11/2017 -- 03:07:55 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
7/11/2017 -- 03:07:55 - <Info> - DNS request flood protection level: 500
7/11/2017 -- 03:07:55 - <Info> - DNS per flow memcap (state-memcap): 524288
7/11/2017 -- 03:07:55 - <Info> - DNS global memcap: 16777216
7/11/2017 -- 03:07:55 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 defrag trackers of size 168
7/11/2017 -- 03:07:55 - <Info> - defrag memory usage: 3838016 bytes, maximum: 33554432
7/11/2017 -- 03:07:55 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
7/11/2017 -- 03:07:55 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 hosts of size 136
7/11/2017 -- 03:07:55 - <Info> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:07:55 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 10000 flows of size 288
7/11/2017 -- 03:07:55 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
7/11/2017 -- 03:07:55 - <Info> - stream "prealloc-sessions": 2048 (per thread)
7/11/2017 -- 03:07:55 - <Info> - stream "memcap": 33554432
7/11/2017 -- 03:07:55 - <Info> - stream "midstream" session pickups: disabled
7/11/2017 -- 03:07:55 - <Info> - stream "async-oneside": disabled
7/11/2017 -- 03:07:55 - <Info> - stream "checksum-validation": disabled
7/11/2017 -- 03:07:55 - <Info> - stream."inline": disabled
7/11/2017 -- 03:07:55 - <Info> - stream "max-synack-queued": 5
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "memcap": 134217728
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "depth": 0
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "toserver-chunk-size": 2670
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "toclient-chunk-size": 2527
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly.raw: enabled
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 4, prealloc 256
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 16, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 112, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 248, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 512, prealloc 512
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 768, prealloc 1024
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 1448, prealloc 1024
7/11/2017 -- 03:07:55 - <Info> - segment pool: pktsize 65535, prealloc 128
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "chunk-prealloc": 250
7/11/2017 -- 03:07:55 - <Info> - stream.reassembly "zero-copy-size": 128
7/11/2017 -- 03:07:55 - <Info> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
7/11/2017 -- 03:07:55 - <Info> - preallocated 1000 ippairs of size 136
7/11/2017 -- 03:07:55 - <Info> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:07:55 - <Info> - using magic-file /usr/share/file/magic
7/11/2017 -- 03:07:55 - <Info> - Delayed detect disabled
7/11/2017 -- 03:07:55 - <Info> - IP reputation disabled
7/11/2017 -- 03:07:55 - <Info> - Registered 113 keyword profiling counters.
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-ftp.rules
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-policy.rules
7/11/2017 -- 03:07:55 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-trojan.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-games.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-pop3.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-user_agents.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-rpc.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-attack_response.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-icmp.rules
7/11/2017 -- 03:08:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/ET-icmp.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-scan.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-voip.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-chat.rules
7/11/2017 -- 03:08:02 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-web_client.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-imap.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-web_server.rules
7/11/2017 -- 03:08:03 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-current_events.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-smtp.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-malware.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-snmp.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-worm.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-dns.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-misc.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-sql.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-dos.rules
7/11/2017 -- 03:08:07 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-netbios.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-telnet.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-exploit.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-p2p.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-tftp.rules
7/11/2017 -- 03:08:08 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/ET-mobile_malware.rules
7/11/2017 -- 03:08:10 - <Info> - Loading rule file: /opt/suricata30/etc/etpro/local.rules
7/11/2017 -- 03:08:10 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata30/etc/etpro/local.rules
7/11/2017 -- 03:08:10 - <Info> - 31 rule files processed. 31469 rules successfully loaded, 0 rules failed
7/11/2017 -- 03:08:11 - <Info> - 31474 signatures processed. 2 are IP-only rules, 14215 are inspecting packet payload, 20976 inspect application layer, 0 are decoder event only
7/11/2017 -- 03:08:11 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
7/11/2017 -- 03:08:11 - <Info> - building signature grouping structure, stage 2: building source address list... complete
7/11/2017 -- 03:08:18 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
7/11/2017 -- 03:08:21 - <Info> - Registered 31474 rule profiling counters.
7/11/2017 -- 03:08:21 - <Info> - Threshold config parsed: 0 rule(s) found
7/11/2017 -- 03:08:21 - <Info> - Core dump size is unlimited.
7/11/2017 -- 03:08:21 - <Info> - fast output device (regular) initialized: alert
7/11/2017 -- 03:08:21 - <Info> - eve-log output device (regular) initialized: eve.json
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'alert'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'http'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'dns'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'tls'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'files'
7/11/2017 -- 03:08:21 - <Info> - enabling 'eve-log' module 'ssh'
7/11/2017 -- 03:08:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
7/11/2017 -- 03:08:21 - <Info> - http-log output device (regular) initialized: http.log
7/11/2017 -- 03:08:21 - <Info> - stats output device (regular) initialized: stats.log
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - reading pcap file /var/pcap/11072017.0250-sessions.pcap
7/11/2017 -- 03:08:21 - <Info> - using 1 flow manager threads
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - using 1 flow recycler threads
7/11/2017 -- 03:08:21 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
7/11/2017 -- 03:08:21 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
7/11/2017 -- 03:08:21 - <Info> - pcap file end of file reached (pcap err code 0)
7/11/2017 -- 03:08:21 - <Notice> - Signal Received.  Stopping engine.
7/11/2017 -- 03:08:21 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
7/11/2017 -- 03:08:21 - <Info> - preallocated 1024 packets. Total memory 3606528
7/11/2017 -- 03:08:21 - <Info> - time elapsed 0.244s
7/11/2017 -- 03:08:22 - <Info> - 96 flows processed
7/11/2017 -- 03:08:22 - <Notice> - Pcap-file module read 1252 packets, 171188 bytes
7/11/2017 -- 03:08:22 - <Info> - AutoFP - Total flow handler queues - 1
7/11/2017 -- 03:08:22 - <Info> - AutoFP - Queue 0  - pkts: 1252         flows: 96          
7/11/2017 -- 03:08:22 - <Info> - Stream TCP processed 1303 TCP packets
7/11/2017 -- 03:08:22 - <Info> - Fast log output wrote 120 alerts
7/11/2017 -- 03:08:22 - <Info> - Alert unified2 module wrote 120 alerts
7/11/2017 -- 03:08:22 - <Info> - HTTP logger logged 0 requests
7/11/2017 -- 03:08:22 - <Info> - ippair memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:08:22 - <Info> - host memory usage: 398144 bytes, maximum: 16777216
7/11/2017 -- 03:08:22 - <Info> - Dumping profiling data for 31474 rules.
7/11/2017 -- 03:08:22 - <Info> - Done dumping profiling data.
7/11/2017 -- 03:08:22 - <Info> - Done dumping keyword profiling data.
7/11/2017 -- 03:08:22 - <Info> - cleaning up signature grouping structure... complete
7/11/2017 -- 03:08:22 - <Info> - Done dumping profiling data.

 
2017-11-07 03:08:22,267 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 28.1839017868