Filename: df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.1638391018 seconds
Hash: 7f06885fd05ed9266e7a439070d3c5f7
Uploaded: 1542481484

Logfiles


suricata-report-2018-11-17-T-19-05-08-11172018.1904-df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap.txt - (18034 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/7f06885fd05ed9266e7a439070d3c5f756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1904-df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap -vvv -k none
elapsedtime:23.082458
stderr:
stdout:
17/11/2018 -- 19:04:45 - <Info> - Configuration node 'rule-files' redefined.
17/11/2018 -- 19:04:45 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/11/2018 -- 19:04:45 - <Info> - CPUs/cores online: 1
17/11/2018 -- 19:04:45 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32009 and 'request-body-inspect-window' set to 15619 after randomization.
17/11/2018 -- 19:04:45 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31376 and 'response-body-inspect-window' set to 15759 after randomization.
17/11/2018 -- 19:04:45 - <Config> - DNS request flood protection level: 500
17/11/2018 -- 19:04:45 - <Config> - DNS per flow memcap (state-memcap): 524288
17/11/2018 -- 19:04:45 - <Config> - DNS global memcap: 16777216
17/11/2018 -- 19:04:45 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/11/2018 -- 19:04:45 - <Config> - preallocated 1000 hosts of size 136
17/11/2018 -- 19:04:45 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:04:45 - <Config> - using magic-file /usr/share/file/magic
17/11/2018 -- 19:04:45 - <Config> - Core dump size is unlimited.
17/11/2018 -- 19:04:45 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/11/2018 -- 19:04:45 - <Config> - preallocated 1000 defrag trackers of size 168
17/11/2018 -- 19:04:45 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/11/2018 -- 19:04:45 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/11/2018 -- 19:04:45 - <Config> - stream "memcap": 33554432
17/11/2018 -- 19:04:45 - <Config> - stream "midstream" session pickups: disabled
17/11/2018 -- 19:04:45 - <Config> - stream "async-oneside": disabled
17/11/2018 -- 19:04:45 - <Config> - stream "checksum-validation": disabled
17/11/2018 -- 19:04:45 - <Config> - stream."inline": disabled
17/11/2018 -- 19:04:45 - <Config> - stream "bypass": disabled
17/11/2018 -- 19:04:45 - <Config> - stream "max-synack-queued": 5
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly "memcap": 134217728
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly "depth": 0
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly "toserver-chunk-size": 2508
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly "toclient-chunk-size": 2541
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly.raw: enabled
17/11/2018 -- 19:04:45 - <Config> - stream.reassembly "segment-prealloc": 2048
17/11/2018 -- 19:04:45 - <Config> - Delayed detect disabled
17/11/2018 -- 19:04:45 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/11/2018 -- 19:04:45 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/11/2018 -- 19:04:45 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/11/2018 -- 19:04:45 - <Config> - prefilter engines: MPM
17/11/2018 -- 19:04:45 - <Config> - IP reputation disabled
17/11/2018 -- 19:04:45 - <Perf> - Registered 148 keyword profiling counters.
17/11/2018 -- 19:04:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/11/2018 -- 19:04:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/11/2018 -- 19:04:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/11/2018 -- 19:04:50 - <Config> - No rules loaded from ET-icmp.rules.
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/11/2018 -- 19:04:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/11/2018 -- 19:04:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/11/2018 -- 19:04:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/11/2018 -- 19:04:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/11/2018 -- 19:04:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/11/2018 -- 19:04:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/11/2018 -- 19:04:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/11/2018 -- 19:04:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/11/2018 -- 19:04:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/11/2018 -- 19:04:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/11/2018 -- 19:04:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/11/2018 -- 19:04:58 - <Config> - No rules loaded from local.rules.
17/11/2018 -- 19:04:58 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/11/2018 -- 19:04:58 - <Info> - Threshold config parsed: 0 rule(s) found
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tcp-packet
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tcp-stream
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for udp-packet
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for other-ip
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_uri
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_client_body
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_accept
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_accept_enc
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_accept_lang
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_referer
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_connection
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_method
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_raw_uri
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_user_agent
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_host
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_raw_host
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_stat_msg
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_stat_code
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for dns_query
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tls_sni
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:04:58 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:04:58 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/11/2018 -- 19:04:58 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/11/2018 -- 19:04:59 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/11/2018 -- 19:04:59 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/11/2018 -- 19:04:59 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/11/2018 -- 19:04:59 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/11/2018 -- 19:04:59 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/11/2018 -- 19:04:59 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/11/2018 -- 19:05:05 - <Perf> - Unique rule groups: 104
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/11/2018 -- 19:05:05 - <Perf> - Builtin MPM "other IP packet": 3
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_header": 10
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_header": 6
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_start": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_method": 5
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver http_host": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toserver file_data": 1
17/11/2018 -- 19:05:05 - <Perf> - AppLayer MPM "toclient file_data": 7
17/11/2018 -- 19:05:07 - <Perf> - Registered 39590 rule profiling counters.
17/11/2018 -- 19:05:07 - <Info> - fast output device (regular) initialized: alert
17/11/2018 -- 19:05:07 - <Info> - eve-log output device (regular) initialized: eve.json
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'alert'
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'http'
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'dns'
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'tls'
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'files'
17/11/2018 -- 19:05:07 - <Config> - enabling 'eve-log' module 'ssh'
17/11/2018 -- 19:05:07 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/11/2018 -- 19:05:07 - <Info> - stats output device (regular) initialized: stats.log
17/11/2018 -- 19:05:07 - <Config> - Aut

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2018-11-17-T-19-05-08-11172018.1904-df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap.txt - (4158 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
11/16/2018-01:58:33.392746  [**] [1:2823365:3] ETPRO TROJAN Godzilla Loader Retrieving Payload [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.99:50701 -> 176.119.156.142:80
11/16/2018-01:58:33.420298  [**] [1:2018856:10] ET TROJAN Windows executable base64 encoded [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.119.156.142:80 -> 192.168.100.99:50701
11/16/2018-01:59:26.667707  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:58702 -> 151.80.147.153:53
11/16/2018-01:59:26.739403  [**] [1:2522300:3321] ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 151 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 151.80.147.153:53 -> 192.168.100.99:58702
11/16/2018-01:59:26.740208  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:50442 -> 91.217.137.44:53
11/16/2018-01:59:26.828650  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:57770 -> 80.233.248.109:53
11/16/2018-01:59:26.920568  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:62543 -> 130.255.78.223:53
11/16/2018-01:59:26.998770  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:57201 -> 173.212.234.232:53
11/16/2018-01:59:27.090053  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:61230 -> 173.249.7.187:53
11/16/2018-01:59:27.170597  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:53087 -> 46.101.70.183:53
11/16/2018-01:59:27.251040  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:57476 -> 5.45.97.127:53
11/16/2018-01:59:27.343794  [**] [1:2522988:3321] ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 495 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 5.45.97.127:53 -> 192.168.100.99:57476
11/16/2018-01:59:27.345274  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:64750 -> 50.3.82.215:53
11/16/2018-01:59:27.460498  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:53464 -> 82.141.39.32:53
11/16/2018-01:59:27.573416  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:60572 -> 94.247.43.254:53
11/16/2018-01:59:27.665164  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:59683 -> 107.172.42.186:53
11/16/2018-01:59:27.756159  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:61498 -> 128.52.130.209:53
11/16/2018-01:59:27.865270  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:50666 -> 162.248.241.94:53
11/16/2018-01:59:27.958983  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:60408 -> 172.98.193.42:53
11/16/2018-01:59:28.029667  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:56158 -> 192.52.166.110:53
11/16/2018-01:59:28.108219  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.99:53783 -> 198.206.14.241:53


unified2.alert.1542481507 - (8224 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
4[î$Iþ*+ÅÀ¨dc°wœŽÆ
P‚[î$I[î$Iþ*fEXFÀ¨dc°wœŽÆ
PPe6GET /kanorgate.php?g=-994429369&k=Br5CbMhgeNWZGeevBb5bGx0jd HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: qwerty12346.ru
Connection: Keep-Alive

4[î$IiÊÎ(
°wœŽÀ¨dcPÆ
6[î$I[î$IiÊEDÛ°wœŽÀ¨dcPÆ
PÏêãò/ñåÇ_q
{çìk`ù\ù]Ÿ¼òËnø_øåËo¿Ç#®\Føcþë՟yÕïËÏ»üÂ?‹½
Äw¾Ôßú{ÍGè¯þ¾ðúw½øíOÖêúð£b“/»úŽßõ
ÿ=/÷Âißñ|ã¿ÁÛO.¿ê¡_óm¯øñ¿„÷<G¸Œû—~˜UžÆk¾Ê^ñÇˋéwýøŠÛ_u¾õî×+ž;k¾[ü`ùœzÕÅïù˜xÅ{×)ö:žóÝkž@~éã5Héc_òú>ÿÃކWÞ_qø—xoûwÞ~ÈåÍÕNŠ¯:åW>ü­¯/?	¿òÖ×¼æ·ü^ö¾ñė
_ødÅëÉ[ž¿åeÿ´×+ñžß}ù×KNöÛ>_8ÀXãñ]ÿüžO{僯¼³ã ïùDýݟÍ<ß+N~ßõÇ«~ý•Ìj¯Ú»N2Éÿ+^‘ï~¼â‰ó®Ã¿òÇːÕ.ïy2øšÞu$ñ=¿ñÆÁ{þñ«>ª͗0ïøi®ø‚µßõýZÏ|ͳ~…þn‡ùš'çõw¹É—òÛ_ؕ©ü3,õc´âÉ¥Ýàw½ñꟑ|áMÿ•—Þø{ïúûþ—Š/?x哏ù_â-ÇdÅòù”¯ãoÉ_óÙßuí—}V¹[küûžgYÆi_óhߪ×_uÌËtå_ôWÌ~ÅWê•Ïɗý½æ¡‹÷<áÍïøÖ½çïùŽ¯úñ=Ÿa­õ.k¿ó½ðÆÝßö÷š~¯3Ô¿Öôßóó_òxÕMÄW\üŠs¯ü¤ê?õ]|՟_úRÞó<¯û¿ç_øhɻ痨^Bƒ¾pÔ®Ö<þŸ¿þ8o<þÄ3?ÎÇëéWÝÉo揘wžxÍ;mêé¯ã5‚×üÙÚÎðe×ÞúÖח=ßëk?»/¼ðYáââ=ðªgýä÷~­Oë?ãöógûÖðU‡½æ)¿ò÷&^[o\ê½ãÀ—_ö!ü”ÿ×:
³Öå/=-ã€Öó_ùõ»ÅÛoÃ/œð]Où›òª?†o¿{ïÍÄ×åçÇ*‡ïúÅpØ«X+âE;ÙGßñÄ|ٟþÆûo»4†/ÜôÊç_öɼõóšR~÷üµ>¶Èÿ[ÞßñÓZçǾæ^uÓŸ}ÇÝï¥Æ¯ÞtÊ$>¿’ë{æ›ß2Ê"!ÈíE?6&|áÕÞyÍÓÿ•¯:ðkþþ;¼ùeoûyÙ×W¿×w¢÷z›ü¾Þ)DRÉöŒÅ?åyö\‘wíÍâqT‰©yÞ/r~Ñ6bL‡¯ëÈyí§x߯yÕÝò]ý›–=×(ͳA{ç±³^ñ’Œ[î$I[î$IiÊêEÜC°wœŽÀ¨dcPÆ
PÝ¿]ÄÏ<»Š~Óìtµ2\xGëZùö×ëÞ~Òǂ¾
•­¤7ÊþÇõ6ì€,6úÙ(ÂÊ©~ò³à=ÞÄç{ÿÍ»ý18GñÏÐï¾þlïŒÃ_µÓ÷õþ䟝e¼õOù	K[stANKî?Ï«¾¾êëy]OÔÖý-o~ŽRF¬²_Æ¿ŒÉ™Â
Ÿ~Ê[‡¡_ã7n¤©þîŠ{Æß²[sÖ»=.d
ðGû_ã.–±¸bp8òk<Ž€.zMKÿ´{á˾6Ê~ˏ_úÊø÷+¯€K|ü)/;Ùú'íý°ÿ¼§Ö~þԇqÞ?é—}ý’ù†ÿҟ
n‘wùeåüÞoð-O0, gTÙÿèÏ/ûÖy‰kÔ÷NõÜ{õǽSÄò 6OP»îQ§¶ûÁ”¨Kï˜í<kq}Y?J­r¹‡ם휣‡„^@¯÷×ñ•×_†ö*ò¾¾‡
ff8
òýe‹ë¤CÿèÆ÷aü}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ý}ýW¿$Kôb꾗¢¹šý^ºíÕL×÷æý^¿?_èå:~=߯ïõ‹þ>Ï¿Ï_‡¬×ý¸þ÷çõæ~ä×{ó»ÝþýyúûúÛ/~Íïëïºî‹ÿ¾~Óޏññïû~÷»Ýôƒÿÿóóôw»ß瑟òºÿ[÷5›~~ËéöëóãèÊ»ýàÿãþŸoäñ£_9ÿA.ü¯q´×ýè÷·¾ÓŸým~Ëa£§ü7|ë|‘ŸïŸòÿƒ^¾å³±×û‡}ÞÊï‡=nÚmÛÙ¦íï÷ÚÍûíO~pÿ§ž__ÿ–KúáGé?íû·¾›Íx~ëûsÜ[¹ñ?õuÿ©Ÿ­?!ílüä‡<~Ó?ìr¾Û¯7üŸ|ӟíÖ}ýnwWŸrÝØGûaíæþœúŸvñÃÎû{û¡—M»?ôÌØÍÆ>ãÔ§?õ?õ¹«È‡žøŸãø¡÷~êg£çvÓ/ä§^~Äþƒßæ|ú[/Ÿ~û©§?Æÿþçõ[{üô›ßí6½lü¼ÿ°ëO?ûôãûO=}ÚӟãÿíãÜÚÙ¦ÝòüŒÃÿŒƒÍíîö!§O»âêùþÓë]|ÆÿÛÇùM|ÝØãÖ®7ñv“g~Èéyú3^ðvø©Ÿž7ñ¿Ýè…ÿ%§Ï¸ô÷ê~ûϧžêþæWÿqܛ|·‰“À9÷ŸãÙÚõ§Ÿ}úñ'ŽØè5ýé/Û¼»çÆζínòJÿS®Í‡]ƹ÷oäôiWˆÃéO¾ŸínñÑÆn6þø7ÿÿÍÿóÿßüÿ7ÿÿÍÿÿ•ùÿÏúÿ[ÿæ½Oý×ýÿ¯®ÿ7òþ´ÏþO×mãëgÜûWøoƒ+6yb«çÎC}ë¹ýÐï6ÜþtÝg¾ýÔÛùýÿmãÁæúMœØâž
LÚÙîÛäïùávü”÷'¾ü#îÜÊcƒ'ÒÊísžï3^Ý~ÞÿÃ?>ç?íîöá/¾›8òü÷‡<öO;ØâÏ¼ûéÇÿ>þûsÜø§žÿ`‡Ÿþþû{Øà¦O»Üê
ùi§ŸøoSl¯ßÔ	ܳŃüO;ûÃ}›üýéÇy·yâË?â΍<¶x‚ÿ‡Ü>ýü³^ùCœßØѶ^@>ôÄÿ´Ë
ßæáOü÷Ï:öv°Á;Ÿy÷ӏÿøïqãzþƒþÿÿ›ÿÿæÿ¿ùÿoþÿ›ÿÿæÿ¿ùÿoþÿ_˜ÿ7zÚæ§oþçÓ¯ÿi'ÿJÿ?ôü‡¼ò¯æøÿøçüÏz/~´÷™ÿïrý1î?®ÿlòʟýýSO|µÁ;[ýþGóÿ?Çý‰·êM»›¼ò¯òÿ&~ê³ÙÈé_çÿvÃïß[ÿùÌgÿ^þÿ\ÿùg??óâìªÿ©ç-nù#þû¡ç[î$I[î$IiÊêEÜC°wœŽÀ¨dcPÆ
Pr§æ•Ï¼þ‰W·qa³þsÿ)§övõ™ÿ?×!ÿ½õŸM^ù#ÞÿÄi[|õ¹Þ…|Üÿïçÿ?Œûö¹G›ùö?äÿÏõŸÏõ…M]ò¯òÿ“ß?ýcþÿÌgÿ^þßÚõgœû7×~èíŸq¸Ýðýl÷Ÿë]ÿFþÿÄ«Ÿñö‡^>×EþiWŸùÿ3nlõóÏõŸ?ÄéôÃÞ>ãÐ_mñÎßýGóÿÆýGûÜÄ£qðùÿ‡ü!¯nü÷ßÈÿŸëÿæúÏ>óÿßüÿ7ÿÿÍÿóÿßüÿ7ÿÿoÊÿÿ*þß?úù©Çqã¯é‡¼úŸ|ëþþYÿ↕WëM6ó¤›~Õãm6vðïÅÿÏ8Œüã}Wþ8?ÕÐÄ)ÛxþO\°íïû±Á?âÇçxïòMÿÉç3þÿ«ùÿÏ}BŸqþ·ÜÿŸ7xîÓ϶òûœïúŒÿÿÜg³íϧ^þÿ?ÇùC¯œÿÿ´›•Wӟýù¡ÏÏ~mìh›Gÿýøÿ‡Û¾oâJýO¹nì¨ù£üþþ€ú{ýC?6öÓÿÔ÷v¼·ùþ«¸tû‡¾þ€Kï?åõç·qä3þÿqƒ¶þø9ÿûٟŸmúó©—?ÇÿÏqþÖk³Ñóïºkk7ÿ*¯næéèó³_;Úøû½oâøgÞ«?øoßÿ9ÜüS.Ÿöûœ²‰Àܗú‡¸ý‰o>ë¡MžH?䵉KÍ?õõ\zû)¯6¹ÿ³>o?âÃgoä·ñó¿ùÿoþÿ›ÿÿæÿ¿ùÿoþÿ›ÿÿóùÿGëÿäÇÛóÿªþ¿}èíÿ«úÿSÿéOûm6rýWóÿÿ̗Ÿq·ù°‹fÓþÉüÿ'NøƒÿëùÿúCN[ýÿ/™ÿÿþûïüÿôôGü×l®ÿœÿÿÄÿùùÿ?äËO¿»ÿ´«­^ÿ«æÿÿ9_û‰ã›{h6÷ÿïžÿÿ'þÛâôÿWÍÿÿAOÿùùÿOü·Gÿ¡ùÿ?äËÿýóÿˆ×Ÿ8þþa÷Ÿ÷oåô¿~þÿøoƒÓ?ñ_½¹ÿÿ´ùÿ¿ùÿoþÿ›ÿÿæÿ¿ùÿoþÿ›ÿÿæÿÿGÎÿoèïû·qôÿ_æÿ?ãÊßùÿ?øÕñÖÖ/ÿWÍÿoèûÏqþ!þŽóyýÿÜùÿÏø_ÿS®;ÚâŽÿüüz=CÚÎïÄ ÀRäl¨i	zÀŒÄ͎]×G^Œ!˜`K߬¬Håª^;bsˆÒ•@wÕ!…™M™)O¦ç™CÂ:dÓÁv‘Ž™ÜÌ)„®nè™7AsÇÐ|
‹ÎýS}ðAªüà‡…'RàfŠÖÕ ‘¦¡zM%b@XËj¤ýñ[h˜ýÜ_ŒR½@WcoBÖ¹¾á{ÞØñ9Ž"ѱd¨‰87ÅÙà$Ä«¢l¸Ð˜g1ŒÉw•x
ª@l÷ˆû •æ’1ïÎLs¸ÜwX£
°Ú˜-\Ç$ğùt¶½¡ÓøìÔŸ<h
`MÕ½É%_Wµ£tµèTáˆDy<_¯ad%XgðšƒÒ†Tàô•ì‰T轐Ä4¶k¹ÙõtÂ„ô'»áæÁO,·¸Ý‹;ú“‹•‚¦õ\>cLI¥¥Þ¢)%Îü£¡Gvt£¦tÑ
¤@[QÍO8Xˆ|Œ) ‡šâ„鞯·ûQ-ZwègP-<J½í¥¾Þ¢§
Ò¿;EÓ¯Ÿßüæ³omó„ÇC{O¦Àϱ–Y{Ùwa	¸qvJ)í0eÊ}¹ûag?¹lmÎcÓã!Ù=Æpb˜YP6Âx¢*M–0!ŠÌô³†w<•—|Û¢íÙÛý M$yºûÒNÒTíé¨4¢N­Ã‰g‡Ï4]¡B¼×ýӎ&Pޛ(mœŸö'òÐÉQ.L<__5f
j°Ù»!1–EJêô“C–(ˆ4[î$~
0;ÉmÀ¨dc—P“™åN5h[î$~[î$~
0;LRT6>ÿRTJ­E>؀ÏáÀ¨dc—P“™åN5*jFïßprojectkanorbit4[î$~HK&|¼ù—P“™À¨dc5åNh[î$~[î$~HKLRTJ­RT6>ÿE>×ð@@ɗP“™À¨dc5åN*éÂï߁ƒprojectkanorbit4[î$~KpÉmÀ¨dc[ى,Å
5h[î$~[î$~KpLRT6>ÿRTJ­E>ـÅÀ¨dc[ى,Å
5*â·lprojectkanorbit4[î$~¤êÉmÀ¨dcPéømáª5h[î$~[î$~¤êLRT6>ÿRTJ­E>ڀ±rÀ¨dcPéømáª5*š½Âprojectkanorbit4[î$~øÉmÀ¨dc‚ÿNßôO5h[î$~[î$~øLRT6>ÿRTJ­E>ۀ(êÀ¨dc‚ÿNßôO5*4%pprojectkanorbit4[î$~=rÉmÀ¨dc­Ôêèßq5h[î$~[î$~=rLRT6>ÿRTJ­E>܀b
À¨dc­Ôêèßq5*n“ƒœprojectkanorbit4	[î$_ÅÉmÀ¨dc­ù»ï.5h	[î$[î$_ÅLRT6>ÿRTJ­E>݀EÀ¨dc­ù»ï.5*ϼõ¾projectkanorbit4
[î$šeÉmÀ¨dc.eF·Ï_5h
[î$[î$šeLRT6>ÿRTJ­E>ހ…©À¨dc.eF·Ï_5*¬qyqprojectkanorbit4[î$Ô ÉmÀ¨dc-aà„5h[î$[î$Ô LRT6>ÿRTJ­E>߀”À¨dc-aà„5*DMÞàprojectkanorbit4[î$>ò&lù-aÀ¨dc5à„h[î$[î$>òLRTJ­RT6>ÿE>Ø,@@ÖÊ-aÀ¨dc5à„*ÃÉÞàƒprojectkanorbit4
[î$DºÉmÀ¨dc2R×üî5h
[î$[î$DºLRT6>ÿRTJ­E>à€uéÀ¨dc2R×üî5*ȋ 
projectkanorbit4[î$ÒÉmÀ¨dcR' ÐØ5h[î$[î$ÒLRT6>ÿRTJ­E>ခÀ¨dcR' ÐØ5*¥ãyõprojectkanorbit4[î$¿èÉmÀ¨dc^÷+þìœ5h[î$[î$¿èLRT6>ÿRTJ­E>â€oÌÀ¨dc^÷+þìœ5*ÛÇprojectkanorbit4[î$
&LÉmÀ¨dck¬*ºé#5h[î$[î$
&LLRT6>ÿRTJ­E>ã€dZÀ¨dck¬*ºé#5*i¾projectkanorbit4[î$‰¿ÉmÀ¨dc€4‚Ñð:5h[î$[î$‰¿LRT6>ÿRTJ­E>ä€÷¹À¨dc€4‚Ñð:5*º~¼Ÿprojectkanorbit4[î$
3öÉmÀ¨dc¢øñ^Åê5h[î$[î$
3öLRT6>ÿRTJ­E>å€fgÀ¨dc¢øñ^Åê5*ÝÚ2Bprojectkanorbit4[î$¢ÉmÀ¨dc¬bÁ*ëø5h[î$[î$¢LRT6>ÿRTJ­E>怍0À¨dc¬bÁ*ëø5*Ê=F›projectkanorbit4[î$€sãÉmÀ¨dcÀ4¦nÛ^5h[î$€[î$€sãLRT6>ÿRTJ­E>瀔À¨dcÀ4¦nÛ^5*þæ)vprojectkanorbit4[î$€¦»ÉmÀ¨dcÆÎñÒ5h[î$€[î$€¦»LRT6>ÿRTJ­E>è€$üÀ¨dcÆÎñÒ5*t’Mõprojectkanorbit


packet_stats.log - (18119 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             4         59422571      180639522     139693693        558.8m    0.07
 IPv4       6          1686          2077604      745093238     460332593        776.1b   94.34
 IPv4      17           223          5856227      745724588     205578540         45.8b    5.57
 IPv6      17             8          7702408       58811804      15747707        126.0m    0.02
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             4            94082        8425795       2192758          8.8m    1.00
TMM_FLOWWORKER              IPv4       6          1686            70655        8439624        393380        663.2m   75.58
TMM_FLOWWORKER              IPv4      17           223           118409       26602566        650746        145.1m   16.54
TMM_RECEIVEPCAPFILE         IPv4       1             4             2555           2844          2750         11.0k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1681             2547       19112957         31304         52.6m    6.00
TMM_RECEIVEPCAPFILE         IPv4      17           223             2540           7616          2871        640.4k    0.07
TMM_DECODEPCAPFILE          IPv4       1             4             2956           8778          4435         17.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6          1681             2649          30218          2924          4.9m    0.56
TMM_DECODEPCAPFILE          IPv4      17           223             2676          25945          3008        671.0k    0.08
TMM_FLOWWORKER              IPv6      17             8           109246         257567        178507          1.4m    0.16
TMM_RECEIVEPCAPFILE         IPv6      17             8             2812           3593          2924         23.4k    0.00
TMM_DECODEPCAPFILE          IPv6      17             8             2719          11527          3969         31.8k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             4             3366           7250          4913         19.7k  0.00  
flow                    IPv4       6          1681             2827          40647          3473          5.8m  0.76  
flow                    IPv4      17           223             2717          33213          4464        995.6k  0.13  
stream                  IPv4       6          1686             2922        1304311         38541         65.0m  8.42  
app-layer               IPv4      17           223             2526         399760         14055          3.1m  0.41  
detect                  IPv4       1             4            81118         127423        106868        427.5k  0.06  
detect                  IPv4       6          1686            44601        7364986        331742        559.3m  72.49 
detect                  IPv4      17           223           102016       26574724        583168        130.0m  16.85 
tcp-prune               IPv4       6          1686             2553          42590          3246          5.5m  0.71  
flow                    IPv6      17             8             2844          14996          7333         58.7k  0.01  
app-layer               IPv6      17             8             2570           8830          5617         44.9k  0.01  
detect                  IPv6      17             8            92920         223294        154805          1.2m  0.16  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             7082          15743         10340         31.0k  2.66  
tls                     IPv4       6             6             2818           4005          3224         19.3k  1.66  
dns                     IPv4      17           156             2707         393114          7150          1.1m  95.68 
Proto detect            IPv4       6             2             8081          14216         11148         22.3k
Proto detect            IPv4      17           161             2746          48340         13836          2.2m
Proto detect            IPv6      17             4             3015           3463          3162         12.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            52702         112782         82742        165.5k  2.06  
LOGGER_ALERT_FAST           IPv4      17            19            11841          96165         23231        441.4k  5.50  
LOGGER_UNIFIED2             IPv4       6             2            85763         130535        108149        216.3k  2.70  
LOGGER_UNIFIED2             IPv4      17            19            17437          74568         24460        464.7k  5.80  
LOGGER_JSON_ALERT           IPv4       6             2            87608         160806        124207        248.4k  3.10  
LOGGER_JSON_ALERT           IPv4      17            19            30542          80715         48324        918.2k  11.45 
LOGGER_JSON_DNS             IPv4      17            94            23632         493079         53756          5.1m  63.01 
LOGGER_JSON_HTTP            IPv4       6             2           100462         239939        170200        340.4k  4.24  
LOGGER_JSON_TLS             IPv4       6             3             3065           4163          3790         11.4k  0.14  
LOGGER_JSON_FILE            IPv4       6             1           159786         159786        159786        159.8k  1.99  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             4            13116          20187         17145        68.6k  0.04  
payload                           IPv4       6          1209             2616         154313         20837        25.2m  13.27 
payload                           IPv4      17           223             3253          66120         11326         2.5m  1.33  
stream                            IPv4       6          1209             2536         529350         40806        49.3m  25.99 
http_uri                          IPv4       6             2            30752          31754         31253        62.5k  0.03  
http_request_line                 IPv4       6             2             7742           8578          8160        16.3k  0.01  
http_client_body                  IPv4       6             2             3293           4166          3729         7.5k  0.00  
http_header (request)             IPv4       6             2            55548         142031         98789       197.6k  0.10  
http_header (request trailer)     IPv4       6             2             2643           2708          2675         5.4k  0.00  
http_header_names (request)       IPv4       6             2            14224          24842         19533        39.1k  0.02  
http_accept (request)             IPv4       6             2             3443           6152          4797         9.6k  0.01  
http_referer (request)            IPv4       6             2             3157           3374          3265         6.5k  0.00  
http_content_len (request)        IPv4       6             2             3706           3783          3744         7.5k  0.00  
http_content_type (request)       IPv4       6             2             3627           4100          3863         7.7k  0.00  
http_protocol (request)           IPv4       6             2             6169           7007          6588        13.2k  0.01  
http_start (request)              IPv4       6             2            11873          18791         15332        30.7k  0.02  
http_raw_header (request)         IPv4       6             2            13731          21365         17548        35.1k  0.02  
http_method                       IPv4       6             2             7249           7257          7253        14.5k  0.01  
http_cookie (request)             IPv4       6             2             3373           3456          3414         6.8k  0.00  
http_raw_uri                      IPv4       6             2             5336           7525          6430        12.9k  0.01  
http_user_agent                   IPv4       6             2            29284          50246         39765        79.5k  0.04  
http_host                         IPv4       6             2             5961           8351          7156        14.3k  0.01  
dns_query                         IPv4      17            47             2892          15221          5700       267.9k  0.14  
tls_sni                           IPv4       6             9             2770           6793          3875        34.9k  0.02  
http_response_line                IPv4       6             1            11996          11996         11996        12.0k  0.01  
http_header (response)            IPv4       6             1            75261          75261         75261        75.3k  0.04  
http_header (response trailer)    IPv4       6             1            71613          71613         71613        71.6k  0.04  
http_content_type (response)      IPv4       6             1            12070          12070         12070        12.1k  0.01  
http_raw_header (response)        IPv4       6          1190             5021         167232          5903         7.0m  3.70  
http_cookie (response)            IPv4       6             1             8515           8515          8515         8.5k  0.00  
http_stat_code                    IPv4       6             1             4566           4566          4566         4.6k  0.00  
tls_cert_issuer                   IPv4       6             3             2616           3189          2962         8.9k  0.00  
tls_cert_subject                  IPv4       6             3             2645           3348          3078         9.2k  0.00  
tls_cert_serial                   IPv4       6             3             2816           3303          3084         9.3k  0.00  
file_data (http response)         IPv4       6          1189             2580         951453         87925       104.5m  55.07 
Total                             IPv4                  5131                                         36985       189.8m
payload                           IPv6      17             8             3393          17157          7940        63.5k  0.03  
Total                             IPv6                     8                                          7940        63.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12             4804         486746         85758          1.0m  0.11  
PROF_DETECT_IPONLY          IPv4      17            99            18492         182024         61892          6.1m  0.63  
PROF_DETECT_RULES           IPv4       1             4            11915          28923         20948         83.8k  0.01  
PROF_DETECT_RULES           IPv4       6          1686             2531        6713385        140173        236.3m  24.21 
PROF_DETECT_RULES           IPv4      17           223            44122       12481703        307202         68.5m  7.02  
PROF_DETECT_STATEFUL_START    IPv4       6           708             5121        3727513        195169        138.2m  14.16 
PROF_DETECT_STATEFUL_START    IPv4      17            17             8924          23537         11983        203.7k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       1             4             2785           3729          3403         13.6k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1686             2728          50606          7049         11.9m  1.22  
PROF_DETECT_STATEFUL_CONT    IPv4      17           223             2554         765774          9785          2.2m  0.22  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1660             2557         111519          3073          5.1m  0.52  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           156             2544          36880          3403        530.9k  0.05  
PROF_DETECT_PREFILTER       IPv4       1             4            29885          52039         41928        167.7k  0.02  
PROF_DETECT_PREFILTER       IPv4       6          1686             7762        1371290        141610        238.8m  24.46 
PROF_DETECT_PREFILTER       IPv4      17           223            23996        4968159         70760         15.8m  1.62  
PROF_DETECT_PF_PAYLOAD      IPv4       1             4            18380          27125         23708         94.8k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1209            13278         565082         70590         85.3m  8.74  
PROF_DETECT_PF_PAYLOAD      IPv4      17           223             8497         428362         22694          5.1m  0.52  
PROF_DETECT_PF_TX           IPv4       6          1660             2572         989403         75274        125.0m  12.80 
PROF_DETECT_PF_TX           IPv4      17            78             2565          75889          8941        697.4k  0.07  
PROF_DETECT_PF_SORT1        IPv4       1             2             3439           3868          3653          7.3k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           557             2540          36882          3795          2.1m  0.22  
PROF_DETECT_PF_SORT1        IPv4      17           223             2575          35054          4501          1.0m  0.10  
PROF_DETECT_PF_SORT2        IPv4       1             4             3345           3993          3717         14.9k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1686             2523          33451          3045          5.1m  0.53  
PROF_DETECT_PF_SORT2        IPv4      17           223             2549         237935          4440        990.3k  0.10  
PROF_DETECT_NONMPMLIST      IPv4       1             4             2781           3831          3431         13.7k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1686             2553         104230          3242          5.5m  0.56  
PROF_DETECT_NONMPMLIST      IPv4      17           223             2547          18576          3222        718.6k  0.07  
PROF_DETECT_ALERT           IPv4       1             4             2667           3619          3322         13.3k  0.00  
PROF_DETECT_ALERT           IPv4       6          1686             2521          33565          3001          5.1m  0.52  
PROF_DETECT_ALERT           IPv4      17           223             2523          34913          3233        721.1k  0.07  
PROF_DETECT_CLEANUP         IPv4       1             4             2654           4034          3397         13.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1686             2570          47403          3131          5.3m  0.54  
PROF_DETECT_CLEANUP         IPv4      17           223             2521          44137          3725        830

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2018-11-17-T-19-05-08-11172018.1904-df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap.txt - (49751 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:05:08. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010142      1        4        7167729      2.86   221      0        6110041     32433.16    0.00        32433.16   
  2        2014703      1        9        2136106      0.85   156      0        784385      13692.99    0.00        13692.99   
  3        2025200      1        1        1247343      0.50   156      0        770855      7995.79     0.00        7995.79    
  4        2819930      1        2        28823774     11.49  164      0        455545      175754.72   0.00        175754.72  
  5        2023627      1        3        862444       0.34   138      0        454886      6249.59     0.00        6249.59    
  6        2009702      1        5        2013828      0.80   156      0        422577      12909.15    0.00        12909.15   
  7        2819664      1        2        29355744     11.71  164      0        421437      178998.44   0.00        178998.44  
  8        2010143      1        3        1578558      0.63   221      0        411062      7142.80     0.00        7142.80    
  9        2820158      1        2        31365277     12.51  203      0        409533      154508.75   0.00        154508.75  
  10       2820157      1        2        31503798     12.56  203      0        402660      155191.12   0.00        155191.12  
  11       2014363      1        7        1841322      0.73   106      0        394285      17370.96    0.00        17370.96   
  12       2815314      1        3        684926       0.27   4        0        281164      171231.50   0.00        171231.50  
  13       2816510      1        3        1390167      0.55   9        0        223998      154463.00   0.00        154463.00  
  14       2024661      1        1        220345       0.09   1        0        220345      220345.00   0.00        220345.00  
  15       2018342      1        2        608730       0.24   4        0        207034      152182.50   0.00        152182.50  
  16       2819940      1        3        1307834      0.52   9        0        194973      145314.89   0.00        145314.89  
  17       2804927      1        2        698863       0.28   9        0        187188      77651.44    0.00        77651.44   
  18       2803027      1        6        1454725      0.58   20       0        181743      72736.25    0.00        72736.25   
  19       2024660      1        1        179724       0.07   1        0        179724      179724.00   0.00        179724.00  
  20       2808990      1        5        172870       0.07   1        0        172870      172870.00   0.00        172870.00  
  21       2803657      1        5        1107461      0.44   15       0        167741      73830.73    0.00        73830.73   
  22       2019716      1        9        566772       0.23   6        0        161939      94462.00    0.00        94462.00   
  23       2014519      1        7        3431487      1.37   156      0        160644      21996.71    0.00        21996.71   
  24       2815728      1        2        344006       0.14   4        0        153335      86001.50    0.00        86001.50   
  25       2801930      1        7        801065       0.32   12       0        143584      66755.42    0.00        66755.42   
  26       2801929      1        7        805187       0.32   12       0        131986      67098.92    0.00        67098.92   
  27       2811826      1        7        119216       0.05   1        0        119216      119216.00   0.00        119216.00  
  28       2017556      1        3        117855       0.05   1        0        117855      117855.00   0.00        117855.00  
  29       2816940      1        2        183181       0.07   2        0        113716      91590.50    0.00        91590.50   
  30       2823365      1        3        112386       0.04   1        1        112386      112386.00   112386.00   0.00       
  31       2809747      1        2        269520       0.11   3        0        111635      89840.00    0.00        89840.00   
  32       2017197      1        3        111397       0.04   1        0        111397      111397.00   0.00        111397.00  
  33       2022531      1        1        1309482      0.52   73       0        111304      17938.11    0.00        17938.11   
  34       2821471      1        2        110204       0.04   1        0        110204      110204.00   0.00        110204.00  
  35       2019609      1        1        1688951      0.67   106      0        105968      15933.50    0.00        15933.50   
  36       2804907      1        3        1291615      0.52   22       0        103851      58709.77    0.00        58709.77   
  37       2816909      1        2        161040       0.06   2        0        103763      80520.00    0.00        80520.00   
  38       2018358      1        7        151039       0.06   2        0        102820      75519.50    0.00        75519.50   
  39       2016869      1        3        102228       0.04   1        0        102228      102228.00   0.00        102228.00  
  40       2805348      1        4        762976       0.30   15       0        97213       50865.07    0.00        50865.07   
  41       2802987      1        5        978460       0.39   19       0        96962       51497.89    0.00        51497.89   
  42       2816927      1        3        127373       0.05   2        0        93202       63686.50    0.00        63686.50   
  43       2816895      1        2        92186        0.04   1        0        92186       92186.00    0.00        92186.00   
  44       2014442      1        6        90518        0.04   1        0        90518       90518.00    0.00        90518.00   
  45       2816928      1        3        155800       0.06   2        0        89816       77900.00    0.00        77900.00   
  46       2804906      1        3        1001523      0.40   17       0        88000       58913.12    0.00        58913.12   
  47       2807961      1        3        170808       0.07   2        0        86965       85404.00    0.00        85404.00   
  48       2802991      1        5        589831       0.24   9        0        84353       65536.78    0.00        65536.78   
  49       2804911      1        3        955606       0.38   18       0        83004       53089.22    0.00        53089.22   
  50       2024650      1        1        5102994      2.03   187      0        82424       27288.74    0.00        27288.74   
  51       2816910      1        2        136219       0.05   2        0        82003       68109.50    0.00        68109.50   
  52       2024829      1        2        3411503      1.36   159      0        81935       21455.99    0.00        21455.99   
  53       2827736      1        2        358885       0.14   6        0        81128       59814.17    0.00        59814.17   
  54       2819931      1        2        127158       0.05   2        0        81122       63579.00    0.00        63579.00   
  55       2016706      1        20       77703        0.03   1        0        77703       77703.00    0.00        77703.00   
  56       2001330      1        8        3662417      1.46   1164     0        77380       3146.41     0.00        3146.41    
  57       2016537      1        2        6816486      2.72   440      0        76088       15492.01    0.00        15492.01   
  58       2816327      1        4        111181       0.04   2        0        75862       55590.50    0.00        55590.50   
  59       2017119      1        4        75746        0.03   1        0        75746       75746.00    0.00        75746.00   
  60       2811699      1        2        1694592      0.68   70       0        74160       24208.46    0.00        24208.46   
  61       2016549      1        4        243028       0.10   4        0        73909       60757.00    0.00        60757.00   
  62       2022339      1        2        72883        0.03   1        0        72883       72883.00    0.00        72883.00   
  63       2014473      1        5        3039064      1.21   206      0        72749       14752.74    0.00        14752.74   
  64       2803760      1        3        1338237      0.53   78       0        70780       17156.88    0.00        17156.88   
  65       2025064      1        5        108744       0.04   2        0        69655       54372.00    0.00        54372.00   
  66       2023670      1        3        69439        0.03   1        1        69439       69439.00    69439.00    0.00       
  67       2820851      1        5        116172       0.05   2        0        69233       58086.00    0.00        58086.00   
  68       2815180      1        3        68981        0.03   1        0        68981       68981.00    0.00        68981.00   
  69       2020388      1        8        71204        0.03   2        0        67673       35602.00    0.00        35602.00   
  70       2821821      1        3        65417        0.03   1        0        65417       65417.00    0.00        65417.00   
  71       2806802      1        2        5600386      2.23   264      0        64812       21213.58    0.00        21213.58   
  72       2011894      1        19       103973       0.04   2        0        64462       51986.50    0.00        51986.50   
  73       2023315      1        2        63140        0.03   1        0        63140       63140.00    0.00        63140.00   
  74       2816525      1        10       96767        0.04   2        0        62409       48383.50    0.00        48383.50   
  75       2828122      1        2        107296       0.04   2        0        62293       53648.00    0.00        53648.00   
  76       2019344      1        5        108018       0.04   2        0        61784       54009.00    0.00        54009.00   
  77       2018856      1        10       76472        0.03   6        1        60949       12745.33    60949.00    3104.60    
  78       2810481      1        4        4450709      1.77   206      0        60464       21605.38    0.00        21605.38   
  79       2816931      1        3        95807        0.04   2        0        59504       47903.50    0.00        47903.50   
  80       2816930      1        4        90906        0.04   2        0        59469       45453.00    0.00        45453.00   
  81       2025162      1        2        59312        0.02   1        0        59312       59312.00    0.00        59312.00   
  82       2816922      1        5        85279        0.03   2        0        58065       42639.50    0.00        42639.50   
  83       2823858      1        3        58042        0.02   1        0        58042       58042.00    0.00        58042.00   
  84       2014967      1        3        57675        0.02   1        0        57675       57675.00    0.00        57675.00   
  85       2017613      1        9        96884        0.04   2        0        55906       48442.00    0.00        48442.00   
  86       2018452      1        15       92523        0.04   2        0        55774       46261.50    0.00        46261.50   
  87       2016948      1        2        3025622      1.21   198      0        55176       15280.92    0.00        15280.92   
  88       2815220      1        2        54614        0.02   1        0        54614       54614.00    0.00        54614.00   
  89       2023714      1        2        1302258      0.52   57       0        54555       22846.63    0.00        22846.63   
  90       2811701      1        2        1551323      0.62   70       0        53623       22161.76    0.00        22161.76   
  91       2015877      1        6        53467        0.02   1        0        53467       53467.00    0.00        53467.00   
  92       2816925      1        3        90771        0.04   2        0        53268       45385.50    0.00        45385.50   
  93       2811543      1        1        1548209      0.62   106      0        53224       14605.75    0.00        14605.75   
  94       2017748      1        6        3218949      1.28   206      0        52860       15625.97    0.00        15625.97   
  95       2815324      1        2        52840        0.02   1        0        52840       52840.00    0.00        52840.00   
  96       2017076      1        9        52643        0.02   1        0        52643       52643.00    0.00        52643.00   
  97       2809363      1        3        52114        0.02   1        0        52114       52114.00    0.00        52114.00   
  98       2819673      1        4        97772        0.04   2        0        52015       48886.00    0.00        48886.00   
  99       2816929      1        4        89703        0.04   2        0        51533       44851.50    0.00        44851.50   
  100      2809511      1        4        50831        0.02   1        0        50831       50831.00    0.00        50831.00   
  101      2815182      1        3        50825        0.02   1        0        50825       50825.00    0.00        50825.00   
  102      2819694      1        2        2362523      0.94   156      0        49913       15144.38    0.00        15144.38   
  103      2014634      1        1        88258        0.04   2        0        49816       44129.00    0.00        44129.00   
  104      2809754      1        2        49711        0.02   1        0        49711       49711.00    0.00        49711.00   
  105      2815181      1        3        49701        0.02   1        0        49701       49701.00    0.00        49701.00   
  106      2018958      1        18       84358        0.03   2        0        49189       42179.00    0.00        42179.00   
  107      2819647      1        3        82491        0.03   2        0        47985       41245.50    0.00        41245.50   
  108      2017552      1        6        6500137      2.59   441      0        47940       14739.54    0.00        14739.54   
  109      2815391      1        4        47830        0.02   1        0        47830       47830.00    0.00        47830.00   
  110      2809850      1        2        67431        0.03   2        0        47355       33715.50    0.00        33715.50   
  111      2815817      1        5        78017        0.03   2        0        47237       39008.50    0.00        39008.50   
  112      2022545      1        1        1225914      0.49   73       0        47005       16793.34    0.00        16793.34   
  113      2826256      1        2        76349        0.03   2        0        46370       38174.50    0.00        38174.50   
  114      2012649      1        5        46359        0.02   1        0        46359       46359.00    0.00        46359.00   
  115      2012328      1        6        1369941      0.55   106      0        46120       12923.97    0.00        12923.97   
  116      2815568      1        2        46029        0.02   1        0        46029       46029.00    0.00        46029.00   
  117      2020963      1        2        45630        0.02   1        0        45630       45630.00    0.00        45630.00   
  118      2807793      1        4        45478        0.02   1        0        45478       45478.00    0.00        45478.00   
  119      2807970      1        8        45033        0.02   1        0        45033       45033.00    0.00        45033.00   
  120      2014701      1        12       1886461      0.75   156      0        44736       12092.70    0.00        12092.70   
  121      2019094      1        5        44600        0.02   1        0        44600       44600.00    0.00        44600.00   
  122      2022543      1        1        1252660      0.50   77       0        43592       16268.31    0.00        16268.31   
  123      2014778      1        4        43163        0.02   1        0        43163       43163.00    0.00        43163.00   
  124      2014635      1        1        83210        0.03   2        0        42352       41605.00    0.00        41605.00   
  125      2022502      1        4        

This file has been truncated. Go here to download in full.


stats.log - (3144 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 11/17/2018 -- 19:05:08 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2032
decoder.bytes                              | Total                     | 1579408
decoder.ipv4                               | Total                     | 1908
decoder.ipv6                               | Total                     | 8
decoder.ethernet                           | Total                     | 2032
decoder.tcp                                | Total                     | 1681
decoder.udp                                | Total                     | 231
decoder.icmpv4                             | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 777
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 56
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 21
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 3
app_layer.flow.dns_udp                     | Total                     | 47
app_layer.tx.dns_udp                       | Total                     | 47
app_layer.flow.failed_udp                  | Total                     | 9
flow_mgr.new_pruned                        | Total                     | 6
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7084960


eve.json - (37841 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{"timestamp":"2018-11-16T01:58:02.749802+0000","flow_id":589154155655402,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.100.99","src_port":53325,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9653,"rrname":"qwertzx.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:02.896396+0000","flow_id":156339563834764,"pcap_cnt":75,"event_type":"dns","src_ip":"192.168.100.99","src_port":50272,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14091,"rrname":"qwertasd.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:04.349574+0000","flow_id":1337227937076614,"pcap_cnt":79,"event_type":"dns","src_ip":"192.168.100.99","src_port":57432,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20499,"rrname":"shell.view","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:04.610118+0000","flow_id":583063892152134,"pcap_cnt":81,"event_type":"dns","src_ip":"192.168.100.99","src_port":61570,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1115,"rrname":"qwerkkc.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:09.682109+0000","flow_id":1337227937076614,"pcap_cnt":98,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":57432,"proto":"UDP","dns":{"type":"answer","id":20499,"rcode":"NXDOMAIN","rrname":"shell.view"}}
{"timestamp":"2018-11-16T01:58:11.018003+0000","flow_id":583063892152134,"pcap_cnt":108,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":61570,"proto":"UDP","dns":{"type":"answer","id":1115,"rcode":"SERVFAIL","rrname":"qwerkkc.ru"}}
{"timestamp":"2018-11-16T01:58:14.922264+0000","flow_id":625768752616088,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.100.99","src_port":58519,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50536,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:15.392798+0000","flow_id":625768752616088,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":58519,"proto":"UDP","dns":{"type":"answer","id":50536,"rcode":"NOERROR","rrname":"dns.msftncsi.com","rrtype":"A","ttl":300,"rdata":"131.107.255.255"}}
{"timestamp":"2018-11-16T01:58:15.393195+0000","flow_id":137360104226795,"pcap_cnt":127,"event_type":"dns","src_ip":"192.168.100.99","src_port":64617,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35057,"rrname":"dns.msftncsi.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2018-11-16T01:58:15.708412+0000","flow_id":137360104226795,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":64617,"proto":"UDP","dns":{"type":"answer","id":35057,"rcode":"NXDOMAIN","rrname":"dns.msftncsi.com"}}
{"timestamp":"2018-11-16T01:58:18.024673+0000","flow_id":589154155655402,"pcap_cnt":135,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":53325,"proto":"UDP","dns":{"type":"answer","id":9653,"rcode":"SERVFAIL","rrname":"qwertzx.ru"}}
{"timestamp":"2018-11-16T01:58:18.192861+0000","flow_id":156339563834764,"pcap_cnt":141,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":50272,"proto":"UDP","dns":{"type":"answer","id":14091,"rcode":"SERVFAIL","rrname":"qwertasd.ru"}}
{"timestamp":"2018-11-16T01:58:20.973865+0000","flow_id":481363362634793,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.100.99","src_port":49898,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54520,"rrname":"qd34gf23ewrfsd1233.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:20.977710+0000","flow_id":1579498453396270,"pcap_cnt":145,"event_type":"dns","src_ip":"192.168.100.99","src_port":60375,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10421,"rrname":"qd34gf23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:20.992327+0000","flow_id":1043443585131591,"pcap_cnt":146,"event_type":"dns","src_ip":"192.168.100.99","src_port":51518,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39000,"rrname":"qd34g34ewdfsf23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.298655+0000","flow_id":478483587108511,"pcap_cnt":147,"event_type":"dns","src_ip":"192.168.100.99","src_port":65461,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20709,"rrname":"qd34gf2332k4gdf.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.299311+0000","flow_id":1625976442032431,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.100.99","src_port":49372,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56346,"rrname":"qd34gf2332i74yhiuh.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.485681+0000","flow_id":661713334397233,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.100.99","src_port":57009,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19180,"rrname":"qd34gf2323rfgd13.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.506602+0000","flow_id":1028486361627370,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.100.99","src_port":57709,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36021,"rrname":"qd39834hjdnjqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.509650+0000","flow_id":1929654252193490,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.100.99","src_port":62422,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24814,"rrname":"qd34g423fghlkeqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.509804+0000","flow_id":1519298044348268,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.100.99","src_port":56131,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53026,"rrname":"dfg345fdgdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.509870+0000","flow_id":873667822995374,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.100.99","src_port":53157,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59839,"rrname":"dfgfdiop31eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.512743+0000","flow_id":111442124460775,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.100.99","src_port":62014,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48952,"rrname":"5653e56trhs23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.514072+0000","flow_id":866074320820248,"pcap_cnt":155,"event_type":"dns","src_ip":"192.168.100.99","src_port":64709,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22123,"rrname":"jhfer231eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.516306+0000","flow_id":1236403580952786,"pcap_cnt":156,"event_type":"dns","src_ip":"192.168.100.99","src_port":64290,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36772,"rrname":"dfgdtf1231eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.517801+0000","flow_id":803352765916841,"pcap_cnt":157,"event_type":"dns","src_ip":"192.168.100.99","src_port":56268,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26120,"rrname":"qdfg43eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.527391+0000","flow_id":1403303862537247,"pcap_cnt":159,"event_type":"dns","src_ip":"192.168.100.99","src_port":54879,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36431,"rrname":"qwerty12346.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.573471+0000","flow_id":1247095902027807,"pcap_cnt":160,"event_type":"dns","src_ip":"192.168.100.99","src_port":57969,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15898,"rrname":"asf4gfdsfg324wdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.591129+0000","flow_id":197852571436313,"pcap_cnt":163,"event_type":"dns","src_ip":"192.168.100.99","src_port":52074,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14164,"rrname":"fghfhgf1231eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.591238+0000","flow_id":1505627163395462,"pcap_cnt":164,"event_type":"dns","src_ip":"192.168.100.99","src_port":61758,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8395,"rrname":"asf4gf43598ouidas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.591359+0000","flow_id":2138114784822783,"pcap_cnt":165,"event_type":"dns","src_ip":"192.168.100.99","src_port":55476,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64711,"rrname":"asf4gf1231eqwdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.595662+0000","flow_id":2137141974734542,"pcap_cnt":166,"event_type":"dns","src_ip":"192.168.100.99","src_port":58298,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24095,"rrname":"asf453dfg4wdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.596739+0000","flow_id":2224203109309187,"pcap_cnt":168,"event_type":"dns","src_ip":"192.168.100.99","src_port":51411,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8950,"rrname":"asf453fdgddas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:21.597040+0000","flow_id":188676373814320,"pcap_cnt":169,"event_type":"dns","src_ip":"192.168.100.99","src_port":52244,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6797,"rrname":"a435refgsfg324wdas23.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-16T01:58:22.029891+0000","flow_id":481363362634793,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":49898,"proto":"UDP","dns":{"type":"answer","id":54520,"rcode":"NXDOMAIN","rrname":"qd34gf23ewrfsd1233.ru"}}
{"timestamp":"2018-11-16T01:58:22.029931+0000","flow_id":1043443585131591,"pcap_cnt":174,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":51518,"proto":"UDP","dns":{"type":"answer","id":39000,"rcode":"NXDOMAIN","rrname":"qd34g34ewdfsf23.ru"}}
{"timestamp":"2018-11-16T01:58:22.029959+0000","flow_id":1579498453396270,"pcap_cnt":175,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":60375,"proto":"UDP","dns":{"type":"answer","id":10421,"rcode":"SERVFAIL","rrname":"qd34gf23.ru"}}
{"timestamp":"2018-11-16T01:58:22.155192+0000","flow_id":1625976442032431,"pcap_cnt":177,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":49372,"proto":"UDP","dns":{"type":"answer","id":56346,"rcode":"NXDOMAIN","rrname":"qd34gf2332i74yhiuh.ru"}}
{"timestamp":"2018-11-16T01:58:22.155220+0000","flow_id":1028486361627370,"pcap_cnt":178,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":57709,"proto":"UDP","dns":{"type":"answer","id":36021,"rcode":"NXDOMAIN","rrname":"qd39834hjdnjqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293697+0000","flow_id":111442124460775,"pcap_cnt":181,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":62014,"proto":"UDP","dns":{"type":"answer","id":48952,"rcode":"NXDOMAIN","rrname":"5653e56trhs23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293724+0000","flow_id":1519298044348268,"pcap_cnt":182,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":56131,"proto":"UDP","dns":{"type":"answer","id":53026,"rcode":"NXDOMAIN","rrname":"dfg345fdgdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293749+0000","flow_id":1236403580952786,"pcap_cnt":183,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":64290,"proto":"UDP","dns":{"type":"answer","id":36772,"rcode":"NXDOMAIN","rrname":"dfgdtf1231eqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293775+0000","flow_id":803352765916841,"pcap_cnt":184,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":56268,"proto":"UDP","dns":{"type":"answer","id":26120,"rcode":"NXDOMAIN","rrname":"qdfg43eqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293803+0000","flow_id":1505627163395462,"pcap_cnt":185,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":61758,"proto":"UDP","dns":{"type":"answer","id":8395,"rcode":"NXDOMAIN","rrname":"asf4gf43598ouidas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.293830+0000","flow_id":1247095902027807,"pcap_cnt":186,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":57969,"proto":"UDP","dns":{"type":"answer","id":15898,"rcode":"NXDOMAIN","rrname":"asf4gfdsfg324wdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.389014+0000","flow_id":2137141974734542,"pcap_cnt":190,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":58298,"proto":"UDP","dns":{"type":"answer","id":24095,"rcode":"NXDOMAIN","rrname":"asf453dfg4wdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.455849+0000","flow_id":188676373814320,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":52244,"proto":"UDP","dns":{"type":"answer","id":6797,"rcode":"NXDOMAIN","rrname":"a435refgsfg324wdas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.455873+0000","flow_id":2224203109309187,"pcap_cnt":194,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":51411,"proto":"UDP","dns":{"type":"answer","id":8950,"rcode":"NXDOMAIN","rrname":"asf453fdgddas23.ru"}}
{"timestamp":"2018-11-16T01:58:22.595934+0000","flow_id":1403303862537247,"pcap_cnt":204,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":54879,"proto":"UDP","dns":{"type":"answer","id":36431,"rcode":"NOERROR","rrname":"qwerty12346.ru","rrtype":"A","ttl":3600,"rdata":"176.119.156.142"}}
{"timestamp":"2018-11-16T01:58:23.399907+0000","flow_id":478483587108511,"pcap_cnt":223,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":65461,"proto":"UDP","dns":{"type":"answer","id":20709,"rcode":"NXDOMAIN","rrname":"qd34gf2332k4gdf.ru"}}
{"timestamp":"2018-11-16T01:58:23.441743+0000","flow_id":661713334397233,"pcap_cnt":224,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":57009,"proto":"UDP","dns":{"type":"answer","id":19180,"rcode":"NXDOMAIN","rrname":"qd34gf2323rfgd13.ru"}}
{"timestamp":"2018-11-16T01:58:23.558881+0000","flow_id":1929654252193490,"pcap_cnt":230,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":62422,"proto":"UDP","dns":{"type":"answer","id":24814,"rcode":"NXDOMAIN","rrname":"qd34g423fghlkeqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:23.585086+0000","flow_id":866074320820248,"pcap_cnt":234,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":64709,"proto":"UDP","dns":{"type":"answer","id":22123,"rcode":"NXDOMAIN","rrname":"jhfer231eqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:23.654755+0000","flow_id":873667822995374,"pcap_cnt":236,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":53157,"proto":"UDP","dns":{"type":"answer","id":59839,"rcode":"NXDOMAIN","rrname":"dfgfdiop31eqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:23.746705+0000","flow_id":197852571436313,"pcap_cnt":239,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":52074,"proto":"UDP","dns":{"type":"answer","id":14164,"rcode":"NXDOMAIN","rrname":"fghfhgf1231eqwdas23.ru"}}
{"timestamp":"2018-11-16T01:58:23.895784+0000","flow_id":2138114784822783,"pcap_cnt":242,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.99","dest_port":55476,"proto":"UDP","dns":{"type":"answer","id":64711,"rcode":"NX

This file has been truncated. Go here to download in full.


keyword_perf.log - (14381 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:05:08
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             13345158        4185            4185            135460          3188.00         3188.00         0.00           
  threshold        31730           2               2               26893           15865.00        15865.00        0.00           
  content          89678043        3897            1626            393083          23012.00        15179.00        28619.00       
  pcre             4954558         1162            14              77350           4263.00         12532.00        4162.00        
  byte_test        4661678         1092            643             768811          4268.00         3268.00         5701.00        
  byte_jump        56317           17              17              7731            3312.00         3312.00         0.00           
  isdataat         679803          224             0               3818            3034.00         0.00            3034.00        
  flowbits         3647834         1235            190             35965           2953.00         2843.00         2973.00        
  urilen           275966          68              30              28078           4058.00         4589.00         3639.00        
  byte_extract     27552           4               4               16557           6888.00         6888.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             13345158        4185            4185            135460          3188.00         3188.00         0.00           
  flowbits         3621843         1232            187             35965           2939.00         2749.00         2973.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8631729         1453            1012            102058          5940.00         6228.00         5279.00        
  pcre             719381          163             2               40805           4413.00         16010.00        4269.00        
  byte_test        4661678         1092            643             768811          4268.00         3268.00         5701.00        
  byte_jump        56317           17              17              7731            3312.00         3312.00         0.00           
  isdataat         679803          224             0               3818            3034.00         0.00            3034.00        
  byte_extract     27552           4               4               16557           6888.00         6888.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         25991           3               3               14680           8663.00         8663.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        31730           2               2               26893           15865.00        15865.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          394491          80              54              28910           4931.00         5138.00         4500.00        
  pcre             832854          48              1               77350           17351.00        22845.00        17234.00       
  urilen           275966          68              30              28078           4058.00         4589.00         3639.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3117            1               0               3117            3117.00         0.00            3117.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          79385919        2108            373             393083          37659.00        46122.00        35839.00       
  pcre             3119315         927             1               21334           3364.00         16324.00        3350.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          879650          157             123             37692           5602.00         5165.00         7184.00        
  pcre             244813          20              6               33846           12240.00        11012.00        12767.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51489           12              7               5170            4290.00         4284.00         4299.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7666            2               2               4030            3833.00         3833.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3563            1               1               3563            3563.00         3563.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5673            1               1               5673            5673.00         5673.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43946           12              4               4936            3662.00         4384.00         3301.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          207275          51              32              5470            4064.00         4401.00         3496.00        
  pcre             38195           4               4               14857           9548.00         9548.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6456            2               0               3288            3228.00         0.00            3228.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57069           17              17              4702            3357.00         3357.00         0.00           


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2018-11-17 19:04:44,363 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-17 19:04:45,208 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-17 19:04:45,209 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-17 19:04:45,209 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-17 19:04:45,210 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-17 19:04:45,210 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/7f06885fd05ed9266e7a439070d3c5f756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1904-df587783-85c5-4f2d-9dd4-904c6dfc5076.pcap -vvv -k none
2018-11-17 19:05:08,295 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-17 19:05:08,296 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.9431118965