Filename: datas.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 10.3800899982 seconds
Hash: 746e4783e17a2b45ed0b147a302c1de2
Uploaded: 1572534741

Logfiles


suricata-report-2019-10-31-T-15-12-32-10312019.1512-datas.pcap.txt - (18277 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/746e4783e17a2b45ed0b147a302c1de2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/10312019.1512-datas.pcap -vvv -k none
elapsedtime:9.367777
stderr:
stdout:
31/10/2019 -- 15:12:22 - <Info> - Configuration node 'rule-files' redefined.
31/10/2019 -- 15:12:22 - <Notice> - This is Suricata version 4.0.0 RELEASE
31/10/2019 -- 15:12:22 - <Info> - CPUs/cores online: 1
31/10/2019 -- 15:12:22 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33302 and 'request-body-inspect-window' set to 16437 after randomization.
31/10/2019 -- 15:12:22 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31492 and 'response-body-inspect-window' set to 15568 after randomization.
31/10/2019 -- 15:12:22 - <Config> - DNS request flood protection level: 500
31/10/2019 -- 15:12:22 - <Config> - DNS per flow memcap (state-memcap): 524288
31/10/2019 -- 15:12:22 - <Config> - DNS global memcap: 16777216
31/10/2019 -- 15:12:22 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
31/10/2019 -- 15:12:22 - <Config> - preallocated 1000 hosts of size 136
31/10/2019 -- 15:12:22 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
31/10/2019 -- 15:12:22 - <Config> - using magic-file /usr/share/file/magic
31/10/2019 -- 15:12:22 - <Config> - Core dump size is unlimited.
31/10/2019 -- 15:12:22 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
31/10/2019 -- 15:12:22 - <Config> - preallocated 1000 defrag trackers of size 168
31/10/2019 -- 15:12:22 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
31/10/2019 -- 15:12:22 - <Config> - stream "prealloc-sessions": 2048 (per thread)
31/10/2019 -- 15:12:22 - <Config> - stream "memcap": 33554432
31/10/2019 -- 15:12:22 - <Config> - stream "midstream" session pickups: disabled
31/10/2019 -- 15:12:22 - <Config> - stream "async-oneside": disabled
31/10/2019 -- 15:12:22 - <Config> - stream "checksum-validation": disabled
31/10/2019 -- 15:12:22 - <Config> - stream."inline": disabled
31/10/2019 -- 15:12:22 - <Config> - stream "bypass": disabled
31/10/2019 -- 15:12:22 - <Config> - stream "max-synack-queued": 5
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly "memcap": 134217728
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly "depth": 0
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly "toserver-chunk-size": 2505
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly "toclient-chunk-size": 2515
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly.raw: enabled
31/10/2019 -- 15:12:22 - <Config> - stream.reassembly "segment-prealloc": 2048
31/10/2019 -- 15:12:22 - <Config> - Delayed detect disabled
31/10/2019 -- 15:12:22 - <Config> - pattern matchers: MPM: ac, SPM: bm
31/10/2019 -- 15:12:22 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
31/10/2019 -- 15:12:22 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
31/10/2019 -- 15:12:22 - <Config> - prefilter engines: MPM
31/10/2019 -- 15:12:22 - <Config> - IP reputation disabled
31/10/2019 -- 15:12:22 - <Perf> - Registered 148 keyword profiling counters.
31/10/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
31/10/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
31/10/2019 -- 15:12:22 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
31/10/2019 -- 15:12:24 - <Config> - No rules loaded from ET-emerging-icmp.rules.
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
31/10/2019 -- 15:12:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
31/10/2019 -- 15:12:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
31/10/2019 -- 15:12:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
31/10/2019 -- 15:12:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
31/10/2019 -- 15:12:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
31/10/2019 -- 15:12:28 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
31/10/2019 -- 15:12:28 - <Config> - No rules loaded from local.rules.
31/10/2019 -- 15:12:28 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
31/10/2019 -- 15:12:28 - <Info> - Threshold config parsed: 0 rule(s) found
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tcp-packet
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tcp-stream
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for udp-packet
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for other-ip
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_uri
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_request_line
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_client_body
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_response_line
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_header
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_header
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_header_names
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_header_names
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_accept
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_accept_enc
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_accept_lang
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_referer
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_connection
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_content_len
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_content_len
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_content_type
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_content_type
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_protocol
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_protocol
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_start
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_start
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_raw_header
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_raw_header
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_method
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_cookie
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_cookie
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_raw_uri
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_user_agent
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_host
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_raw_host
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_stat_msg
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_stat_code
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for dns_query
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tls_sni
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for dce_stub_data
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for dce_stub_data
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for ssh_protocol
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for ssh_protocol
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for ssh_software
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for ssh_software
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for file_data
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for file_data
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_request_line
31/10/2019 -- 15:12:28 - <Perf> - using shared mpm ctx' for http_response_line
31/10/2019 -- 15:12:28 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
31/10/2019 -- 15:12:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
31/10/2019 -- 15:12:28 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
31/10/2019 -- 15:12:28 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
31/10/2019 -- 15:12:28 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
31/10/2019 -- 15:12:28 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
31/10/2019 -- 15:12:28 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
31/10/2019 -- 15:12:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
31/10/2019 -- 15:12:29 - <Perf> - Unique rule groups: 111
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toserver TCP packet": 31
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toclient TCP packet": 20
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toserver TCP stream": 31
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toclient TCP stream": 21
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toserver UDP packet": 33
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "toclient UDP packet": 15
31/10/2019 -- 15:12:29 - <Perf> - Builtin MPM "other IP packet": 2
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_uri": 8
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_request_line": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_client_body": 6
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_response_line": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_header": 6
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_header": 3
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_header_names": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_accept": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_referer": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_content_len": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_content_type": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_content_type": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_start": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_method": 3
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_cookie": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_cookie": 2
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver http_host": 2
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver dns_query": 4
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver tls_sni": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toserver file_data": 1
31/10/2019 -- 15:12:29 - <Perf> - AppLayer MPM "toclient file_data": 5
31/10/2019 -- 15:12:30 - <Perf> - Registered 18241 rule profiling counters.
31/10/2019 -- 15:12:30 - <Info> - fast output device (regular) initialized: alert
31/10/2019 -- 15:12:30 - <Info> - eve-log output device (regular) initialized: eve.json
31/10/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'alert'
31/10/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'http'
31/10/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'dns'
31/10/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'tls'
31/10/2019 -- 15:12:30 - <Config> - enabling 'eve-log' module 'files'
31/10/2019 -- 15

This file has been truncated. Go here to download in full.


packet_stats.log - (7062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4      17          2583         17053762     1187716846     704268778       1819.1b   99.29
 IPv4     256             8        140068922      961810772     539112341          4.3b    0.24
 IPv6       0             8        139731510      961573822     537701055          4.3b    0.23
 IPv6     256             8        139731510      961573822     537701055          4.3b    0.23
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4      17          2583           168590       13883502        513268          1.3b   95.72
TMM_RECEIVEPCAPFILE         IPv4      17          2583             4434       22980246         17475         45.1m    3.26
TMM_DECODEPCAPFILE          IPv4      17          2583             4572          48856          5117         13.2m    0.95
TMM_FLOWWORKER              IPv6       0             8            98414         127746        111132        889.1k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4      17          2583             4762          88872          5595         14.5m  1.27  
app-layer               IPv4      17          2583             4554         109522         16249         42.0m  3.69  
detect                  IPv4      17          2583            97278       11528842        418359          1.1b  94.97 
detect                  IPv6       0             8            88834         117706        101210        809.7k  0.07  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
dns                     IPv4      17          2580             4762          76380          6104         15.7m  100.00
Proto detect            IPv4      17          2580             9942          66178         16901         43.6m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17          2577            27502       12884168         47048        121.2m  99.27 
LOGGER_JSON_VARS            IPv6     256             8            98414         127746        111132        889.1k  0.73  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4      17          2575             5524         492020         10590        27.3m  75.67 
dns_query                         IPv4      17          1289             4836          50608          6801         8.8m  24.33 
Total                             IPv4                  3864                                          9326        36.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4      17             8            20826         132290         54446        435.6k  0.04  
PROF_DETECT_RULES           IPv4      17          2583            13582        6517922        258509        667.7m  62.48 
PROF_DETECT_STATEFUL_START    IPv4      17           644            13964          44018         15943         10.3m  0.96  
PROF_DETECT_STATEFUL_CONT    IPv4      17          2583             4450          65398          6966         18.0m  1.68  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17          2577             4466        6439056          7469         19.2m  1.80  
PROF_DETECT_PREFILTER       IPv4      17          2583            13724        9168342         69522        179.6m  16.80 
PROF_DETECT_PF_PAYLOAD      IPv4      17          2575            14402         501438         20313         52.3m  4.89  
PROF_DETECT_PF_TX           IPv4      17          1289            13872        9147816         24217         31.2m  2.92  
PROF_DETECT_PF_SORT1        IPv4      17          2575             4572         439626          5783         14.9m  1.39  
PROF_DETECT_PF_SORT2        IPv4      17          2583             4484         105368          5100         13.2m  1.23  
PROF_DETECT_NONMPMLIST      IPv4      17          2583             4444          38752          5093         13.2m  1.23  
PROF_DETECT_ALERT           IPv4      17          2583             4428        8137408          8212         21.2m  1.98  
PROF_DETECT_CLEANUP         IPv4      17          2583             4422         422268          5142         13.3m  1.24  
PROF_DETECT_GETSGH          IPv4      17          2583             4424         423100          5334         13.8m  1.29  
PROF_DETECT_IPONLY          IPv6       0             8             5968          33024         17467        139.7k  0.01  
PROF_DETECT_RULES           IPv6       0             8             4442           4748          4527         36.2k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv6       0             8             4622           4746          4682         37.5k  0.00  
PROF_DETECT_PREFILTER       IPv6       0             8            13614          14290         14010        112.1k  0.01  
PROF_DETECT_PF_SORT2        IPv6       0             8             4440           4514          4476         35.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv6       0             8             4666           5470          4801         38.4k  0.00  
PROF_DETECT_ALERT           IPv6       0             8             4442           4578          4491         35.9k  0.00  
PROF_DETECT_CLEANUP         IPv6       0             8             4442           5418          4651         37.2k  0.00  
PROF_DETECT_GETSGH          IPv6       0             8             4694           5156          4928         39.4k  0.00  


stats.log - (2390 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
------------------------------------------------------------------------------------
Date: 10/31/2019 -- 15:12:32 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2589
decoder.bytes                              | Total                     | 221734
decoder.ipv4                               | Total                     | 2583
decoder.ipv6                               | Total                     | 8
decoder.ethernet                           | Total                     | 2589
decoder.udp                                | Total                     | 2583
decoder.teredo                             | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 85
decoder.max_pkt_size                       | Total                     | 96
flow.udp                                   | Total                     | 4
detect.mpm_list                            | Total                     | 10
detect.nonmpm_list                         | Total                     | 4
detect.fnonmpm_list                        | Total                     | 4
detect.match_list                          | Total                     | 15
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1289
app_layer.flow.failed_udp                  | Total                     | 3
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (774908 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{"timestamp":"2019-10-24T23:45:18.146330+0000","flow_id":1678553608240026,"pcap_cnt":1,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36107,"rrname":"ibbwnhgh.doc.boi","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-24T23:45:18.181859+0000","flow_id":1678553608240026,"pcap_cnt":2,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":36107,"rcode":"NXDOMAIN","rrname":"ibbwnhgh.doc.boi"}}
{"timestamp":"2019-10-24T23:45:18.182505+0000","flow_id":1678553608240026,"pcap_cnt":3,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46351,"rrname":"ibbwnhgh.doc.boi.localdomain","rrtype":"A","tx_id":1}}
{"timestamp":"2019-10-24T23:45:18.183207+0000","flow_id":1678553608240026,"pcap_cnt":4,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":46351,"rcode":"NXDOMAIN","rrname":"ibbwnhgh.doc.boi.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.184668+0000","flow_id":1678553608240026,"pcap_cnt":5,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18040,"rrname":"rbqdxflojkj.doc.boi","rrtype":"A","tx_id":2}}
{"timestamp":"2019-10-24T23:45:18.197677+0000","flow_id":1678553608240026,"pcap_cnt":6,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":18040,"rcode":"NXDOMAIN","rrname":"rbqdxflojkj.doc.boi"}}
{"timestamp":"2019-10-24T23:45:18.197969+0000","flow_id":1678553608240026,"pcap_cnt":7,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33765,"rrname":"rbqdxflojkj.doc.boi.localdomain","rrtype":"A","tx_id":3}}
{"timestamp":"2019-10-24T23:45:18.198777+0000","flow_id":1678553608240026,"pcap_cnt":8,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":33765,"rcode":"NXDOMAIN","rrname":"rbqdxflojkj.doc.boi.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.199139+0000","flow_id":1678553608240026,"pcap_cnt":9,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20185,"rrname":"smhburg.suricon.biz","rrtype":"A","tx_id":4}}
{"timestamp":"2019-10-24T23:45:18.221993+0000","flow_id":1678553608240026,"pcap_cnt":10,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":20185,"rcode":"NXDOMAIN","rrname":"smhburg.suricon.biz"}}
{"timestamp":"2019-10-24T23:45:18.222347+0000","flow_id":1678553608240026,"pcap_cnt":11,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20114,"rrname":"smhburg.suricon.biz.localdomain","rrtype":"A","tx_id":5}}
{"timestamp":"2019-10-24T23:45:18.223226+0000","flow_id":1678553608240026,"pcap_cnt":12,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":20114,"rcode":"NXDOMAIN","rrname":"smhburg.suricon.biz.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.223662+0000","flow_id":1678553608240026,"pcap_cnt":13,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26573,"rrname":"bltjhzqp.suricon.biz","rrtype":"A","tx_id":6}}
{"timestamp":"2019-10-24T23:45:18.228804+0000","flow_id":1678553608240026,"pcap_cnt":14,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":26573,"rcode":"NXDOMAIN","rrname":"bltjhzqp.suricon.biz"}}
{"timestamp":"2019-10-24T23:45:18.229093+0000","flow_id":1678553608240026,"pcap_cnt":15,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58703,"rrname":"bltjhzqp.suricon.biz.localdomain","rrtype":"A","tx_id":7}}
{"timestamp":"2019-10-24T23:45:18.229729+0000","flow_id":1678553608240026,"pcap_cnt":16,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":58703,"rcode":"NXDOMAIN","rrname":"bltjhzqp.suricon.biz.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.230051+0000","flow_id":1678553608240026,"pcap_cnt":17,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11035,"rrname":"clwafrfuuxq.patpoopy.zw","rrtype":"A","tx_id":8}}
{"timestamp":"2019-10-24T23:45:18.260742+0000","flow_id":1678553608240026,"pcap_cnt":18,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":11035,"rcode":"NXDOMAIN","rrname":"clwafrfuuxq.patpoopy.zw"}}
{"timestamp":"2019-10-24T23:45:18.261008+0000","flow_id":1678553608240026,"pcap_cnt":19,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13549,"rrname":"clwafrfuuxq.patpoopy.zw.localdomain","rrtype":"A","tx_id":9}}
{"timestamp":"2019-10-24T23:45:18.261585+0000","flow_id":1678553608240026,"pcap_cnt":20,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":13549,"rcode":"NXDOMAIN","rrname":"clwafrfuuxq.patpoopy.zw.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.261867+0000","flow_id":1678553608240026,"pcap_cnt":21,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55606,"rrname":"cffxugijxn.patpoopy.zw","rrtype":"A","tx_id":10}}
{"timestamp":"2019-10-24T23:45:18.271577+0000","flow_id":1678553608240026,"pcap_cnt":22,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":55606,"rcode":"NXDOMAIN","rrname":"cffxugijxn.patpoopy.zw"}}
{"timestamp":"2019-10-24T23:45:18.271800+0000","flow_id":1678553608240026,"pcap_cnt":23,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54015,"rrname":"cffxugijxn.patpoopy.zw.localdomain","rrtype":"A","tx_id":11}}
{"timestamp":"2019-10-24T23:45:18.274013+0000","flow_id":1678553608240026,"pcap_cnt":24,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":54015,"rcode":"NXDOMAIN","rrname":"cffxugijxn.patpoopy.zw.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.274294+0000","flow_id":1678553608240026,"pcap_cnt":25,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61414,"rrname":"ivxcxbj.garfield.ihm","rrtype":"A","tx_id":12}}
{"timestamp":"2019-10-24T23:45:18.295987+0000","flow_id":1678553608240026,"pcap_cnt":26,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":61414,"rcode":"NXDOMAIN","rrname":"ivxcxbj.garfield.ihm"}}
{"timestamp":"2019-10-24T23:45:18.296376+0000","flow_id":1678553608240026,"pcap_cnt":27,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23059,"rrname":"ivxcxbj.garfield.ihm.localdomain","rrtype":"A","tx_id":13}}
{"timestamp":"2019-10-24T23:45:18.297041+0000","flow_id":1678553608240026,"pcap_cnt":28,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":23059,"rcode":"NXDOMAIN","rrname":"ivxcxbj.garfield.ihm.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.297338+0000","flow_id":1678553608240026,"pcap_cnt":29,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65200,"rrname":"etllejr.garfield.ihm","rrtype":"A","tx_id":14}}
{"timestamp":"2019-10-24T23:45:18.306587+0000","flow_id":1678553608240026,"pcap_cnt":30,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":65200,"rcode":"NXDOMAIN","rrname":"etllejr.garfield.ihm"}}
{"timestamp":"2019-10-24T23:45:18.308418+0000","flow_id":1678553608240026,"pcap_cnt":31,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58083,"rrname":"etllejr.garfield.ihm.localdomain","rrtype":"A","tx_id":15}}
{"timestamp":"2019-10-24T23:45:18.309306+0000","flow_id":1678553608240026,"pcap_cnt":32,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":58083,"rcode":"NXDOMAIN","rrname":"etllejr.garfield.ihm.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.309918+0000","flow_id":1678553608240026,"pcap_cnt":33,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13946,"rrname":"otpxmk.doc.boi","rrtype":"A","tx_id":16}}
{"timestamp":"2019-10-24T23:45:18.318343+0000","flow_id":1678553608240026,"pcap_cnt":34,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":13946,"rcode":"NXDOMAIN","rrname":"otpxmk.doc.boi"}}
{"timestamp":"2019-10-24T23:45:18.318543+0000","flow_id":1678553608240026,"pcap_cnt":35,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2284,"rrname":"otpxmk.doc.boi.localdomain","rrtype":"A","tx_id":17}}
{"timestamp":"2019-10-24T23:45:18.319674+0000","flow_id":1678553608240026,"pcap_cnt":36,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":2284,"rcode":"NXDOMAIN","rrname":"otpxmk.doc.boi.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.320359+0000","flow_id":1678553608240026,"pcap_cnt":37,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10768,"rrname":"ejfjyd.doc.boi","rrtype":"A","tx_id":18}}
{"timestamp":"2019-10-24T23:45:18.328941+0000","flow_id":1678553608240026,"pcap_cnt":38,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":10768,"rcode":"NXDOMAIN","rrname":"ejfjyd.doc.boi"}}
{"timestamp":"2019-10-24T23:45:18.329199+0000","flow_id":1678553608240026,"pcap_cnt":39,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5130,"rrname":"ejfjyd.doc.boi.localdomain","rrtype":"A","tx_id":19}}
{"timestamp":"2019-10-24T23:45:18.329748+0000","flow_id":1678553608240026,"pcap_cnt":40,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":5130,"rcode":"NXDOMAIN","rrname":"ejfjyd.doc.boi.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.330026+0000","flow_id":1678553608240026,"pcap_cnt":41,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41385,"rrname":"ggwypum.suricon.biz","rrtype":"A","tx_id":20}}
{"timestamp":"2019-10-24T23:45:18.338035+0000","flow_id":1678553608240026,"pcap_cnt":42,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":41385,"rcode":"NXDOMAIN","rrname":"ggwypum.suricon.biz"}}
{"timestamp":"2019-10-24T23:45:18.338326+0000","flow_id":1678553608240026,"pcap_cnt":43,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11696,"rrname":"ggwypum.suricon.biz.localdomain","rrtype":"A","tx_id":21}}
{"timestamp":"2019-10-24T23:45:18.339553+0000","flow_id":1678553608240026,"pcap_cnt":44,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":11696,"rcode":"NXDOMAIN","rrname":"ggwypum.suricon.biz.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.339821+0000","flow_id":1678553608240026,"pcap_cnt":45,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34730,"rrname":"mnkzof.suricon.biz","rrtype":"A","tx_id":22}}
{"timestamp":"2019-10-24T23:45:18.362358+0000","flow_id":1678553608240026,"pcap_cnt":46,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":34730,"rcode":"NXDOMAIN","rrname":"mnkzof.suricon.biz"}}
{"timestamp":"2019-10-24T23:45:18.362615+0000","flow_id":1678553608240026,"pcap_cnt":47,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54356,"rrname":"mnkzof.suricon.biz.localdomain","rrtype":"A","tx_id":23}}
{"timestamp":"2019-10-24T23:45:18.363148+0000","flow_id":1678553608240026,"pcap_cnt":48,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NXDOMAIN","rrname":"mnkzof.suricon.biz.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.363406+0000","flow_id":1678553608240026,"pcap_cnt":49,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39088,"rrname":"xirlum.patpoopy.zw","rrtype":"A","tx_id":24}}
{"timestamp":"2019-10-24T23:45:18.375604+0000","flow_id":1678553608240026,"pcap_cnt":50,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":39088,"rcode":"NXDOMAIN","rrname":"xirlum.patpoopy.zw"}}
{"timestamp":"2019-10-24T23:45:18.375814+0000","flow_id":1678553608240026,"pcap_cnt":51,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4793,"rrname":"xirlum.patpoopy.zw.localdomain","rrtype":"A","tx_id":25}}
{"timestamp":"2019-10-24T23:45:18.376723+0000","flow_id":1678553608240026,"pcap_cnt":52,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":4793,"rcode":"NXDOMAIN","rrname":"xirlum.patpoopy.zw.localdomain"}}
{"timestamp":"2019-10-24T23:45:18.377155+0000","flow_id":1678553608240026,"pcap_cnt":53,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20524,"rrname":"adhbtib.patpoopy.zw","rrtype":"A","tx_id":26}}
{"timestamp":"2019-10-24T23:45:18.403606+0000","flow_id":1678553608240026,"pcap_cnt":54,"event_type":"dns","src_ip":"172.16.130.2","src_port":53,"dest_ip":"172.16.130.138","dest_port":41278,"proto":"UDP","dns":{"type":"answer","id":20524,"rcode":"NXDOMAIN","rrname":"adhbtib.patpoopy.zw"}}
{"timestamp":"2019-10-24T23:45:18.403850+0000","flow_id":1678553608240026,"pcap_cnt":55,"event_type":"dns","src_ip":"172.16.130.138","src_port":41278,"dest_ip":"172.16.130.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62886,"rrname":"adhbtib.patpoopy.zw.localdomain","rrtype":"A","tx_id":27}}
{"timestamp":"2019-10-24T23:45:18.406092+00

This file has been truncated. Go here to download in full.


keyword_perf.log - (2732 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/31/2019 -- 15:12:32
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          54361038        9635            7707            4217174         5642.00         5187.00         7457.00        
  byte_test        49926638        8995            3855            5244634         5550.00         5114.00         5877.00        
  isdataat         19018266        3852            0               299598          4937.00         0.00            4937.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          50699710        8991            7707            4217174         5638.00         5187.00         8346.00        
  byte_test        49926638        8995            3855            5244634         5550.00         5114.00         5877.00        
  isdataat         19018266        3852            0               299598          4937.00         0.00            4937.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3661328         644             0               26608           5685.00         0.00            5685.00        


suricata-4.0.0-etopen-all-perf.txt-2019-10-31-T-15-12-32-10312019.1512-datas.pcap.txt - (5079 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  --------------------------------------------------------------------------
  Date: 10/31/2019 -- 15:12:32. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022543      1        1        38547796     8.47   1284     0        6329340     30021.65    0.00        30021.65   
  2        2009702      1        5        57022954     12.53  2572     0        5842884     22170.67    0.00        22170.67   
  3        2014703      1        9        44066820     9.68   2572     0        5265938     17133.29    0.00        17133.29   
  4        2014701      1        12       56268440     12.36  2572     0        5030884     21877.31    0.00        21877.31   
  5        2010143      1        3        30326190     6.66   2572     0        4228156     11790.90    0.00        11790.90   
  6        2022545      1        1        32346818     7.11   1284     0        479872      25192.23    0.00        25192.23   
  7        2022531      1        1        32080076     7.05   1284     0        455856      24984.48    0.00        24984.48   
  8        2008120      1        4        13114712     2.88   2569     0        210234      5104.99     0.00        5104.99    
  9        2025200      1        1        13085202     2.87   2577     0        152816      5077.69     0.00        5077.69    
  10       2014702      1        9        38168754     8.38   2572     0        105408      14840.11    0.00        14840.11   
  11       2023626      1        3        5905110      1.30   1181     0        87342       5000.09     0.00        5000.09    
  12       2023624      1        3        10261328     2.25   2105     0        76790       4874.74     0.00        4874.74    
  13       2023627      1        3        6301236      1.38   1284     0        76356       4907.50     0.00        4907.50    
  14       2023625      1        3        10290960     2.26   2108     0        64328       4881.86     0.00        4881.86    
  15       2023622      1        3        10324886     2.27   2115     0        60378       4881.74     0.00        4881.74    
  16       2025105      1        2        8130366      1.79   320      0        55064       25407.39    0.00        25407.39   
  17       2014169      1        2        8434636      1.85   324      0        53174       26032.83    0.00        26032.83   
  18       2010140      1        7        12886656     2.83   2572     0        49328       5010.36     0.00        5010.36    
  19       2013075      1        8        6364306      1.40   1285     0        29204       4952.77     0.00        4952.77    
  20       2010142      1        4        12244436     2.69   2572     0        28786       4760.67     0.00        4760.67    
  21       2023623      1        3        7909102      1.74   1658     0        25068       4770.27     0.00        4770.27    
  22       2023618      1        3        108426       0.02   19       0        23932       5706.63     0.00        5706.63    
  23       2023615      1        3        121624       0.03   22       0        22978       5528.36     0.00        5528.36    
  24       2023614      1        3        140424       0.03   22       0        21708       6382.91     0.00        6382.91    
  25       2023453      1        5        150802       0.03   32       0        7810        4712.56     0.00        4712.56    
  26       2008116      1        4        12608        0.00   2        0        6708        6304.00     0.00        6304.00    
  27       2101892      1        7        11604        0.00   2        0        6604        5802.00     0.00        5802.00    
  28       2023612      1        4        68036        0.01   14       0        6426        4859.71     0.00        4859.71    
  29       2023620      1        3        104822       0.02   22       0        5950        4764.64     0.00        4764.64    
  30       2023621      1        4        87540        0.02   19       0        5908        4607.37     0.00        4607.37    
  31       2023619      1        3        90882        0.02   20       0        5640        4544.10     0.00        4544.10    
  32       2023616      1        3        102602       0.02   22       0        5634        4663.73     0.00        4663.73    
  33       2023613      1        3        101834       0.02   22       0        5526        4628.82     0.00        4628.82    
  34       2100518      1        8        10104        0.00   2        0        5098        5052.00     0.00        5052.00    
  35       2023617      1        3        54164        0.01   12       0        4702        4513.67     0.00        4513.67    
  36       2013739      1        15       13836        0.00   3        0        4700        4612.00     0.00        4612.00    


IDSDeathBlossom.py.log - (1148 bytes) - download
1
2
3
4
5
6
7
8
2019-10-31 15:12:22,018 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-31 15:12:22,800 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-31 15:12:22,800 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-10-31 15:12:22,801 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-31 15:12:22,801 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-31 15:12:22,801 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/746e4783e17a2b45ed0b147a302c1de2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/10312019.1512-datas.pcap -vvv -k none
2019-10-31 15:12:32,172 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-31 15:12:32,173 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.1630837917