Filename: fd416665e14c4515d5a5862b33fb9bb40939e7441412cde99e72184981251196_VirusTotal Jujubox.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 32.7444801331 seconds
Hash: 73d97fa1880e4fa316e830c83be712a7
Uploaded: 1568385140

Logfiles


packet_stats.log - (11913 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           183          4985912      126537390      93579451         17.1b   98.30
 IPv4      17             4         53639368      127032238      73863587        295.5m    1.70
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           183           137448       29736632        635080        116.2m   92.24
TMM_FLOWWORKER              IPv4      17             4           511226        2556942       1882408          7.5m    5.98
TMM_RECEIVEPCAPFILE         IPv4       6           181             5072          26468          6154          1.1m    0.88
TMM_RECEIVEPCAPFILE         IPv4      17             4             5402           5526          5460         21.8k    0.02
TMM_DECODEPCAPFILE          IPv4       6           181             5182          57106          5992          1.1m    0.86
TMM_DECODEPCAPFILE          IPv4      17             4             5618          13764          7948         31.8k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           181             5492          48278          7111          1.3m  1.13  
flow                    IPv4      17             4             7386          11816          9565         38.3k  0.03  
stream                  IPv4       6           183             6076        7015530         59887         11.0m  9.66  
app-layer               IPv4      17             4             5684         494822        167236        668.9k  0.59  
detect                  IPv4       6           183            89562       28537788        510149         93.4m  82.29 
detect                  IPv4      17             4           475678        2186802       1471051          5.9m  5.19  
tcp-prune               IPv4       6           183             5072          49222          6857          1.3m  1.11  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3            11192         460648        204631        613.9k  55.19 
http                    IPv4      17             1           460648         460648        460648        460.6k  41.41 
dns                     IPv4      17             2            13210          24590         18900         37.8k  3.40  
Proto detect            IPv4      17             3            39728         478384        185946        557.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2           194156         583978        389067        778.1k  28.30 
LOGGER_JSON_HTTP            IPv4       6             2           216710         893546        555128          1.1m  40.38 
LOGGER_JSON_FILE            IPv4       6             2           110538         750356        430447        860.9k  31.31 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           150             5742         561172         28176         4.2m  24.57 
payload                           IPv4      17             4            52306         518252        175848       703.4k  4.09  
stream                            IPv4       6           150             5038         839336         35079         5.3m  30.59 
http_uri                          IPv4       6             2            26690          48828         37759        75.5k  0.44  
http_request_line                 IPv4       6             2            12146          14706         13426        26.9k  0.16  
http_client_body                  IPv4       6             2             5942          12172          9057        18.1k  0.11  
http_header (request)             IPv4       6             2            81540         152476        117008       234.0k  1.36  
http_header (request trailer)     IPv4       6             2             5116           5172          5144        10.3k  0.06  
http_header_names (request)       IPv4       6             2            21178          32844         27011        54.0k  0.31  
http_accept (request)             IPv4       6             2             7092          13754         10423        20.8k  0.12  
http_referer (request)            IPv4       6             2             6064         442990        224527       449.1k  2.61  
http_content_len (request)        IPv4       6             2             7094           7570          7332        14.7k  0.09  
http_content_type (request)       IPv4       6             2             7078           9218          8148        16.3k  0.09  
http_protocol (request)           IPv4       6             2             9590          12900         11245        22.5k  0.13  
http_start (request)              IPv4       6             2            25722          27006         26364        52.7k  0.31  
http_raw_header (request)         IPv4       6             2            23634          28542         26088        52.2k  0.30  
http_method                       IPv4       6             2            11228          11690         11459        22.9k  0.13  
http_cookie (request)             IPv4       6             2             6414          13870         10142        20.3k  0.12  
http_raw_uri                      IPv4       6             2             8862           9454          9158        18.3k  0.11  
http_user_agent                   IPv4       6             2            41452          61650         51551       103.1k  0.60  
http_host                         IPv4       6             2             8252          11618          9935        19.9k  0.12  
dns_query                         IPv4      17             1            18898          18898         18898        18.9k  0.11  
http_response_line                IPv4       6             2            14434          14998         14716        29.4k  0.17  
http_header (response)            IPv4       6             2            74942          85078         80010       160.0k  0.93  
http_header (response trailer)    IPv4       6             2             5154           6866          6010        12.0k  0.07  
http_content_type (response)      IPv4       6             2            14482          15884         15183        30.4k  0.18  
http_raw_header (response)        IPv4       6           142             7492          45062          9710         1.4m  8.02  
http_cookie (response)            IPv4       6             2             6622           8044          7333        14.7k  0.09  
http_stat_code                    IPv4       6             2             7600          10162          8881        17.8k  0.10  
file_data (http response)         IPv4       6           140             5078         546080         29397         4.1m  23.93 
Total                             IPv4                   635                                         27088        17.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            74618         235350        135925        543.7k  0.46  
PROF_DETECT_IPONLY          IPv4      17             3            62352         120256         93180        279.5k  0.23  
PROF_DETECT_RULES           IPv4       6           183             5024       27557694        224856         41.1m  34.55 
PROF_DETECT_RULES           IPv4      17             4           298416         948780        686843          2.7m  2.31  
PROF_DETECT_STATEFUL_START    IPv4       6            27            10122        3679308        285425          7.7m  6.47  
PROF_DETECT_STATEFUL_CONT    IPv4       6           183             5274         104984         24189          4.4m  3.72  
PROF_DETECT_STATEFUL_CONT    IPv4      17             4             5078          29678         16077         64.3k  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           175             5076          29988          6419          1.1m  0.94  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             6262           8236          7249         14.5k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           183            16270        1097884        155741         28.5m  23.93 
PROF_DETECT_PREFILTER       IPv4      17             4           109100         569558        245413        981.7k  0.82  
PROF_DETECT_PF_PAYLOAD      IPv4       6           150            34158         863154         81266         12.2m  10.24 
PROF_DETECT_PF_PAYLOAD      IPv4      17             4            66230         528706        187616        750.5k  0.63  
PROF_DETECT_PF_TX           IPv4       6           175             5062         878794         59332         10.4m  8.72  
PROF_DETECT_PF_TX           IPv4      17             1            35458          35458         35458         35.5k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6            12             5110          22356          8774        105.3k  0.09  
PROF_DETECT_PF_SORT1        IPv4      17             4             7768           9254          8561         34.2k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           183             5006          38256          6559          1.2m  1.01  
PROF_DETECT_PF_SORT2        IPv4      17             4             7152          14498         10150         40.6k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6           183             5040          51990          6309          1.2m  0.97  
PROF_DETECT_NONMPMLIST      IPv4      17             4             5856          10866          7737         30.9k  0.03  
PROF_DETECT_ALERT           IPv4       6           183             5024          34714          6482          1.2m  1.00  
PROF_DETECT_ALERT           IPv4      17             4             5098         433844        114069        456.3k  0.38  
PROF_DETECT_CLEANUP         IPv4       6           183             5084         455916         11771          2.2m  1.81  
PROF_DETECT_CLEANUP         IPv4      17             4             5070          11042          8667         34.7k  0.03  
PROF_DETECT_GETSGH          IPv4       6           183             5012          39302          6789          1.2m  1.04  
PROF_DETECT_GETSGH          IPv4      17             4             5040         470152        140626        562.5k  0.47  


suricata-4.0.0-etpro-all-perf.txt-2019-09-13-T-14-32-53-09132019.1432-fd416665e14c4515d5a5862b33fb9bb40939e7441412cde99e72184981251196_VirusTotal_Jujubox.pcap.txt - (21590 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/13/2019 -- 14:32:53. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816909      1        2        21646378     56.61  2        0        21060668    10823189.00 0.00        10823189.00
  2        2829644      1        1        579216       1.51   2        0        525606      289608.00   0.00        289608.00  
  3        2816924      1        4        685046       1.79   2        0        517584      342523.00   0.00        342523.00  
  4        2815817      1        5        567304       1.48   2        0        503024      283652.00   0.00        283652.00  
  5        2007880      1        7        497736       1.30   1        0        497736      497736.00   0.00        497736.00  
  6        2023316      1        2        500838       1.31   2        0        493908      250419.00   0.00        250419.00  
  7        2816931      1        3        530168       1.39   2        0        478634      265084.00   0.00        265084.00  
  8        2022334      1        2        545950       1.43   2        0        477192      272975.00   0.00        272975.00  
  9        2008118      1        3        447314       1.17   1        0        447314      447314.00   0.00        447314.00  
  10       2827279      1        5        390718       1.02   2        0        350858      195359.00   0.00        195359.00  
  11       2022339      1        2        179328       0.47   1        0        179328      179328.00   0.00        179328.00  
  12       2018452      1        15       165574       0.43   1        0        165574      165574.00   0.00        165574.00  
  13       2021073      1        2        152758       0.40   1        1        152758      152758.00   152758.00   0.00       
  14       2828008      1        2        182778       0.48   2        0        141462      91389.00    0.00        91389.00   
  15       2022503      1        2        128284       0.34   1        0        128284      128284.00   0.00        128284.00  
  16       2828122      1        2        125484       0.33   1        0        125484      125484.00   0.00        125484.00  
  17       2024771      1        1        1369948      3.58   142      0        116452      9647.52     0.00        9647.52    
  18       2816910      1        2        213854       0.56   2        0        112902      106927.00   0.00        106927.00  
  19       2816929      1        4        161304       0.42   2        0        111658      80652.00    0.00        80652.00   
  20       2814888      1        2        111180       0.29   1        0        111180      111180.00   0.00        111180.00  
  21       2816940      1        2        164188       0.43   2        0        110160      82094.00    0.00        82094.00   
  22       2017613      1        9        106178       0.28   1        0        106178      106178.00   0.00        106178.00  
  23       2022502      1        4        100162       0.26   1        0        100162      100162.00   0.00        100162.00  
  24       2023670      1        3        98812        0.26   1        1        98812       98812.00    98812.00    0.00       
  25       2022609      1        2        96430        0.25   1        0        96430       96430.00    0.00        96430.00   
  26       2025064      1        5        168034       0.44   2        0        96366       84017.00    0.00        84017.00   
  27       2016537      1        2        848996       2.22   23       0        93158       36912.87    0.00        36912.87   
  28       2814214      1        3        150440       0.39   2        0        91194       75220.00    0.00        75220.00   
  29       2023315      1        2        88188        0.23   1        0        88188       88188.00    0.00        88188.00   
  30       2820851      1        5        165692       0.43   2        0        87614       82846.00    0.00        82846.00   
  31       2816925      1        3        155770       0.41   2        0        82700       77885.00    0.00        77885.00   
  32       2024767      1        2        78032        0.20   1        0        78032       78032.00    0.00        78032.00   
  33       2812916      1        6        78026        0.20   1        0        78026       78026.00    0.00        78026.00   
  34       2012707      1        5        132854       0.35   2        0        77906       66427.00    0.00        66427.00   
  35       2830124      1        1        140248       0.37   2        0        77578       70124.00    0.00        70124.00   
  36       2819673      1        4        130298       0.34   2        0        76240       65149.00    0.00        65149.00   
  37       2816327      1        4        142146       0.37   2        0        75972       71073.00    0.00        71073.00   
  38       2816526      1        13       126800       0.33   2        0        74762       63400.00    0.00        63400.00   
  39       2816328      1        5        124940       0.33   2        0        74138       62470.00    0.00        62470.00   
  40       2019344      1        5        73516        0.19   1        0        73516       73516.00    0.00        73516.00   
  41       2816525      1        10       135180       0.35   2        0        71474       67590.00    0.00        67590.00   
  42       2017552      1        6        820342       2.15   25       0        69858       32813.68    0.00        32813.68   
  43       2019693      1        5        69208        0.18   1        0        69208       69208.00    0.00        69208.00   
  44       2024196      1        3        68816        0.18   1        0        68816       68816.00    0.00        68816.00   
  45       2022207      1        4        68680        0.18   1        0        68680       68680.00    0.00        68680.00   
  46       2815324      1        2        67958        0.18   1        0        67958       67958.00    0.00        67958.00   
  47       2019881      1        3        67504        0.18   1        0        67504       67504.00    0.00        67504.00   
  48       2023875      1        2        67112        0.18   1        0        67112       67112.00    0.00        67112.00   
  49       2023916      1        2        66158        0.17   1        0        66158       66158.00    0.00        66158.00   
  50       2816165      1        5        116062       0.30   2        0        65858       58031.00    0.00        58031.00   
  51       2816922      1        5        123400       0.32   2        0        65134       61700.00    0.00        61700.00   
  52       2018358      1        7        65122        0.17   1        0        65122       65122.00    0.00        65122.00   
  53       2025162      1        2        128994       0.34   2        0        64614       64497.00    0.00        64497.00   
  54       2009702      1        5        71370        0.19   2        0        64470       35685.00    0.00        35685.00   
  55       2821615      1        2        116830       0.31   2        0        63702       58415.00    0.00        58415.00   
  56       2022220      1        2        63592        0.17   1        0        63592       63592.00    0.00        63592.00   
  57       2804626      1        9        101754       0.27   2        0        61786       50877.00    0.00        50877.00   
  58       2815201      1        2        61442        0.16   1        0        61442       61442.00    0.00        61442.00   
  59       2829607      1        1        100886       0.26   2        0        58870       50443.00    0.00        50443.00   
  60       2816927      1        3        108944       0.28   2        0        57856       54472.00    0.00        54472.00   
  61       2011894      1        19       57538        0.15   1        0        57538       57538.00    0.00        57538.00   
  62       2012612      1        16       100384       0.26   2        0        57534       50192.00    0.00        50192.00   
  63       2809267      1        8        96168        0.25   2        0        56598       48084.00    0.00        48084.00   
  64       2815886      1        2        56270        0.15   1        0        56270       56270.00    0.00        56270.00   
  65       2022049      1        3        55968        0.15   1        0        55968       55968.00    0.00        55968.00   
  66       2823166      1        3        55300        0.14   1        0        55300       55300.00    0.00        55300.00   
  67       2820031      1        2        54400        0.14   1        0        54400       54400.00    0.00        54400.00   
  68       2016858      1        10       54364        0.14   1        0        54364       54364.00    0.00        54364.00   
  69       2830035      1        2        94546        0.25   2        0        54100       47273.00    0.00        47273.00   
  70       2816356      1        2        53914        0.14   1        0        53914       53914.00    0.00        53914.00   
  71       2018496      1        9        53664        0.14   1        0        53664       53664.00    0.00        53664.00   
  72       2003657      1        18       52866        0.14   1        0        52866       52866.00    0.00        52866.00   
  73       2018981      1        4        52620        0.14   1        0        52620       52620.00    0.00        52620.00   
  74       2828190      1        2        52518        0.14   1        0        52518       52518.00    0.00        52518.00   
  75       2022262      1        3        52070        0.14   1        0        52070       52070.00    0.00        52070.00   
  76       2018242      1        5        51914        0.14   1        0        51914       51914.00    0.00        51914.00   
  77       2827575      1        2        51612        0.13   1        0        51612       51612.00    0.00        51612.00   
  78       2003492      1        30       51572        0.13   1        0        51572       51572.00    0.00        51572.00   
  79       2816930      1        4        102160       0.27   2        0        51192       51080.00    0.00        51080.00   
  80       2809859      1        6        50984        0.13   1        0        50984       50984.00    0.00        50984.00   
  81       2816928      1        3        100964       0.26   2        0        50936       50482.00    0.00        50482.00   
  82       2018983      1        7        50882        0.13   1        0        50882       50882.00    0.00        50882.00   
  83       2014701      1        12       54272        0.14   2        0        46340       27136.00    0.00        27136.00   
  84       2802880      1        3        45668        0.12   1        0        45668       45668.00    0.00        45668.00   
  85       2018958      1        18       44820        0.12   1        0        44820       44820.00    0.00        44820.00   
  86       2022543      1        1        44736        0.12   1        0        44736       44736.00    0.00        44736.00   
  87       2824408      1        2        41888        0.11   1        0        41888       41888.00    0.00        41888.00   
  88       2816857      1        2        41682        0.11   1        0        41682       41682.00    0.00        41682.00   
  89       2018010      1        5        41650        0.11   1        0        41650       41650.00    0.00        41650.00   
  90       2024178      1        2        41642        0.11   1        0        41642       41642.00    0.00        41642.00   
  91       2822232      1        2        49150        0.13   2        0        41462       24575.00    0.00        24575.00   
  92       2020380      1        3        41150        0.11   1        0        41150       41150.00    0.00        41150.00   
  93       2826256      1        2        81038        0.21   2        0        40864       40519.00    0.00        40519.00   
  94       2825063      1        2        40640        0.11   1        0        40640       40640.00    0.00        40640.00   
  95       2016223      1        10       40472        0.11   1        0        40472       40472.00    0.00        40472.00   
  96       2022203      1        2        40298        0.11   1        0        40298       40298.00    0.00        40298.00   
  97       2020698      1        2        39906        0.10   1        0        39906       39906.00    0.00        39906.00   
  98       2020705      1        4        39704        0.10   1        0        39704       39704.00    0.00        39704.00   
  99       2808704      1        4        39534        0.10   1        0        39534       39534.00    0.00        39534.00   
  100      2809682      1        5        39432        0.10   1        0        39432       39432.00    0.00        39432.00   
  101      2805260      1        4        38766        0.10   1        0        38766       38766.00    0.00        38766.00   
  102      2826049      1        2        47362        0.12   2        0        38694       23681.00    0.00        23681.00   
  103      2809547      1        5        38072        0.10   1        0        38072       38072.00    0.00        38072.00   
  104      2014702      1        9        44666        0.12   2        0        37464       22333.00    0.00        22333.00   
  105      2014703      1        9        45462        0.12   2        0        36654       22731.00    0.00        22731.00   
  106      2013382      1        3        33972        0.09   1        0        33972       33972.00    0.00        33972.00   
  107      2803760      1        3        31970        0.08   1        0        31970       31970.00    0.00        31970.00   
  108      2826281      1        2        30988        0.08   1        0        30988       30988.00    0.00        30988.00   
  109      2811447      1        2        29406        0.08   4        0        12040       7351.50     0.00        7351.50    
  110      2828876      1        1        32018        0.08   4        0        11724       8004.50     0.00        8004.50    
  111      2008420      1        4        34264        0.09   4        0        10852       8566.00     0.00        8566.00    
  112      2805354      1        7        15748        0.04   2        0        9652        7874.00     0.00        7874.00    
  113      2012236      1        2        19038        0.05   3        0        8842        6346.00     0.00        6346.00    
  114      2100540      1        12       25940        0.07   4        0        8474        6485.00     0.00        6485.00    
  115      2810792      1        5        8242         0.02   1        0        8242        8242.00     0.00        8242.00    
  116      2008116      1        4        20802        0.05   3        0        8234        6934.00     0.00        6934.00    
  117      2815824      1        2        8216         0.02   1        0        8216        8216.00     0.00        8216.00    
  118      2008120      1        4        25078        0.07   4        0        8034        6269.50     0.00        6269.50    
  119      2100540      1        12       26590        0.07   4        0        8018        6647.50     0.00        6647.50    
  120      2816395      1        3        7892         0.02   1        0        7892        7892.00     0.00        7892.00    
  121      2008119      1        3        13478        0.04   2        0        7830        6739.00     0.00        6739.00    
  122      2810799      1        5        7820         0.02   1        0        7820        7820.00     0.00        7820.00    
  123      2023622      1        3        24986        0.07   4        0        7724        6246.50     0.00        6246.50    
  124      2810793      1        5        14584        0.04   2        0        7600        7292.00     0.00        7292.00    
  125      2023623      1        3        2

This file has been truncated. Go here to download in full.


stats.log - (2683 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 9/13/2019 -- 14:32:53 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 185
decoder.bytes                              | Total                     | 210916
decoder.ipv4                               | Total                     | 185
decoder.ethernet                           | Total                     | 185
decoder.tcp                                | Total                     | 181
decoder.udp                                | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 1140
decoder.max_pkt_size                       | Total                     | 1474
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 2
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 1
flow.spare                                 | Total                     | 9997
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (2797 bytes) - download
1
2
3
4
5
6
{"timestamp":"1900-01-00T00:00:40.960640+0000","flow_id":825786922182746,"pcap_cnt":9,"event_type":"http","src_ip":"10.0.2.15","src_port":49178,"dest_ip":"72.21.245.117","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"72.21.245.117","url":"\/files\/Tests.zip","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"application\/zip"}}
{"timestamp":"1900-01-00T00:00:41.141394+0000","flow_id":825786922182746,"pcap_cnt":11,"event_type":"fileinfo","src_ip":"72.21.245.117","src_port":80,"dest_ip":"10.0.2.15","dest_port":49178,"proto":"TCP","http":{"hostname":"72.21.245.117","url":"\/files\/Tests.zip","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"application\/zip","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1194},"app_proto":"http","fileinfo":{"filename":"\/files\/Tests.zip","gaps":false,"state":"CLOSED","stored":false,"size":1194,"tx_id":0}}
{"timestamp":"1970-01-01T00:01:26.071721+0000","flow_id":1950956687595561,"pcap_cnt":13,"event_type":"dns","src_ip":"10.0.2.15","src_port":53374,"dest_ip":"10.0.2.3","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29323,"rrname":"fateh.aba.ae","rrtype":"A","tx_id":0}}
{"timestamp":"1970-01-01T00:01:26.083264+0000","flow_id":1950956687595561,"pcap_cnt":14,"event_type":"dns","src_ip":"10.0.2.3","src_port":53,"dest_ip":"10.0.2.15","dest_port":53374,"proto":"UDP","dns":{"type":"answer","id":29323,"rcode":"NOERROR","rrname":"fateh.aba.ae","rrtype":"A","ttl":600,"rdata":"85.17.26.65"}}
{"timestamp":"1970-01-01T00:01:27.754503+0000","flow_id":1150776363098045,"pcap_cnt":180,"event_type":"http","src_ip":"10.0.2.15","src_port":49185,"dest_ip":"85.17.26.65","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"fateh.aba.ae","url":"\/abc.zip","http_user_agent":"Mozilla\/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell\/4.0","http_content_type":"application\/zip"}}
{"timestamp":"1970-01-01T00:01:46.246047+0000","flow_id":1150776363098045,"pcap_cnt":183,"event_type":"fileinfo","src_ip":"85.17.26.65","src_port":80,"dest_ip":"10.0.2.15","dest_port":49185,"proto":"TCP","http":{"hostname":"fateh.aba.ae","url":"\/abc.zip","http_user_agent":"Mozilla\/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell\/4.0","http_content_type":"application\/zip","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":197486},"app_proto":"http","fileinfo":{"filename":"\/abc.zip","gaps":false,"state":"CLOSED","stored":false,"size":197486,"tx_id":0}}


keyword_perf.log - (10181 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/13/2019 -- 14:32:53
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2112570         179             179             451564          11802.00        11802.00        0.00           
  content          2497538         234             149             453662          10673.00        9322.00         13040.00       
  pcre             760888          36              7               89026           21135.00        31656.00        18596.00       
  byte_test        54984           7               3               12128           7854.00         8370.00         7468.00        
  isdataat         7536            1               0               7536            7536.00         0.00            7536.00        
  flowbits         89938           7               3               39512           12848.00        18776.00        8402.00        
  urilen           665060          38              7               433000          17501.00        6354.00         20018.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2112570         179             179             451564          11802.00        11802.00        0.00           
  flowbits         42932           5               1               9322            8586.00         9322.00         8402.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          190966          23              16              16808           8302.00         8189.00         8562.00        
  pcre             22166           1               0               22166           22166.00        0.00            22166.00       
  byte_test        54984           7               3               12128           7854.00         8370.00         7468.00        
  isdataat         7536            1               0               7536            7536.00         0.00            7536.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         47006           2               2               39512           23503.00        23503.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          635114          26              11              453662          24427.00        6786.00         37364.00       
  pcre             308240          15              0               35872           20549.00        0.00            20549.00       
  urilen           665060          38              7               433000          17501.00        6354.00         20018.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14604           2               0               7422            7302.00         0.00            7302.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          127344          12              0               29220           10612.00        0.00            10612.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1023088         114             87              108800          8974.00         9529.00         7185.00        
  pcre             378208          16              5               89026           23638.00        37497.00        17338.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          161584          21              12              14756           7694.00         8292.00         6897.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6318            1               1               6318            6318.00         6318.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          331092          34              21              94056           9738.00         11481.00        6922.00        
  pcre             52274           4               2               18110           13068.00        17053.00        9084.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7428            1               1               7428            7428.00         7428.00         0.00           


IDSDeathBlossom.py.log - (1223 bytes) - download
1
2
3
4
5
6
7
8
2019-09-13 14:32:21,100 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-13 14:32:22,087 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-13 14:32:22,087 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-13 14:32:22,088 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-13 14:32:22,088 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-13 14:32:22,088 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/73d97fa1880e4fa316e830c83be712a756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09132019.1432-fd416665e14c4515d5a5862b33fb9bb40939e7441412cde99e72184981251196_VirusTotal_Jujubox.pcap -vvv -k none
2019-09-13 14:32:53,417 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-13 14:32:53,419 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 32.3331050873


suricata-report-2019-09-13-T-14-32-53-09132019.1432-fd416665e14c4515d5a5862b33fb9bb40939e7441412cde99e72184981251196_VirusTotal_Jujubox.pcap.txt - (17801 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/73d97fa1880e4fa316e830c83be712a756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09132019.1432-fd416665e14c4515d5a5862b33fb9bb40939e7441412cde99e72184981251196_VirusTotal_Jujubox.pcap -vvv -k none
elapsedtime:31.325173
stderr:
stdout:
13/9/2019 -- 14:32:22 - <Info> - Configuration node 'rule-files' redefined.
13/9/2019 -- 14:32:22 - <Notice> - This is Suricata version 4.0.0 RELEASE
13/9/2019 -- 14:32:22 - <Info> - CPUs/cores online: 1
13/9/2019 -- 14:32:22 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33862 and 'request-body-inspect-window' set to 16331 after randomization.
13/9/2019 -- 14:32:22 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33933 and 'response-body-inspect-window' set to 17161 after randomization.
13/9/2019 -- 14:32:22 - <Config> - DNS request flood protection level: 500
13/9/2019 -- 14:32:22 - <Config> - DNS per flow memcap (state-memcap): 524288
13/9/2019 -- 14:32:22 - <Config> - DNS global memcap: 16777216
13/9/2019 -- 14:32:22 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
13/9/2019 -- 14:32:22 - <Config> - preallocated 1000 hosts of size 136
13/9/2019 -- 14:32:22 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
13/9/2019 -- 14:32:22 - <Config> - using magic-file /usr/share/file/magic
13/9/2019 -- 14:32:22 - <Config> - Core dump size is unlimited.
13/9/2019 -- 14:32:22 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
13/9/2019 -- 14:32:22 - <Config> - preallocated 1000 defrag trackers of size 168
13/9/2019 -- 14:32:22 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
13/9/2019 -- 14:32:22 - <Config> - stream "prealloc-sessions": 2048 (per thread)
13/9/2019 -- 14:32:22 - <Config> - stream "memcap": 33554432
13/9/2019 -- 14:32:22 - <Config> - stream "midstream" session pickups: disabled
13/9/2019 -- 14:32:22 - <Config> - stream "async-oneside": disabled
13/9/2019 -- 14:32:22 - <Config> - stream "checksum-validation": disabled
13/9/2019 -- 14:32:22 - <Config> - stream."inline": disabled
13/9/2019 -- 14:32:22 - <Config> - stream "bypass": disabled
13/9/2019 -- 14:32:22 - <Config> - stream "max-synack-queued": 5
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly "memcap": 134217728
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly "depth": 0
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly "toserver-chunk-size": 2598
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly "toclient-chunk-size": 2454
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly.raw: enabled
13/9/2019 -- 14:32:22 - <Config> - stream.reassembly "segment-prealloc": 2048
13/9/2019 -- 14:32:22 - <Config> - Delayed detect disabled
13/9/2019 -- 14:32:22 - <Config> - pattern matchers: MPM: ac, SPM: bm
13/9/2019 -- 14:32:22 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
13/9/2019 -- 14:32:22 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
13/9/2019 -- 14:32:22 - <Config> - prefilter engines: MPM
13/9/2019 -- 14:32:22 - <Config> - IP reputation disabled
13/9/2019 -- 14:32:22 - <Perf> - Registered 148 keyword profiling counters.
13/9/2019 -- 14:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
13/9/2019 -- 14:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
13/9/2019 -- 14:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
13/9/2019 -- 14:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
13/9/2019 -- 14:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
13/9/2019 -- 14:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
13/9/2019 -- 14:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
13/9/2019 -- 14:32:29 - <Config> - No rules loaded from ET-icmp.rules.
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
13/9/2019 -- 14:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
13/9/2019 -- 14:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
13/9/2019 -- 14:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
13/9/2019 -- 14:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
13/9/2019 -- 14:32:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
13/9/2019 -- 14:32:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
13/9/2019 -- 14:32:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
13/9/2019 -- 14:32:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
13/9/2019 -- 14:32:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
13/9/2019 -- 14:32:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
13/9/2019 -- 14:32:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
13/9/2019 -- 14:32:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
13/9/2019 -- 14:32:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
13/9/2019 -- 14:32:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
13/9/2019 -- 14:32:39 - <Config> - No rules loaded from local.rules.
13/9/2019 -- 14:32:39 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
13/9/2019 -- 14:32:39 - <Info> - Threshold config parsed: 0 rule(s) found
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tcp-packet
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tcp-stream
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for udp-packet
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for other-ip
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_uri
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_request_line
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_client_body
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_response_line
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_header
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_header
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_header_names
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_header_names
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_accept
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_accept_enc
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_accept_lang
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_referer
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_connection
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_content_len
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_content_len
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_content_type
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_content_type
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_protocol
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_protocol
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_start
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_start
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_raw_header
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_raw_header
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_method
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_cookie
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_cookie
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_raw_uri
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_user_agent
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_host
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_raw_host
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_stat_msg
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_stat_code
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for dns_query
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tls_sni
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tls_cert_issuer
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tls_cert_subject
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for tls_cert_serial
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for dce_stub_data
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for dce_stub_data
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for ssh_protocol
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for ssh_protocol
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for ssh_software
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for ssh_software
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for file_data
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for file_data
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_request_line
13/9/2019 -- 14:32:39 - <Perf> - using shared mpm ctx' for http_response_line
13/9/2019 -- 14:32:39 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
13/9/2019 -- 14:32:39 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
13/9/2019 -- 14:32:40 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
13/9/2019 -- 14:32:40 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
13/9/2019 -- 14:32:40 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
13/9/2019 -- 14:32:40 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
13/9/2019 -- 14:32:40 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
13/9/2019 -- 14:32:40 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
13/9/2019 -- 14:32:48 - <Perf> - Unique rule groups: 104
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toserver TCP packet": 35
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toclient TCP packet": 17
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toserver TCP stream": 33
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toclient TCP stream": 19
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toserver UDP packet": 27
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "toclient UDP packet": 17
13/9/2019 -- 14:32:48 - <Perf> - Builtin MPM "other IP packet": 3
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_uri": 14
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_request_line": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_client_body": 6
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_response_line": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_header": 10
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_header": 6
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_header_names": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_accept": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_referer": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_content_len": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_content_type": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_content_type": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_protocol": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_start": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_method": 5
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_cookie": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_cookie": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver http_host": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver dns_query": 4
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver tls_sni": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toserver file_data": 1
13/9/2019 -- 14:32:48 - <Perf> - AppLayer MPM "toclient file_data": 7
13/9/2019 -- 14:32:51 - <Perf> - Registered 39590 rule profiling counters.
13/9/2019 -- 14:32:51 - <Info> - fast output device (regular) initialized: alert
13/9/2019 -- 14:32:52 - <Info> - eve-log output device (regular) initialized: eve.json
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'alert'
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'http'
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'dns'
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'tls'
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'files'
13/9/2019 -- 14:32:52 - <Config> - enabling 'eve-log' module 'ssh'
13/9/2019 -- 14:32:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
13/9/2019 -- 14:32:52 - <Info> - stats output device (regular) initialized: stats.log
13/9/2019 -- 14:32:52 - <Config> - AutoFP mode using "Hash" flow load balancer
13/9/2019 -- 14:32:52 - <Info> - reading pcap file /var/pcap/09132019.1432-fd416665e14c4515d5a5862b33fb9bb4

This file has been truncated. Go here to download in full.