Filename: dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.7229180336 seconds
Hash: 7c31dcb29bc95885ed2356649fb27127
Uploaded: 1549278800

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-02-04-T-11-13-42-02042019.1111-dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap.txt - (105173 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:13:42. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2822533      1        2        8526054      1.89   1        0        8526054     8526054.00  0.00        8526054.00 
  2        2814978      1        2        37110359     8.24   207      0        6438296     179277.10   0.00        179277.10  
  3        2021749      1        6        31103642     6.91   171      0        5909714     181892.64   0.00        181892.64  
  4        2017935      1        3        7062864      1.57   406      0        5879336     17396.22    0.00        17396.22   
  5        2018457      1        1        10489439     2.33   152      0        5840315     69009.47    0.00        69009.47   
  6        2020790      1        2        5007006      1.11   3        0        4959564     1669002.00  0.00        1669002.00 
  7        2822213      1        2        19606221     4.35   207      0        4082440     94716.04    0.00        94716.04   
  8        2823140      1        2        1011523      0.22   2        0        520048      505761.50   0.00        505761.50  
  9        2820157      1        2        477083       0.11   1        0        477083      477083.00   0.00        477083.00  
  10       2820158      1        2        440066       0.10   1        0        440066      440066.00   0.00        440066.00  
  11       2812339      1        2        396704       0.09   1        0        396704      396704.00   0.00        396704.00  
  12       2023484      1        2        358975       0.08   1        0        358975      358975.00   0.00        358975.00  
  13       2809314      1        3        632056       0.14   2        0        327945      316028.00   0.00        316028.00  
  14       2021993      1        2        305895       0.07   1        0        305895      305895.00   0.00        305895.00  
  15       2025185      1        3        2171049      0.48   18       0        303017      120613.83   0.00        120613.83  
  16       2814979      1        2        19369935     4.30   207      0        290545      93574.57    0.00        93574.57   
  17       2021621      1        6        2452853      0.54   13       0        283181      188681.00   0.00        188681.00  
  18       2023476      1        5        1784596      0.40   9        0        267468      198288.44   0.00        198288.44  
  19       2809198      1        2        378907       0.08   2        0        220221      189453.50   0.00        189453.50  
  20       2808988      1        6        418709       0.09   2        0        217429      209354.50   0.00        209354.50  
  21       2808299      1        5        211940       0.05   1        0        211940      211940.00   0.00        211940.00  
  22       2809197      1        2        915108       0.20   8        0        208984      114388.50   0.00        114388.50  
  23       2806635      1        2        372109       0.08   2        0        208603      186054.50   0.00        186054.50  
  24       2809740      1        5        426682       0.09   3        0        206118      142227.33   0.00        142227.33  
  25       2822531      1        2        1623976      0.36   14       0        191759      115998.29   0.00        115998.29  
  26       2017502      1        2        471661       0.10   3        0        185384      157220.33   0.00        157220.33  
  27       2017479      1        5        348225       0.08   2        0        184030      174112.50   0.00        174112.50  
  28       2814832      1        2        1324032      0.29   16       0        183380      82752.00    0.00        82752.00   
  29       2827748      1        2        508979       0.11   3        0        181375      169659.67   0.00        169659.67  
  30       2017480      1        5        353201       0.08   2        0        179839      176600.50   0.00        176600.50  
  31       2806634      1        2        354198       0.08   2        0        177331      177099.00   0.00        177099.00  
  32       2822527      1        2        799558       0.18   7        0        176343      114222.57   0.00        114222.57  
  33       2020865      1        3        174533       0.04   1        0        174533      174533.00   0.00        174533.00  
  34       2017478      1        4        336400       0.07   2        0        173887      168200.00   0.00        168200.00  
  35       2808755      1        5        716983       0.16   7        0        173291      102426.14   0.00        102426.14  
  36       2816910      1        2        3289171      0.73   51       0        172207      64493.55    0.00        64493.55   
  37       2018005      1        6        12945097     2.87   207      0        168017      62536.70    0.00        62536.70   
  38       2815269      1        2        1538752      0.34   21       0        166122      73273.90    0.00        73273.90   
  39       2820600      1        2        1298859      0.29   12       0        165753      108238.25   0.00        108238.25  
  40       2017500      1        2        437274       0.10   3        0        162071      145758.00   0.00        145758.00  
  41       2823838      1        2        160826       0.04   1        0        160826      160826.00   0.00        160826.00  
  42       2017499      1        2        419267       0.09   3        0        156225      139755.67   0.00        139755.67  
  43       2819683      1        2        823071       0.18   8        0        155999      102883.88   0.00        102883.88  
  44       2828863      1        2        1103817      0.25   13       0        153627      84909.00    0.00        84909.00   
  45       2828865      1        2        1510774      0.34   18       0        152563      83931.89    0.00        83931.89   
  46       2829230      1        2        1770835      0.39   18       0        150509      98379.72    0.00        98379.72   
  47       2017501      1        2        438397       0.10   3        0        147122      146132.33   0.00        146132.33  
  48       2822534      1        2        145111       0.03   1        0        145111      145111.00   0.00        145111.00  
  49       2822102      1        3        599586       0.13   6        0        143910      99931.00    0.00        99931.00   
  50       2827094      1        2        384199       0.09   3        0        143144      128066.33   0.00        128066.33  
  51       2816847      1        6        466264       0.10   7        0        142627      66609.14    0.00        66609.14   
  52       2816933      1        2        504982       0.11   7        0        141923      72140.29    0.00        72140.29   
  53       2018342      1        2        141892       0.03   1        0        141892      141892.00   0.00        141892.00  
  54       2806015      1        2        266906       0.06   2        0        139595      133453.00   0.00        133453.00  
  55       2806489      1        2        250916       0.06   2        0        137786      125458.00   0.00        125458.00  
  56       2816930      1        4        1608987      0.36   51       0        136709      31548.76    0.00        31548.76   
  57       2814480      1        2        319726       0.07   3        0        134014      106575.33   0.00        106575.33  
  58       2807657      1        3        254129       0.06   2        0        132739      127064.50   0.00        127064.50  
  59       2807803      1        3        263516       0.06   2        0        132132      131758.00   0.00        131758.00  
  60       2018147      1        2        240488       0.05   2        0        132002      120244.00   0.00        120244.00  
  61       2816608      1        4        498098       0.11   7        0        130988      71156.86    0.00        71156.86   
  62       2816707      1        2        423185       0.09   7        0        128621      60455.00    0.00        60455.00   
  63       2017572      1        5        241588       0.05   2        0        128483      120794.00   0.00        120794.00  
  64       2823146      1        2        128160       0.03   1        0        128160      128160.00   0.00        128160.00  
  65       2816846      1        3        475911       0.11   7        0        126812      67987.29    0.00        67987.29   
  66       2022480      1        2        2304547      0.51   49       0        125916      47031.57    0.00        47031.57   
  67       2808144      1        2        465155       0.10   4        0        125192      116288.75   0.00        116288.75  
  68       2024720      1        3        1097634      0.24   17       0        121272      64566.71    0.00        64566.71   
  69       2823143      1        2        119787       0.03   1        0        119787      119787.00   0.00        119787.00  
  70       2826092      1        2        220547       0.05   2        0        117339      110273.50   0.00        110273.50  
  71       2012513      1        4        192905       0.04   4        0        114776      48226.25    0.00        48226.25   
  72       2017477      1        5        199933       0.04   2        0        112333      99966.50    0.00        99966.50   
  73       2814736      1        7        110637       0.02   1        0        110637      110637.00   0.00        110637.00  
  74       2022535      1        11       567769       0.13   9        0        109540      63085.44    0.00        63085.44   
  75       2024848      1        2        339385       0.08   4        0        109480      84846.25    0.00        84846.25   
  76       2805348      1        4        732139       0.16   13       0        108412      56318.38    0.00        56318.38   
  77       2815451      1        2        4468405      0.99   342      0        104378      13065.51    0.00        13065.51   
  78       2820120      1        2        103127       0.02   1        0        103127      103127.00   0.00        103127.00  
  79       2812614      1        2        336408       0.07   5        0        102503      67281.60    0.00        67281.60   
  80       2816909      1        2        3127429      0.69   51       0        101539      61322.14    0.00        61322.14   
  81       2825453      1        2        1039411      0.23   17       0        100934      61141.82    0.00        61141.82   
  82       2017552      1        6        4973426      1.10   298      0        99589       16689.35    0.00        16689.35   
  83       2022410      1        2        98802        0.02   1        0        98802       98802.00    0.00        98802.00   
  84       2025330      1        1        1321770      0.29   17       0        96693       77751.18    0.00        77751.18   
  85       2808762      1        5        622756       0.14   9        0        94916       69195.11    0.00        69195.11   
  86       2019714      1        10       183565       0.04   2        0        93489       91782.50    0.00        91782.50   
  87       2822095      1        2        774658       0.17   12       0        92389       64554.83    0.00        64554.83   
  88       2022221      1        3        702945       0.16   10       0        92323       70294.50    0.00        70294.50   
  89       2814837      1        2        137085       0.03   2        0        91279       68542.50    0.00        68542.50   
  90       2017824      1        3        91090        0.02   1        0        91090       91090.00    0.00        91090.00   
  91       2825567      1        3        1108031      0.25   17       0        90965       65178.29    0.00        65178.29   
  92       2018260      1        4        90763        0.02   1        0        90763       90763.00    0.00        90763.00   
  93       2816924      1        4        1472044      0.33   51       0        89997       28863.61    0.00        28863.61   
  94       2829214      1        2        1042675      0.23   17       0        89934       61333.82    0.00        61333.82   
  95       2810961      1        2        533760       0.12   9        0        89869       59306.67    0.00        59306.67   
  96       2816927      1        3        2180336      0.48   51       0        89325       42751.69    0.00        42751.69   
  97       2022488      1        3        557211       0.12   15       0        89140       37147.40    0.00        37147.40   
  98       2807202      1        2        1239733      0.28   20       0        87582       61986.65    0.00        61986.65   
  99       2806976      1        3        161438       0.04   2        0        87206       80719.00    0.00        80719.00   
  100      2018789      1        3        910059       0.20   207      0        86721       4396.42     0.00        4396.42    
  101      2102190      1        5        1920261      0.43   622      0        86162       3087.24     0.00        3087.24    
  102      2022658      1        4        126853       0.03   2        0        85493       63426.50    0.00        63426.50   
  103      2811961      1        2        161958       0.04   2        0        85387       80979.00    0.00        80979.00   
  104      2025064      1        5        1675494      0.37   51       0        85381       32852.82    0.00        32852.82   
  105      2816328      1        5        1517622      0.34   68       0        84084       22317.97    0.00        22317.97   
  106      2820754      1        3        159979       0.04   2        0        83115       79989.50    0.00        79989.50   
  107      2827202      1        3        998842       0.22   17       0        82476       58755.41    0.00        58755.41   
  108      2025189      1        1        6573112      1.46   734      0        80947       8955.19     0.00        8955.19    
  109      2025192      1        1        6472053      1.44   734      0        79960       8817.51     0.00        8817.51    
  110      2807655      1        2        79553        0.02   1        0        79553       79553.00    0.00        79553.00   
  111      2022627      1        12       492511       0.11   9        0        77987       54723.44    0.00        54723.44   
  112      2014701      1        12       3245937      0.72   265      0        74729       12248.82    0.00        12248.82   
  113      2809850      1        2        1206743      0.27   46       0        73941       26233.54    0.00        26233.54   
  114      2803027      1        6        158562       0.04   10       0        73235       15856.20    0.00        15856.20   
  115      2020661      1        3        391763       0.09   19       0        72653       20619.11    0.00        20619.11   
  116      2809158      1        2        71874        0.02   1        0        71874       71874.00    0.00        71874.00   
  117      2009813      1        4        1226141      0.27   32       0        71605       38316.91    0.00        38316.91   
  118      2816929      1        4        1711002      0.38   51       0        71093       33549.06    0.00        33549.06   
  119      2803657      1        5        100457       0.02   11       0        70915       9132.45     0.00        9132.45    
  120      2804906      1        3        98270        0.02   11       0        68959       8933.64     0.00        8933.64    
  121      2815275      1        2        137408       0.03   2        0        68759       68704.00    0.00        68704.00   
  122      2816928      1        3        1918209      0.43   51       0        68172       37611.94    0.00        37611.94   
  123      2816739      1        2        68091        0.02   1        0        68091       68091.00    0.00        68091.00   
  124      2816895      1        2        602638       0.13   25       0        68063       24105.52    0.00        24105.52   
  125      2806486      1        2        43

This file has been truncated. Go here to download in full.


packet_stats.log - (21191 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             2         34652092       88450825      61551458        123.1m    0.00
 IPv4       6         18591         10609237     1964276518    1421865905      26433.9b   98.69
 IPv4      17           337          7105065     1951374351     990231032        333.7b    1.25
 IPv4     256             1       1571523015     1571523015    1571523015          1.6b    0.01
 IPv6       0             1       1571181191     1571181191    1571181191          1.6b    0.01
 IPv6      17            21          6810999     1962182594     575202005         12.1b    0.05
 IPv6      58             2         34744963       88519809      61632386        123.3m    0.00
 IPv6     256             1       1571181191     1571181191    1571181191          1.6b    0.01
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             2           123070         124462        123766        247.5k    0.01
TMM_FLOWWORKER              IPv4       6         18591            65545       18691002        148559          2.8b   88.72
TMM_FLOWWORKER              IPv4      17           337           118655       21973903        613927        206.9m    6.65
TMM_RECEIVEPCAPFILE         IPv4       2             2             2781           2947          2864          5.7k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6         18313             2527       19234883          3887         71.2m    2.29
TMM_RECEIVEPCAPFILE         IPv4      17           337             2531          38403          2960        997.6k    0.03
TMM_DECODEPCAPFILE          IPv4       2             2             3389           3418          3403          6.8k    0.00
TMM_DECODEPCAPFILE          IPv4       6         18313             2641        4557361          3606         66.1m    2.12
TMM_DECODEPCAPFILE          IPv4      17           337             2659          41367          3252          1.1m    0.04
TMM_FLOWWORKER              IPv6       0             1           160010         160010        160010        160.0k    0.01
TMM_FLOWWORKER              IPv6      17            21           108362         574071        187614          3.9m    0.13
TMM_FLOWWORKER              IPv6      58             2            73132          89871         81501        163.0k    0.01
TMM_RECEIVEPCAPFILE         IPv6      17            21             2573           3623          2786         58.5k    0.00
TMM_RECEIVEPCAPFILE         IPv6      58             2             2813           3415          3114          6.2k    0.00
TMM_DECODEPCAPFILE          IPv6      17            21             2722          88484          7393        155.3k    0.00
TMM_DECODEPCAPFILE          IPv6      58             2             3391           9525          6458         12.9k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6         18313             2661         758220          3374         61.8m  2.38  
flow                    IPv4      17           337             2829          54582          5008          1.7m  0.06  
stream                  IPv4       6         18591             2608        7104314         10499        195.2m  7.51  
app-layer               IPv4      17           337             2520          79557         14295          4.8m  0.19  
detect                  IPv4       2             2           117409         118592        118000        236.0k  0.01  
detect                  IPv4       6         18591            44193       13514213        113534          2.1b  81.19 
detect                  IPv4      17           337           102536       21947852        437975        147.6m  5.68  
tcp-prune               IPv4       6         18591             2529       18417310          3971         73.8m  2.84  
flow                    IPv6      17            21             2888          30944          6413        134.7k  0.01  
flow                    IPv6      58             2             4047           5235          4641          9.3k  0.00  
app-layer               IPv6      17            21             2520          37495          7561        158.8k  0.01  
detect                  IPv6       0             1           154227         154227        154227        154.2k  0.01  
detect                  IPv6      17            21            92269         492488        161874          3.4m  0.13  
detect                  IPv6      58             2            60210          76197         68203        136.4k  0.01  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            39             2915          64195         14626        570.5k  16.52 
tls                     IPv4       6           303             2601          22104          3435          1.0m  30.14 
tls                     IPv4      17             3            24965          24965         24965         74.9k  2.17  
dns                     IPv4      17           268             3486          22661          6220          1.7m  48.27 
tls                     IPv6      17             3            24965          24965         24965         74.9k  2.17  
dns                     IPv6      17             2             4767          20806         12786         25.6k  0.74  
Proto detect            IPv4       6             5             2709          13264          5895         29.5k
Proto detect            IPv4      17           183             2733          55642          6035          1.1m
Proto detect            IPv6      17             9             2918          30943          6879         61.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17           266            26569        6702780        134322         35.7m  64.35 
LOGGER_JSON_HTTP            IPv4       6            53            42470         168912         86643          4.6m  8.27  
LOGGER_JSON_TLS             IPv4       6           171            23786         134935         64718         11.1m  19.93 
LOGGER_JSON_FILE            IPv4       6            34            67468         168022        117002          4.0m  7.16  
LOGGER_JSON_VARS            IPv6     256             1           160010         160010        160010        160.0k  0.29  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2579             2553        6210188         33290        85.9m  33.01 
payload                           IPv4      17           336             3306         193220         25652         8.6m  3.31  
stream                            IPv4       6          2579             2527        6241066         41133       106.1m  40.79 
http_uri                          IPv4       6            53             6303         181765         50101         2.7m  1.02  
http_request_line                 IPv4       6            53             3953          12032          6613       350.5k  0.13  
http_client_body                  IPv4       6            59             2842         381112         24625         1.5m  0.56  
http_header (request)             IPv4       6            70             2651         344394         70281         4.9m  1.89  
http_header (request trailer)     IPv4       6            53             2558          17433          2966       157.2k  0.06  
http_header_names (request)       IPv4       6            70             2674          46961         11757       823.1k  0.32  
http_accept (request)             IPv4       6            70             3280          21611          4936       345.6k  0.13  
http_referer (request)            IPv4       6            70             2836          27210          5965       417.6k  0.16  
http_content_len (request)        IPv4       6            70             2810          37538          3840       268.8k  0.10  
http_content_type (request)       IPv4       6            70             2844          18135          4028       282.0k  0.11  
http_protocol (request)           IPv4       6            53             2777          30835          4647       246.3k  0.09  
http_start (request)              IPv4       6            70             2669          61642         18362         1.3m  0.49  
http_raw_header (request)         IPv4       6            59             9644          92726         35003         2.1m  0.79  
http_method                       IPv4       6            53             3226           7708          5012       265.6k  0.10  
http_cookie (request)             IPv4       6            70             2817          39925         12763       893.5k  0.34  
http_raw_uri                      IPv4       6            53             3003          25945          8137       431.3k  0.17  
http_user_agent                   IPv4       6            70             4563          36888         15195         1.1m  0.41  
http_host                         IPv4       6            70             2540          22976          6727       470.9k  0.18  
dns_query                         IPv4      17           133             3295          32682          9672         1.3m  0.49  
tls_sni                           IPv4       6           334             2779          26233          5022         1.7m  0.65  
http_response_line                IPv4       6            53             2927          17024          6525       345.9k  0.13  
http_header (response)            IPv4       6            72             2680          97967         32359         2.3m  0.90  
http_header (response trailer)    IPv4       6            53             2566          79520          9257       490.7k  0.19  
http_content_type (response)      IPv4       6            72             2904          16499          6138       442.0k  0.17  
http_raw_header (response)        IPv4       6           286             4630         172252         14427         4.1m  1.59  
http_cookie (response)            IPv4       6            72             2746          64471         12776       919.9k  0.35  
http_stat_code                    IPv4       6            72             2610          32786          4270       307.5k  0.12  
tls_cert_issuer                   IPv4       6           171             2599          41669          6552         1.1m  0.43  
tls_cert_subject                  IPv4       6           171             2581          40574          7668         1.3m  0.50  
tls_cert_serial                   IPv4       6           171             2559          15592          4015       686.7k  0.26  
file_data (http response)         IPv4       6           233             2570        4266624        110492        25.7m  9.90  
Total                             IPv4                  8523                                         30475       259.7m
payload                           IPv6      17            21             3369          67870         14760       310.0k  0.12  
payload                           IPv6      58             2             6553           6767          6660        13.3k  0.01  
Total                             IPv6                    23                                         14056       323.3k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             2            68064          68522         68293        136.6k  0.01  
PROF_DETECT_IPONLY          IPv4       6           411             3193         467219         37551         15.4m  0.69  
PROF_DETECT_IPONLY          IPv4      17           274            36967        7072154         74111         20.3m  0.90  
PROF_DETECT_RULES           IPv4       2             2             2562           2564          2563          5.1k  0.00  
PROF_DETECT_RULES           IPv4       6         18591             2518       12033823         25817        480.0m  21.34 
PROF_DETECT_RULES           IPv4      17           337            10004       21867769        268283         90.4m  4.02  
PROF_DETECT_STATEFUL_START    IPv4       6           491             5107       11402586        185681         91.2m  4.05  
PROF_DETECT_STATEFUL_START    IPv4      17             9             9134          24935         12701        114.3k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       2             2             2557           2777          2667          5.3k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         18591             2510        5721299         10714        199.2m  8.85  
PROF_DETECT_STATEFUL_CONT    IPv4      17           337             2511          89004          5828          2.0m  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6         17671             2541         385054          2761         48.8m  2.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           266             2590           3840          2845        756.9k  0.03  
PROF_DETECT_PREFILTER       IPv4       2             2             8652          10193          9422         18.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         18591             7761        6317769         31743        590.1m  26.23 
PROF_DETECT_PREFILTER       IPv4      17           337            24164         217317         57073         19.2m  0.85  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2579            12887        6254079         84830        218.8m  9.72  
PROF_DETECT_PF_PAYLOAD      IPv4      17           336             8594         198620         31099         10.4m  0.46  
PROF_DETECT_PF_TX           IPv4       6         17671             2551        5905128          7439        131.5m  5.84  
PROF_DETECT_PF_TX           IPv4      17           133             8533          38427         15320          2.0m  0.09  
PROF_DETECT_PF_SORT1        IPv4       6          1963             2524        3639183          5355         10.5m  0.47  
PROF_DETECT_PF_SORT1        IPv4      17           336             2595          20295          4185          1.4m  0.06  
PROF_DETECT_PF_SORT2        IPv4       2             2             2759           2820          2789          5.6k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         18591             2510        6010119          3129         58.2m  2.59  
PROF_DETECT_PF_SORT2        IPv4      17           337             2547          23998          3537          1.2m  0.05  
PROF_DETECT_NONMPMLIST      IPv4       2             2             2750           2791          2770          5.5k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         18591             2523        5324571          3264         60.7m  2.70  
PROF_DETECT_NONMPMLIST      IPv4      17           337             2555          59287          3299          1.1m  

This file has been truncated. Go here to download in full.


suricata-report-2019-02-04-T-11-13-42-02042019.1111-dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap.txt - (17606 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/7c31dcb29bc95885ed2356649fb2712756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02042019.1111-dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap -vvv -k none
elapsedtime:21.800203
stderr:
stdout:
4/2/2019 -- 11:13:20 - <Info> - Configuration node 'rule-files' redefined.
4/2/2019 -- 11:13:20 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/2/2019 -- 11:13:20 - <Info> - CPUs/cores online: 1
4/2/2019 -- 11:13:20 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32267 and 'request-body-inspect-window' set to 16588 after randomization.
4/2/2019 -- 11:13:20 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32633 and 'response-body-inspect-window' set to 16250 after randomization.
4/2/2019 -- 11:13:20 - <Config> - DNS request flood protection level: 500
4/2/2019 -- 11:13:20 - <Config> - DNS per flow memcap (state-memcap): 524288
4/2/2019 -- 11:13:20 - <Config> - DNS global memcap: 16777216
4/2/2019 -- 11:13:20 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/2/2019 -- 11:13:20 - <Config> - preallocated 1000 hosts of size 136
4/2/2019 -- 11:13:20 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 11:13:20 - <Config> - using magic-file /usr/share/file/magic
4/2/2019 -- 11:13:20 - <Config> - Core dump size is unlimited.
4/2/2019 -- 11:13:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/2/2019 -- 11:13:21 - <Config> - preallocated 1000 defrag trackers of size 168
4/2/2019 -- 11:13:21 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/2/2019 -- 11:13:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/2/2019 -- 11:13:21 - <Config> - stream "memcap": 33554432
4/2/2019 -- 11:13:21 - <Config> - stream "midstream" session pickups: disabled
4/2/2019 -- 11:13:21 - <Config> - stream "async-oneside": disabled
4/2/2019 -- 11:13:21 - <Config> - stream "checksum-validation": disabled
4/2/2019 -- 11:13:21 - <Config> - stream."inline": disabled
4/2/2019 -- 11:13:21 - <Config> - stream "bypass": disabled
4/2/2019 -- 11:13:21 - <Config> - stream "max-synack-queued": 5
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly "memcap": 134217728
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly "depth": 0
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly "toserver-chunk-size": 2568
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly "toclient-chunk-size": 2597
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly.raw: enabled
4/2/2019 -- 11:13:21 - <Config> - stream.reassembly "segment-prealloc": 2048
4/2/2019 -- 11:13:21 - <Config> - Delayed detect disabled
4/2/2019 -- 11:13:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/2/2019 -- 11:13:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/2/2019 -- 11:13:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/2/2019 -- 11:13:21 - <Config> - prefilter engines: MPM
4/2/2019 -- 11:13:21 - <Config> - IP reputation disabled
4/2/2019 -- 11:13:21 - <Perf> - Registered 148 keyword profiling counters.
4/2/2019 -- 11:13:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
4/2/2019 -- 11:13:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
4/2/2019 -- 11:13:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
4/2/2019 -- 11:13:25 - <Config> - No rules loaded from ET-icmp.rules.
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
4/2/2019 -- 11:13:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
4/2/2019 -- 11:13:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
4/2/2019 -- 11:13:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
4/2/2019 -- 11:13:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
4/2/2019 -- 11:13:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
4/2/2019 -- 11:13:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
4/2/2019 -- 11:13:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
4/2/2019 -- 11:13:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
4/2/2019 -- 11:13:33 - <Config> - No rules loaded from local.rules.
4/2/2019 -- 11:13:33 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
4/2/2019 -- 11:13:33 - <Info> - Threshold config parsed: 0 rule(s) found
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tcp-packet
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tcp-stream
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for udp-packet
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for other-ip
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_uri
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_client_body
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_accept
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_accept_enc
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_accept_lang
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_referer
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_connection
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_method
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_raw_uri
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_user_agent
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_host
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_raw_host
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_stat_msg
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_stat_code
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for dns_query
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tls_sni
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:13:33 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:13:33 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
4/2/2019 -- 11:13:33 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/2/2019 -- 11:13:34 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/2/2019 -- 11:13:34 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/2/2019 -- 11:13:34 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/2/2019 -- 11:13:34 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
4/2/2019 -- 11:13:34 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/2/2019 -- 11:13:34 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/2/2019 -- 11:13:38 - <Perf> - Unique rule groups: 104
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "toclient UDP packet": 17
4/2/2019 -- 11:13:38 - <Perf> - Builtin MPM "other IP packet": 3
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_header": 10
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_header": 6
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_start": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_method": 5
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver http_host": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toserver file_data": 1
4/2/2019 -- 11:13:38 - <Perf> - AppLayer MPM "toclient file_data": 7
4/2/2019 -- 11:13:40 - <Perf> - Registered 39590 rule profiling counters.
4/2/2019 -- 11:13:40 - <Info> - fast output device (regular) initialized: alert
4/2/2019 -- 11:13:40 - <Info> - eve-log output device (regular) initialized: eve.json
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'alert'
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'http'
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'dns'
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'tls'
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'files'
4/2/2019 -- 11:13:40 - <Config> - enabling 'eve-log' module 'ssh'
4/2/2019 -- 11:13:40 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/2/2019 -- 11:13:40 - <Info> - stats output device (regular) initialized: stats.log
4/2/2019 -- 11:13:40 - <Config> - AutoFP mode using "Hash" flow load balancer
4/2/2019 -- 11:13:40 - <Info> - reading pcap file /var/pcap/02042019.1111-dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap
4/2/2019 -- 11:13:40 - <Config> - using 1 flow manager threads
4/2/2019 -- 11:13:40 - <Config> - using 1 flow recycler threads
4/2/2019 -- 11:13:40 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


stats.log - (3316 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 2/4/2019 -- 11:13:42 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 18720
decoder.bytes                              | Total                     | 11033491
decoder.ipv4                               | Total                     | 18652
decoder.ipv6                               | Total                     | 24
decoder.ethernet                           | Total                     | 18720
decoder.tcp                                | Total                     | 18313
decoder.udp                                | Total                     | 358
decoder.icmpv6                             | Total                     | 2
decoder.teredo                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 589
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 206
flow.udp                                   | Total                     | 152
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 206
tcp.syn                                    | Total                     | 210
tcp.synack                                 | Total                     | 205
tcp.rst                                    | Total                     | 113
tcp.overlap                                | Total                     | 22
tcp.insert_list_fail                       | Total                     | 1
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 29
app_layer.tx.http                          | Total                     | 53
app_layer.flow.tls                         | Total                     | 171
app_layer.flow.dns_udp                     | Total                     | 131
app_layer.tx.dns_udp                       | Total                     | 133
app_layer.flow.failed_udp                  | Total                     | 21
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7124992


eve.json - (315824 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{"timestamp":"2019-02-01T20:04:39.864203+0000","flow_id":1936556299857867,"pcap_cnt":45,"event_type":"dns","src_ip":"192.168.100.96","src_port":52614,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29393,"rrname":"www.hdkoora.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:39.864925+0000","flow_id":733063513846429,"pcap_cnt":48,"event_type":"dns","src_ip":"192.168.100.96","src_port":54206,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29859,"rrname":"clientservices.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:39.865159+0000","flow_id":296364124091271,"pcap_cnt":49,"event_type":"dns","src_ip":"192.168.100.96","src_port":49794,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39218,"rrname":"www.gstatic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:39.878298+0000","flow_id":296364124091271,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":49794,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"www.gstatic.com","rrtype":"A","ttl":291,"rdata":"172.217.23.131"}}
{"timestamp":"2019-02-01T20:04:39.879261+0000","flow_id":1936556299857867,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"www.hdkoora.com","rrtype":"CNAME","ttl":3528,"rdata":"ghs.google.com"}}
{"timestamp":"2019-02-01T20:04:39.879261+0000","flow_id":1936556299857867,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"ghs.google.com","rrtype":"A","ttl":299,"rdata":"216.58.205.243"}}
{"timestamp":"2019-02-01T20:04:39.880699+0000","flow_id":733063513846429,"pcap_cnt":52,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":29859,"rcode":"NOERROR","rrname":"clientservices.googleapis.com","rrtype":"A","ttl":299,"rdata":"172.217.16.163"}}
{"timestamp":"2019-02-01T20:04:39.950256+0000","flow_id":171432115404784,"pcap_cnt":53,"event_type":"dns","src_ip":"192.168.100.96","src_port":56725,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36447,"rrname":"accounts.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:39.965928+0000","flow_id":171432115404784,"pcap_cnt":58,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":56725,"proto":"UDP","dns":{"type":"answer","id":36447,"rcode":"NOERROR","rrname":"accounts.google.com","rrtype":"A","ttl":299,"rdata":"172.217.23.141"}}
{"timestamp":"2019-02-01T20:04:40.047228+0000","flow_id":2096303313495246,"pcap_cnt":83,"event_type":"tls","src_ip":"192.168.100.96","src_port":49186,"dest_ip":"172.217.23.131","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","issuerdn":"C=US, O=Google Trust Services, CN=Google Internet Authority G3"}}
{"timestamp":"2019-02-01T20:04:40.053597+0000","flow_id":1894667483850222,"pcap_cnt":94,"event_type":"tls","src_ip":"192.168.100.96","src_port":49187,"dest_ip":"172.217.16.163","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googleapis.com","issuerdn":"C=US, O=Google Trust Services, CN=Google Internet Authority G3"}}
{"timestamp":"2019-02-01T20:04:40.053797+0000","flow_id":832620855796223,"pcap_cnt":97,"event_type":"tls","src_ip":"192.168.100.96","src_port":49184,"dest_ip":"216.58.205.243","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.hdkoora.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-02-01T20:04:40.053837+0000","flow_id":1778621762478976,"pcap_cnt":98,"event_type":"tls","src_ip":"192.168.100.96","src_port":49185,"dest_ip":"216.58.205.243","dest_port":443,"proto":"TCP","tls":{"subject":"CN=www.hdkoora.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-02-01T20:04:40.064614+0000","flow_id":326089592787811,"pcap_cnt":103,"event_type":"tls","src_ip":"192.168.100.96","src_port":49189,"dest_ip":"172.217.23.141","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com","issuerdn":"C=US, O=Google Trust Services, CN=Google Internet Authority G3"}}
{"timestamp":"2019-02-01T20:04:40.686704+0000","flow_id":1712277402712688,"pcap_cnt":233,"event_type":"dns","src_ip":"192.168.100.96","src_port":57468,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56815,"rrname":"live.demand.supply","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.697140+0000","flow_id":1712277402712688,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":57468,"proto":"UDP","dns":{"type":"answer","id":56815,"rcode":"NOERROR","rrname":"live.demand.supply","rrtype":"A","ttl":28,"rdata":"104.18.216.93"}}
{"timestamp":"2019-02-01T20:04:40.697140+0000","flow_id":1712277402712688,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":57468,"proto":"UDP","dns":{"type":"answer","id":56815,"rcode":"NOERROR","rrname":"live.demand.supply","rrtype":"A","ttl":28,"rdata":"104.18.218.93"}}
{"timestamp":"2019-02-01T20:04:40.697140+0000","flow_id":1712277402712688,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":57468,"proto":"UDP","dns":{"type":"answer","id":56815,"rcode":"NOERROR","rrname":"live.demand.supply","rrtype":"A","ttl":28,"rdata":"104.18.217.93"}}
{"timestamp":"2019-02-01T20:04:40.697140+0000","flow_id":1712277402712688,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":57468,"proto":"UDP","dns":{"type":"answer","id":56815,"rcode":"NOERROR","rrname":"live.demand.supply","rrtype":"A","ttl":28,"rdata":"104.18.219.93"}}
{"timestamp":"2019-02-01T20:04:40.697140+0000","flow_id":1712277402712688,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":57468,"proto":"UDP","dns":{"type":"answer","id":56815,"rcode":"NOERROR","rrname":"live.demand.supply","rrtype":"A","ttl":28,"rdata":"104.18.215.93"}}
{"timestamp":"2019-02-01T20:04:40.774310+0000","flow_id":1460579434279295,"pcap_cnt":261,"event_type":"tls","src_ip":"192.168.100.96","src_port":49200,"dest_ip":"104.18.216.93","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=demand.supply","issuerdn":"C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2"}}
{"timestamp":"2019-02-01T20:04:40.781657+0000","flow_id":1805181840321881,"pcap_cnt":265,"event_type":"dns","src_ip":"192.168.100.96","src_port":55335,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49698,"rrname":"f.top4top.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.795257+0000","flow_id":1805181840321881,"pcap_cnt":266,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":55335,"proto":"UDP","dns":{"type":"answer","id":49698,"rcode":"NOERROR","rrname":"f.top4top.net","rrtype":"A","ttl":862,"rdata":"185.186.244.145"}}
{"timestamp":"2019-02-01T20:04:40.896290+0000","flow_id":1143297315185974,"pcap_cnt":294,"event_type":"tls","src_ip":"192.168.100.96","src_port":49202,"dest_ip":"185.186.244.145","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, CN=*.top4top.net","issuerdn":"C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2"}}
{"timestamp":"2019-02-01T20:04:40.902065+0000","flow_id":1686288555623345,"pcap_cnt":300,"event_type":"dns","src_ip":"192.168.100.96","src_port":60023,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63141,"rrname":"api.demand.supply","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.902939+0000","flow_id":846850082522907,"pcap_cnt":301,"event_type":"dns","src_ip":"192.168.100.96","src_port":63774,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8094,"rrname":"www.blogger.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.903099+0000","flow_id":1527748427827131,"pcap_cnt":302,"event_type":"dns","src_ip":"192.168.100.96","src_port":61762,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58968,"rrname":"images.dmca.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.903248+0000","flow_id":2071439747893328,"pcap_cnt":303,"event_type":"dns","src_ip":"192.168.100.96","src_port":54186,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17201,"rrname":"ajax.googleapis.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.903427+0000","flow_id":965412654729475,"pcap_cnt":304,"event_type":"dns","src_ip":"192.168.100.96","src_port":55246,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35564,"rrname":"resources.blogblog.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.903636+0000","flow_id":1883169856473556,"pcap_cnt":305,"event_type":"dns","src_ip":"192.168.100.96","src_port":64410,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19334,"rrname":"4.bp.blogspot.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.907773+0000","flow_id":1686288555623345,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":63141,"rcode":"NOERROR","rrname":"api.demand.supply","rrtype":"A","ttl":36,"rdata":"104.18.217.93"}}
{"timestamp":"2019-02-01T20:04:40.907773+0000","flow_id":1686288555623345,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":63141,"rcode":"NOERROR","rrname":"api.demand.supply","rrtype":"A","ttl":36,"rdata":"104.18.219.93"}}
{"timestamp":"2019-02-01T20:04:40.907773+0000","flow_id":1686288555623345,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":63141,"rcode":"NOERROR","rrname":"api.demand.supply","rrtype":"A","ttl":36,"rdata":"104.18.216.93"}}
{"timestamp":"2019-02-01T20:04:40.907773+0000","flow_id":1686288555623345,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":63141,"rcode":"NOERROR","rrname":"api.demand.supply","rrtype":"A","ttl":36,"rdata":"104.18.218.93"}}
{"timestamp":"2019-02-01T20:04:40.907773+0000","flow_id":1686288555623345,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":63141,"rcode":"NOERROR","rrname":"api.demand.supply","rrtype":"A","ttl":36,"rdata":"104.18.215.93"}}
{"timestamp":"2019-02-01T20:04:40.908479+0000","flow_id":1154567309417663,"pcap_cnt":308,"event_type":"dns","src_ip":"192.168.100.96","src_port":50964,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38649,"rrname":"pagead2.googlesyndication.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.908725+0000","flow_id":1527748427827131,"pcap_cnt":309,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":61762,"proto":"UDP","dns":{"type":"answer","id":58968,"rcode":"NOERROR","rrname":"images.dmca.com","rrtype":"CNAME","ttl":1891,"rdata":"dmca-images-4kq2g0tcaqpj02eih0o6.stackpathdns.com"}}
{"timestamp":"2019-02-01T20:04:40.908725+0000","flow_id":1527748427827131,"pcap_cnt":309,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":61762,"proto":"UDP","dns":{"type":"answer","id":58968,"rcode":"NOERROR","rrname":"dmca-images-4kq2g0tcaqpj02eih0o6.stackpathdns.com","rrtype":"A","ttl":152,"rdata":"151.139.242.29"}}
{"timestamp":"2019-02-01T20:04:40.911851+0000","flow_id":1140552831134187,"pcap_cnt":311,"event_type":"dns","src_ip":"192.168.100.96","src_port":53890,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39957,"rrname":"www.googletagservices.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"ajax.googleapis.com","rrtype":"CNAME","ttl":3508,"rdata":"googleapis.l.google.com"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"216.58.205.234"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"172.217.22.10"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"172.217.18.10"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"172.217.18.170"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"172.217.23.138"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"216.58.206.10"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"216.58.207.42"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"216.58.207.74"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"answer","id":17201,"rcode":"NOERROR","rrname":"googleapis.l.google.com","rrtype":"A","ttl":208,"rdata":"172.217.16.170"}}
{"timestamp":"2019-02-01T20:04:40.916759+0000","flow_id":2071439747893328,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.96","dest_port":54186,"proto":"UDP","dns":{"type":"ans

This file has been truncated. Go here to download in full.


keyword_perf.log - (14389 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:13:42
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             12474906        3800            3800            55966           3282.00         3282.00         0.00           
  content          118943114       24142           7085            5811613         4926.00         5381.00         4737.00        
  pcre             15117067        3784            89              92334           3994.00         5684.00         3954.00        
  byte_test        5633178         1789            856             40665           3148.00         3307.00         3002.00        
  byte_jump        787244          229             24              24637           3437.00         4184.00         3350.00        
  isdataat         379479          133             0               6708            2853.00         0.00            2853.00        
  flowbits         184846          48              24              19762           3850.00         4706.00         2995.00        
  urilen           2171452         677             291             28033           3207.00         3242.00         3180.00        
  byte_extract     9014914         1198            1198            5549615         7524.00         7524.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             12474906        3800            3800            55966           3282.00         3282.00         0.00           
  flowbits         145370          43              19              4690            3380.00         3867.00         2995.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          63393540        14086           4840            5811613         4500.00         5102.00         4185.00        
  pcre             5398925         1348            84              57682           4005.00         5697.00         3892.00        
  byte_test        5633178         1789            856             40665           3148.00         3307.00         3002.00        
  byte_jump        779309          227             23              24637           3433.00         4185.00         3348.00        
  isdataat         379479          133             0               6708            2853.00         0.00            2853.00        
  byte_extract     9014914         1198            1198            5549615         7524.00         7524.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         39476           5               5               19762           7895.00         7895.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3289144         763             329             33601           4310.00         4381.00         4257.00        
  pcre             1688908         256             0               92334           6597.00         0.00            6597.00        
  urilen           2171452         677             291             28033           3207.00         3242.00         3180.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          517176          76              4               55062           6804.00         50685.00        4367.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          93132           30              0               3978            3104.00         0.00            3104.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23408126        546             182             481169          42872.00        25874.00        51370.00       
  pcre             5363144         1709            4               59401           3138.00         3424.00         3137.00        
  byte_jump        7935            2               1               4167            3967.00         4167.00         3768.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8044451         1887            1331            52898           4263.00         4264.00         4259.00        
  pcre             2061083         335             1               44193           6152.00         13646.00        6130.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          270240          72              7               8732            3753.00         3899.00         3737.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          117590          32              32              4685            3674.00         3674.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19289           6               2               3831            3214.00         3202.00         3221.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1694367         512             238             16001           3309.00         3498.00         3144.00        
  pcre             605007          136             0               24202           4448.00         0.00            4448.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          118217          36              8               3834            3283.00         3264.00         3289.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38845           9               0               5885            4316.00         0.00            4316.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          392133          112             112             8765            3501.00         3501.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17546864        5975            0               45258           2936.00         0.00            2936.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-02-04 11:13:20,244 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-04 11:13:20,981 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-04 11:13:20,982 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-02-04 11:13:20,982 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-04 11:13:20,982 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-04 11:13:20,982 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/7c31dcb29bc95885ed2356649fb2712756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02042019.1111-dd56a1ee-c937-4511-8c77-31f2b285cb83.pcap -vvv -k none
2019-02-04 11:13:42,785 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-04 11:13:42,785 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.5551860332