Filename: eternalblue-failed-patched-win7.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.948843956 seconds
Hash: 76fc9162be1778bd0b388c9911eabbed
Uploaded: 1558092052

Logfiles


packet_stats.log - (8315 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             5          2048079        3402039       2896363         14.5m    1.08
 IPv4       2             5         37313464       40061933      38835468        194.2m   14.52
 IPv4      17            54          2458457       40986718      20901912          1.1b   84.40
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             5           151234         292455        184821        924.1k    3.37
TMM_FLOWWORKER              IPv4       2             5           102042         498953        188790        944.0k    3.44
TMM_FLOWWORKER              IPv4      17            54           150475       10194359        464527         25.1m   91.52
TMM_RECEIVEPCAPFILE         IPv4       1             5             3004           3783          3251         16.3k    0.06
TMM_RECEIVEPCAPFILE         IPv4       2             5             2934           3228          3124         15.6k    0.06
TMM_RECEIVEPCAPFILE         IPv4      17            54             2906           3962          3295        178.0k    0.65
TMM_DECODEPCAPFILE          IPv4       1             5             3047          23735          7525         37.6k    0.14
TMM_DECODEPCAPFILE          IPv4       2             5             3043           3873          3259         16.3k    0.06
TMM_DECODEPCAPFILE          IPv4      17            54             3052          21545          3588        193.8k    0.71

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4      17            54             3199          32570          4838        261.3k  1.00  
app-layer               IPv4      17            54             2877          22495          4317        233.1k  0.89  
detect                  IPv4       1             5           144642         286134        178230        891.2k  3.41  
detect                  IPv4       2             5            95852         491837        182090        910.5k  3.49  
detect                  IPv4      17            54           131231       10162454        440774         23.8m  91.20 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4      17             6             3378          14786          6920         41.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             5             3807          29220          9285        46.4k  6.31  
payload                           IPv4      17            54             3881          80498         12764       689.3k  93.69 
Total                             IPv4                    59                                         12469       735.7k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             5            41641          78700         52835        264.2k  1.04  
PROF_DETECT_IPONLY          IPv4       2             5            41791         435432        126855        634.3k  2.50  
PROF_DETECT_IPONLY          IPv4      17             7            42365          80938         52253        365.8k  1.44  
PROF_DETECT_RULES           IPv4       1             5            33117         105450         48292        241.5k  0.95  
PROF_DETECT_RULES           IPv4       2             5             2892           3096          2959         14.8k  0.06  
PROF_DETECT_RULES           IPv4      17            54            63481       10083442        334598         18.1m  71.26 
PROF_DETECT_STATEFUL_CONT    IPv4       1             5             2877           3207          3004         15.0k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv4       2             5             2894           3327          2993         15.0k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv4      17            54             2862          33014          4771        257.7k  1.02  
PROF_DETECT_PREFILTER       IPv4       1             5            27657          59147         34309        171.5k  0.68  
PROF_DETECT_PREFILTER       IPv4       2             5             9255          10368          9682         48.4k  0.19  
PROF_DETECT_PREFILTER       IPv4      17            54            27888         508503         49213          2.7m  10.48 
PROF_DETECT_PF_PAYLOAD      IPv4       1             5             9573          35292         15182         75.9k  0.30  
PROF_DETECT_PF_PAYLOAD      IPv4      17            54             9888          86530         19980          1.1m  4.26  
PROF_DETECT_PF_SORT1        IPv4       1             5             2889           3529          3040         15.2k  0.06  
PROF_DETECT_PF_SORT1        IPv4      17            54             3188           6067          3850        207.9k  0.82  
PROF_DETECT_PF_SORT2        IPv4       1             5             2909           4695          3279         16.4k  0.06  
PROF_DETECT_PF_SORT2        IPv4       2             5             2877           3290          3021         15.1k  0.06  
PROF_DETECT_PF_SORT2        IPv4      17            54             2919           5006          3237        174.8k  0.69  
PROF_DETECT_NONMPMLIST      IPv4       1             5             2890           3205          3093         15.5k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       2             5             2891           3250          3117         15.6k  0.06  
PROF_DETECT_NONMPMLIST      IPv4      17            54             2879          27072          3644        196.8k  0.78  
PROF_DETECT_ALERT           IPv4       1             5             2890           3065          2938         14.7k  0.06  
PROF_DETECT_ALERT           IPv4       2             5             2886           3185          2961         14.8k  0.06  
PROF_DETECT_ALERT           IPv4      17            54             2884          21956          3434        185.5k  0.73  
PROF_DETECT_CLEANUP         IPv4       1             5             2868           3555          3097         15.5k  0.06  
PROF_DETECT_CLEANUP         IPv4       2             5             2868           2921          2886         14.4k  0.06  
PROF_DETECT_CLEANUP         IPv4      17            54             2875          38982          4379        236.5k  0.93  
PROF_DETECT_GETSGH          IPv4       1             5             2893           3176          3098         15.5k  0.06  
PROF_DETECT_GETSGH          IPv4       2             5             2890           3398          3168         15.8k  0.06  
PROF_DETECT_GETSGH          IPv4      17            54             2875          25832          5139        277.5k  1.09  


suricata-report-2019-05-17-T-11-21-18-05172019.1120-eternalblue-failed-patched-win7.pcap.txt - (17694 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/76fc9162be1778bd0b388c9911eabbed56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1120-eternalblue-failed-patched-win7.pcap -vvv -k none
elapsedtime:24.981240
stderr:
stdout:
17/5/2019 -- 11:20:53 - <Info> - Configuration node 'rule-files' redefined.
17/5/2019 -- 11:20:53 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/5/2019 -- 11:20:53 - <Info> - CPUs/cores online: 1
17/5/2019 -- 11:20:53 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33761 and 'request-body-inspect-window' set to 16998 after randomization.
17/5/2019 -- 11:20:53 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31845 and 'response-body-inspect-window' set to 16265 after randomization.
17/5/2019 -- 11:20:53 - <Config> - DNS request flood protection level: 500
17/5/2019 -- 11:20:53 - <Config> - DNS per flow memcap (state-memcap): 524288
17/5/2019 -- 11:20:53 - <Config> - DNS global memcap: 16777216
17/5/2019 -- 11:20:53 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/5/2019 -- 11:20:53 - <Config> - preallocated 1000 hosts of size 136
17/5/2019 -- 11:20:53 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/5/2019 -- 11:20:53 - <Config> - using magic-file /usr/share/file/magic
17/5/2019 -- 11:20:53 - <Config> - Core dump size is unlimited.
17/5/2019 -- 11:20:53 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/5/2019 -- 11:20:53 - <Config> - preallocated 1000 defrag trackers of size 168
17/5/2019 -- 11:20:53 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/5/2019 -- 11:20:53 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/5/2019 -- 11:20:53 - <Config> - stream "memcap": 33554432
17/5/2019 -- 11:20:53 - <Config> - stream "midstream" session pickups: disabled
17/5/2019 -- 11:20:53 - <Config> - stream "async-oneside": disabled
17/5/2019 -- 11:20:53 - <Config> - stream "checksum-validation": disabled
17/5/2019 -- 11:20:53 - <Config> - stream."inline": disabled
17/5/2019 -- 11:20:53 - <Config> - stream "bypass": disabled
17/5/2019 -- 11:20:53 - <Config> - stream "max-synack-queued": 5
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly "memcap": 134217728
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly "depth": 0
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly "toserver-chunk-size": 2488
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly "toclient-chunk-size": 2589
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly.raw: enabled
17/5/2019 -- 11:20:53 - <Config> - stream.reassembly "segment-prealloc": 2048
17/5/2019 -- 11:20:53 - <Config> - Delayed detect disabled
17/5/2019 -- 11:20:53 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/5/2019 -- 11:20:53 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/5/2019 -- 11:20:53 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/5/2019 -- 11:20:53 - <Config> - prefilter engines: MPM
17/5/2019 -- 11:20:53 - <Config> - IP reputation disabled
17/5/2019 -- 11:20:53 - <Perf> - Registered 148 keyword profiling counters.
17/5/2019 -- 11:20:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/5/2019 -- 11:20:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/5/2019 -- 11:20:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/5/2019 -- 11:20:58 - <Config> - No rules loaded from ET-icmp.rules.
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/5/2019 -- 11:20:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/5/2019 -- 11:20:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/5/2019 -- 11:20:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/5/2019 -- 11:20:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/5/2019 -- 11:21:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/5/2019 -- 11:21:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/5/2019 -- 11:21:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/5/2019 -- 11:21:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/5/2019 -- 11:21:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/5/2019 -- 11:21:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/5/2019 -- 11:21:06 - <Config> - No rules loaded from local.rules.
17/5/2019 -- 11:21:06 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/5/2019 -- 11:21:06 - <Info> - Threshold config parsed: 0 rule(s) found
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tcp-packet
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tcp-stream
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for udp-packet
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for other-ip
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_uri
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_client_body
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_accept
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_accept_enc
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_accept_lang
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_referer
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_connection
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_method
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_raw_uri
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_user_agent
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_host
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_raw_host
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_stat_msg
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_stat_code
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for dns_query
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tls_sni
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:21:06 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:21:06 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/5/2019 -- 11:21:06 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/5/2019 -- 11:21:07 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/5/2019 -- 11:21:07 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/5/2019 -- 11:21:07 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/5/2019 -- 11:21:07 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/5/2019 -- 11:21:07 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/5/2019 -- 11:21:07 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/5/2019 -- 11:21:14 - <Perf> - Unique rule groups: 104
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/5/2019 -- 11:21:14 - <Perf> - Builtin MPM "other IP packet": 3
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_header": 10
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_header": 6
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_start": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_method": 5
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver http_host": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toserver file_data": 1
17/5/2019 -- 11:21:14 - <Perf> - AppLayer MPM "toclient file_data": 7
17/5/2019 -- 11:21:17 - <Perf> - Registered 39590 rule profiling counters.
17/5/2019 -- 11:21:17 - <Info> - fast output device (regular) initialized: alert
17/5/2019 -- 11:21:17 - <Info> - eve-log output device (regular) initialized: eve.json
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'alert'
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'http'
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'dns'
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'tls'
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'files'
17/5/2019 -- 11:21:17 - <Config> - enabling 'eve-log' module 'ssh'
17/5/2019 -- 11:21:17 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/5/2019 -- 11:21:17 - <Info> - stats output device (regular) initialized: stats.log
17/5/2019 -- 11:21:17 - <Config> - AutoFP mode using "Hash" flow load balancer
17/5/2019 -- 11:21:17 - <Info> - reading pcap file /var/pcap/05172019.1120-eternalblue-failed-patched-win7.pcap
17/5/2019 -- 11:21:17 - <Config> - using 1 flow

This file has been truncated. Go here to download in full.


stats.log - (2077 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
------------------------------------------------------------------------------------
Date: 5/17/2019 -- 11:21:18 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 82
decoder.bytes                              | Total                     | 9833
decoder.ipv4                               | Total                     | 64
decoder.ethernet                           | Total                     | 82
decoder.udp                                | Total                     | 54
decoder.icmpv4                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 119
decoder.max_pkt_size                       | Total                     | 342
flow.udp                                   | Total                     | 6
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.failed_udp                  | Total                     | 6
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075168


suricata-4.0.0-etpro-all-perf.txt-2019-05-17-T-11-21-18-05172019.1120-eternalblue-failed-patched-win7.pcap.txt - (5974 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
  --------------------------------------------------------------------------
  Date: 5/17/2019 -- 11:21:18. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2008120      1        4        10041988     70.98  52       0        9850176     193115.15   0.00        193115.15  
  2        2010142      1        4        618404       4.37   54       0        400395      11451.93    0.00        11451.93   
  3        2023613      1        3        170916       1.21   20       0        109861      8545.80     0.00        8545.80    
  4        2816764      1        3        162562       1.15   5        0        75013       32512.40    0.00        32512.40   
  5        2805348      1        4        787339       5.57   15       0        70712       52489.27    0.00        52489.27   
  6        2023622      1        3        194459       1.37   49       0        36932       3968.55     0.00        3968.55    
  7        2010143      1        3        200009       1.41   54       0        35932       3703.87     0.00        3703.87    
  8        2010140      1        7        253982       1.80   54       0        32559       4703.37     0.00        4703.37    
  9        2023617      1        3        33390        0.24   2        0        30273       16695.00    0.00        16695.00   
  10       2022973      1        1        26250        0.19   1        0        26250       26250.00    0.00        26250.00   
  11       2013739      1        15       179342       1.27   54       0        17286       3321.15     0.00        3321.15    
  12       2023626      1        3        158293       1.12   53       0        4875        2986.66     0.00        2986.66    
  13       2802822      1        1        46600        0.33   15       0        4476        3106.67     0.00        3106.67    
  14       2023627      1        3        148405       1.05   49       0        4240        3028.67     0.00        3028.67    
  15       2815579      1        2        17089        0.12   5        0        4156        3417.80     0.00        3417.80    
  16       2009243      1        2        103305       0.73   33       0        4144        3130.45     0.00        3130.45    
  17       2008118      1        3        101731       0.72   33       0        4013        3082.76     0.00        3082.76    
  18       2100518      1        8        46298        0.33   15       0        3901        3086.53     0.00        3086.53    
  19       2023619      1        3        60193        0.43   20       0        3831        3009.65     0.00        3009.65    
  20       2802205      1        3        46391        0.33   15       0        3831        3092.73     0.00        3092.73    
  21       2019010      1        3        46590        0.33   15       0        3817        3106.00     0.00        3106.00    
  22       2008116      1        4        45991        0.33   15       0        3763        3066.07     0.00        3066.07    
  23       2019017      1        3        45407        0.32   15       0        3685        3027.13     0.00        3027.13    
  24       2102257      1        10       7164         0.05   2        0        3647        3582.00     0.00        3582.00    
  25       2023625      1        3        103907       0.73   35       0        3644        2968.77     0.00        2968.77    
  26       2009702      1        5        3624         0.03   1        0        3624        3624.00     0.00        3624.00    
  27       2016178      1        2        7014         0.05   2        0        3623        3507.00     0.00        3507.00    
  28       2019011      1        3        46005        0.33   15       0        3591        3067.00     0.00        3067.00    
  29       2008117      1        3        45374        0.32   15       0        3570        3024.93     0.00        3024.93    
  30       2016179      1        2        6956         0.05   2        0        3543        3478.00     0.00        3478.00    
  31       2023618      1        3        3538         0.03   1        0        3538        3538.00     0.00        3538.00    
  32       2016181      1        2        6941         0.05   2        0        3537        3470.50     0.00        3470.50    
  33       2019016      1        3        45274        0.32   15       0        3455        3018.27     0.00        3018.27    
  34       2014702      1        9        3452         0.02   1        0        3452        3452.00     0.00        3452.00    
  35       2023624      1        3        146817       1.04   50       0        3420        2936.34     0.00        2936.34    
  36       2014701      1        12       3412         0.02   1        0        3412        3412.00     0.00        3412.00    
  37       2023612      1        4        6567         0.05   2        0        3352        3283.50     0.00        3283.50    
  38       2014703      1        9        3351         0.02   1        0        3351        3351.00     0.00        3351.00    
  39       2801347      1        5        15101        0.11   5        0        3269        3020.20     0.00        3020.20    
  40       2023623      1        3        140898       1.00   48       0        3269        2935.38     0.00        2935.38    
  41       2023615      1        3        2892         0.02   1        0        2892        2892.00     0.00        2892.00    
  42       2023620      1        3        8666         0.06   3        0        2892        2888.67     0.00        2888.67    
  43       2023614      1        3        5778         0.04   2        0        2890        2889.00     0.00        2889.00    


keyword_perf.log - (2314 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/17/2019 -- 11:21:18
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          234982          61              42              22672           3852.00         4120.00         3259.00        
  pcre             61883           11              0               25354           5625.00         0.00            5625.00        
  byte_test        147036          45              45              6270            3267.00         3267.00         0.00           
  byte_jump        47266           15              15              4002            3151.00         3151.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          234982          61              42              22672           3852.00         4120.00         3259.00        
  pcre             61883           11              0               25354           5625.00         0.00            5625.00        
  byte_test        147036          45              45              6270            3267.00         3267.00         0.00           
  byte_jump        47266           15              15              4002            3151.00         3151.00         0.00           


IDSDeathBlossom.py.log - (1171 bytes) - download
1
2
3
4
5
6
7
8
2019-05-17 11:20:52,555 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-17 11:20:53,311 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-17 11:20:53,312 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-17 11:20:53,312 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-17 11:20:53,313 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-17 11:20:53,313 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/76fc9162be1778bd0b388c9911eabbed56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1120-eternalblue-failed-patched-win7.pcap -vvv -k none
2019-05-17 11:21:18,296 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-17 11:21:18,297 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.7510359287